We have received multiple reports of scam and phishing emails across the region. These emails may appear to come from trusted contacts whose accounts have been compromised.

Please remain vigilant and take the following precautions:

  • πŸ”Ž Verify the sender: Check the email address carefully, even if the name looks familiar.
  • 🚩 Look for red flags: Be cautious of unexpected requests, urgent language, or suspicious links and attachments
  • πŸ—£οΈ Report suspicious emails: If you receive a suspicious message, report it to us using the IM Digital Portal.

  • 🚨 If you have accidentally clicked a link on a suspicious email, please call your IT Service Desk on 0151 296 7777.

October is Cyber Security Awareness Month – a chance for us all to remember the importance of keeping our patient, corporate and personal data safe from threats!

Keep-IT-Confidential.jpg

Secure screen.png

Unlocked screens are a real threat to patient data. Locking your screens and logging out of systems helps to prevent unauthorised people from accessing sensitive or confidential information.

  • 🚨 Keep your screens and devices locked with they are not in use.
  • 🚫 Lock your screen when going away from your computer – to do this, press Windows Key+L or Ctrl+Alt+Delete
  • 🀝 If you see someone leave their screen unlocked and unattended, gently remind them about the importance of locking their screen

Little steps do make a big difference to patient confidentiality.

Working from home?

WFH.jpg

Remember that cyber security does not stop at the hospital door. Lock your screen when stepping away, make sure your home WiFi is secure and keep sensitive NHS information away from family members and visitors.

A secure home workspace helps protect patient confidentiality and NHS systems from everywhere you work. 

Staying secure at home:

  • βœ… Use software approved by your IT provider
  • πŸ›œ Use secure networks
  • πŸ” Lock your screen when stepping away from your device

Thanks for helping keep I.T. confidential over Cyber Security Awareness Month and beyond πŸ’™

To read all our tips from Cyber Security Awareness Month, visit YourSpace

With Cyber Security Awareness Month underway, the second topic is dedicated to password security.

Strong-passwords.jpg

⚠️ Weak passwords are a real threat, as cyber criminals possess software which can crack them.

As a result, we encourage everyone who has not already done so, to make the switch to a passphrase on your Microsoft user account.

πŸ€” What is a passphrase?

Passphrases are more secure than passwords and are nearly impossible to crack. A good example of a passphrase would contain:

  • three random words that are a minimum of five characters
  • spaces between those words.

 

πŸ” Why is a passphrase more secure than a password?

  1. Passphrases are easier to remember than a standard password containing special characters, numbers and letters combined. It would be easier to remember a line from a favourite song or favourite quotation than to remember a short but complicated password.
     
  2. Some passwords are relatively easy to guess or crack. Cyber criminals have developed state-of-the-art hacking tools that are designed to crack even the most complicated password.
     
  3. Passphrases easily meet complexity. The use of punctuation, upper/lower case in passphrases also meets the complexity requirements for passwords.
     
  4. Passphrases are nearly impossible to crack, because most password cracking tools break down at around 10 characters, so even the most advanced cracking tools won’t be able to guess or force their way into these passphrases.
     
  5. When combined with Multi-Factor Authentication (MFA), this creates enhanced security that provides a stronger authentication process that is also more user-friendly than remembering complex passwords and passphrases.

 

🚨 How do I change my password to a passphrase?

  • Press Ctrl+Alt+Delete, and then click ‘Change a password’
  • Type your old password followed by your new passphrase as indicated, and then type the new passphrase again to confirm it  
  • Press Enter.
     

πŸ™‹ Do you need passphrase inspiration?

If you need help thinking of your new passphrase, we recommend using what3words, and choosing a location meaningful to you, adding in spaces. 

Alternatively, you can use an online passphrase generator. Just make sure your generated passphrase conforms to the above passphrase requirements.

 

Phishing.jpg

Good cyber security is everyone’s responsibility, and there are some simple steps you can take to remain secure. One of the most common attempts to breach cyber security defences is the use of scam emails.  

Beware of scam and phishing emails 🎣

These emails are fraudulent messages that try to trick you into giving away personal, medical or financial information, or infect your device with malware to steal data. 

These emails can be very convincing and may appear to come from a legitimate source, such as a person or organisation you know when they are actually being sent from a fake address – known as ‘email spoofing’. 

