Cyber security is the means by which the Trust and its staff can reduce the risk of being affected by cyber-crime.  Its core function is to protect the devices we use (smartphones, laptops, tablets and computers) along with our network, systems and data - from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal and confidential information which we store.

Be cyber aware whilst working

It's important to understand that the Trust may be vulnerable to a cyber-attack and staff can play their part in keeping the Trust secure and preventing online criminals from carrying out such attacks.The advice summarised below is applicable to both work and home life. Staff should also be familiar with the Trust's IM&T Security Policy and associated standards which focus around cyber security.

Defend against phishing attacks

 

Phishing emails appear genuine, but are actually fake.

They might try and trick you into revealing sensitive information, or contain links to a malicious website or an infected attachment.
  • Know how to spot the signs of a phishing email (this can include urgency or authority cues that pressure you to act) and what action you should take.
  • Phishers use publicly available information to make their emails appear convincing. Review your social media privacy settings, and think about what you post. 
  • Phishers often seek to exploit 'normal' business communications and processes. Make sure you know the Trust's policies and procedures to make it easier to spot unusual activity. 
  • Anybody might click on a phishing email at some point. If you do, report it to someone immediately to reduce the potential harm caused.

Use strong passwords

Attackers will try the most common passwords (e.g.password1), or use publicly available information to try and access accounts. If successful, they will use this same password to try and access your other accounts.
  • Create strong and memorable passwords, such as by using three random words. Avoid using predictable passwords, such as dates, family and pet names which others may be aware of.
  • Use different passwords for work and home accounts. If an online account gets compromised, you don't want the attacker to also know your work password. 
  • Keep passwords secure and never reveal or share your password with anyone.

Secure devices

Smartphones, tablets, laptops or desktop computers that we use can be exploited both remotely and physically, but we can protect them from many common attacks.
  • Don't ignore software updates - they contain patches that keep your device secure. When you're prompted to install any, make sure you do.
  • Always lock devices when you're not using them. 
  • Ensure PINs and/or passwords are applied to all devices. This will make it harder for an attacker to exploit a device if it is lost or stolen. 
  • Avoid downloading unapproved apps. Only use official app stores (like NHS App Library, Google Play or the Apple Store), which provide some protection from viruses. Don't download apps from unknown retailers and sources.

Report incidents

Report incidents promptly – as this can massively reduce the potential harm caused by cyber incidents.
  • Cyber-attacks can be difficult to spot, so don't hesitate to ask others for further guidance or support when something feels suspicious or unusual.
  • Report incidents as soon as possible - don't assume that someone else will do it. Even if you've done something (such as clicked on a bad link), always report what's happened.

National Cyber Security Centre (NCSC)

The NCSC help to support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents occur, they provide effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future. 

Useful NCSC resources for staff

This free training takes less than 30 minutes to complete and introduces why cyber security is important and how attacks happen, and covers four key areas.  It's been deliberately designed for a non-technical audience (who may have little or no knowledge of cyber security), with tips that complement the Trust's existing policies and procedures.

Be cyber aware at home and work

Cyber security is important because smartphones, computers and the internet are now a fundamental part of modern life and it's difficult to imagine how we'd function without them. From online banking and shopping, to email and social media, it's more important than ever to take steps to prevent cyber criminals getting hold of accounts and data, belonging to either the Trust or our staff.Many of us are spending more time online whilst at home. Keep yourself and your family secure by following NCSC's top tips and guidance below: