Healthcare clinics and hospitals remain an attractive target for cyber criminals, often attributable to outdated IT systems, fewer cyber security protocols and IT staff, and valuable data. This combination makes it vital that healthcare organisations prioritise cyber security in order to protect their employees and patients.
However, protecting against external attacks is not the only focus businesses should have.
Insider threats come in two forms, malicious and accidental.
Malicious - often in the form of a disgruntled fired employee who wants to get back at their former company, though they can also come in the form of employees still working at the company. In that case they may be part of an organised crime network or an individual looking to harm the company through fraud, IT sabotage, intellectual property theft or espionage.
Accidental – Employees who unintentionally expose confidential data through poor cyber hygiene, weak passwords, or similar.
A 2017 report from Clearswift reported that:
“Organizations report that 42% of IT security incidents occur as a result of their employees”
Primarily, breaches from former employees stem from organisational failures, such as improperly identifying a change in employee status, such as moving roles or leaving the company. This leads to permissions being set to higher than necessary, bringing security weaknesses into the organisation.
Threats like these are amongst the most difficult to guard against however there are some key considerations for companies.
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We provide free guidance on our website and we would always encourage you to sign up for our free core membership. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk
Text messages can be forwarded to 7726
Click to Open Code Editor