Be email aware

  • πŸ€” Be suspicious of generic greetings such as "Dear sir or madam".
  • πŸ”Ž Check the sender’s email address to see if it looks legitimate.
  • ❌ Never open links or attachments from senders you don’t recognise.
  • πŸ‘€ Check the address of any links by hovering your mouse over the link (without opening it) to see if the address matches the link that was typed in the message.
  • πŸ”€ Check for spelling mistakes and poor grammar which could indicate the email is a scam.
  • 🚨 Be suspicious of emails that claim you must click, call, or open an attachment immediately. 
  • 🚫 Never provide financial or sensitive personal information like usernames and passwords over email.
     

What should you do if you suspect an email to be suspicious?

 

  • 🚨 If you receive an email that is unexpected or suspicious, do not open any links or attachments and delete it immediately. If you are concerned, get immediate support through the IM Digital Portal
  • ⏸️ Pause and verify who you’re dealing with before sharing information, and make sure you are following security best practices and your organisation’s Information Governance (IG) policies and guidelines. 

Further information and support

Please ensure you report anything suspicious immediately on the IM Digital Portal

We thank you in advance for your support, please remain vigilant and help to keep I.T. confidential.

Tailgating.jpg

NHS organisations and staff are increasingly being targeted byβ€―pretexting scams.

Pretextingβ€―is a type of social engineering attack where someone pretends to be a trusted person to trick you into sharing information or carrying out an action. These scams aren’t limited to theβ€―online world, such as tailgating.

Tailgating is when someone tries to get into a secure area by following another person through a locked door. For example, they might walk close behind you, grab the door before it closes, or say they’ve forgotten their ID badge.

Letting someone in without proper checks can put the organisation at risk. If you think this has happened, report it straight away to reception or security. 

πŸ” Tailgating prevention tips for staff

  1. 🚨 Be aware – Don’t assume everyone behind you is authorised.
  2. πŸͺͺ Identification – Always wear your ID badge visibly and check others are doing the same
  3. 😊 Challenge politely – If someone tries to follow you in without a badge, ask: “Can I help you sign in?”
  4. πŸšͺ Don’t hold the door – It may feel polite, but secure areas require individual access verification.
  5. πŸ—£οΈ Report suspicious behaviour – If something feels off, notify security or your manager immediately
  6. πŸ‘ Use access properly – Never prop open secure doors or let others use your credentials
  7. πŸ€” Know your area – Understand which areas are restricted and who is authorised to enter

Further information and support

Please ensure you report anything suspicious immediately on the IM Digital Portal

To explore all our tips for protecting yourself and your data, visit the Cyber Security Awareness Month page on YourSpace.

We thank you in advance for your support, please remain vigilant and help to keep I.T. confidential.

Why does cyber security matter?

Recently, NHS organisations have seen a big rise in scam emails and pretexting attacks. Pretexting is a type of social engineering, where someone pretends to be a trusted person to trick you into sharing information or taking action. This type of attack is not limited to online – it can take place through other forms of communication, including in person.

The NHS is a prime target – an attack could be far more damaging, affecting patient care across the country.

The 2017 WannaCry attack affected more than 60 NHS Trusts, spreading to over 200,000 computer systems worldwide. It doesn't take much to cause serious disruption – one weak password brought down a 158-year-old company.

Being cyber secure should be as normal as washing your hands. Whether working online or offline, help priotect our data by keeping I.T. confidential and following cyber security best practice.  

Find out more about Cyber Security

βœ… Top tips

  • πŸ’ͺ Use a strong passphrases – Use three random words (five characters, separated by spaces) and keep it a secret.
  • ❌ Beware of suspicious emails – If you feel an email is suspicious, do not click any links and delete it immediately. If you are concerned, get immediate support through the IM Digital Portal.
  • πŸ” Lock your device – Always lock computers and devices when you're not using them.
  • πŸ—£οΈ Check who people are – Ask for identification before giving anyone access.
  • πŸ“² Use Multi-Factor Authentication (MFA) – It adds an extra layer of protection to your account. Along with your email address and password, you’ll need a second way to confirm it’s really you. For more information about MFA, please read our guidance.