Whilst healthcare is often seen as an in-person service, there are tens of thousands of opportunities for remote workers in this sector across the UK. And whilst there are benefits, it is recognised that home working brings additional potential risks when it comes to being more vulnerable to cyber criminals.
Every healthcare clinic and hospital around the globe remains at risk of being attacked by cybercriminals. By and large, the tantalizing target on healthcare’s back has been attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.
And 2021 stats from a US Cyber company (Herjavec Group) make for stark reading
1. Phishing emails.
Employees working remotely can be the largest threat to the security of your network. If they unknowingly follow poor cyber security practices, they might end up giving cybercriminals and hackers access to the network and sensitive data of the company.
Commonly, the hacker will send an email to trick the victim to login to a malicious website that looks exactly like the original website. Once the victim enters the required information, the attacker uses it to hack into an account and carry out identity fraud or steal more sensitive information. The phishing emails may look like from a person or organization you trust. It may be from a social media site, credit card company, streaming app, bank, or even a work colleague or supervisor.
2. Password Theft.
Even when an organization uses firewalls, VPNs, and other cybersecurity software for protecting remote work, human error might come into play when employees safeguard the account using weak passwords.
Hackers can exploit human error to get past sophisticated security software. This is the reason they will try to crack the account passwords for accessing sensitive details. You won’t believe it, but twenty-three million people still use the password 123456.
Cybercriminals use different measures for cracking passwords. Often, the hackers design codes to crack a password by trying out various variants. Repeat password is another insecure practice that hackers try to exploit. As soon as the hackers crack the password to an account, they will try accessing other accounts with the same password. Employees repeating their passwords on various applications are at a higher risk of having their accounts hacked. This is particularly true for employees who use the same passwords across personal and work networks.
3. File Sharing.
While companies might think of encrypting data that is stored on the corporate network, they might not consider encrypting data when it is in transit from one location to the other. This might result in employees sharing or remotely accessing sensitive details on a regular basis that the company is unable to secure from being intercepted by a hacker.
4. Personal Devices.
Employees often don’t encrypt their own personal devices. Nevertheless, if work is conducted on personal mobile phones, such as logins or phone calls to business accounts, this may cause data breaches.
Some businesses provide their employees with work computers to remotely access the files and information. However, others allow remote employees to work on personal computers. This approach might leave company data at risk.
5. Home Wi-Fi.
While companies generally think about securing the laptops of remote employees, many don’t consider the Wi-Fi networks that their employees are using at home. It might be posing a risk for their company data if it is not secure. Many people might update their antivirus or smartphone software. But many tend to overlook the updates of home router software. This can lead to network security gaps.
Yes, you can.
Here at the centre, we would advise a whole system or organisation approach to cybersecurity to maximise its effectiveness. That would include carrying out staff awareness sessions to make sure that staff know what to look for – to spot potential attacks, and to identify when an attack has been successfully carried out.
We would also recommend that organisations look at bringing in clear policies around cyber security so that all staff are aware of their responsibilities and what they should be doing to strengthen their remote working set-ups.
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of business and loss of reputation. In the worst cases it can lead to the closure of the business altogether. But all is not lost.
Here at the centre, we would advise you to do three things now
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).
Click to Open Code Editor