Healthcare clinics and hospitals remain an attractive target for cyber criminals, often attributable to outdated IT systems, fewer cyber security protocols and IT staff, and valuable data. This combination makes it vital that healthcare organisations prioritise cyber security in order to protect their employees and patients.

However, protecting against external attacks is not the only focus businesses should have.

What are cyber insider threats?

Insider threats come in two forms, malicious and accidental.

Malicious - often in the form of a disgruntled fired employee who wants to get back at their former company, though they can also come in the form of employees still working at the company. In that case they may be part of an organised crime network or an individual looking to harm the company through fraud, IT sabotage, intellectual property theft or espionage.

Accidental – Employees who unintentionally expose confidential data through poor cyber hygiene, weak passwords, or similar.

A 2017 report from Clearswift reported that:

“Organizations report that 42% of IT security incidents occur as a result of their employees”

Primarily, breaches from former employees stem from organisational failures, such as improperly identifying a change in employee status, such as moving roles or leaving the company. This leads to permissions being set to higher than necessary, bringing security weaknesses into the organisation.

So what can you do to protect yourself?

Threats like these are amongst the most difficult to guard against however there are some key considerations for companies.

• Have clear HR policies around staff leaving the organisation and ensure that they are adhered to. All staff leaving to have documented and audited exit interviews to include return of company IT equipment, password cancellations etc., to limit opportunities for former staff members to be able to access company networks. Implement a handover period to try and limit impact on the organisation.
• Make staff aware of the approaches that they might get and how to report them. One of Tesla’s employees was approached with a $1M deal for insider access. They reported it, helped with the investigation and a criminal was arrested. The ECRC can provide bespoke staff awareness training tailored to what threats your company and employees might face. Contact us now to find out more.
• Implement strong access controls and allow access to systems that people really need rather than everything. If you were working in a physical location, you might have some areas which were only accessible to staff who worked there, and for anything really valuable, maybe a safe. But you wouldn’t give the safe keys to everyone who worked for you. If you’re not sure about access control take a look at one of our short videos about it.
• Have internal network logging. This will enable you to see unusual activity - such as thousands of e-mails suddenly being sent outside of the network – this is how General Electric recently suffered a massive data breach. The NCSC has a free tool to help with this, Logging Made Easy. You can read more about it here.
• Have policies and procedures which cover data control and access. Consider limiting the number of attachments that could be sent out at once, and then set up a rule which alerts you if any more than that are sent. This gives you the ability to check that what is being sent is going for a legitimate reason. Tell your staff that their emails are being monitored and tell them about the policy. If you are not sure whether your policies cover all that should be considered why not have a policy review with our affordable service provided by one of our students?

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We provide free guidance on our website and we would always encourage you to sign up for our free core membership. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk

Text messages can be forwarded to 7726