NHS Digital’s head of security operations lead, Steve Fenwick, has some advice for health and care staff on how to stay cyber secure while working from home.

In the Data Security Centre at NHS Digital, we support health and care organisations to be more cyber aware, scanning the sector for upcoming threats, providing tools and services that increase security and sharing best practice to help those working in the field to be more cyber safe.

Due to the Covid-19 pandemic, millions of us have had to adapt to working from home or remotely. This change has brought about many new challenges including an increase in cyber attacks from criminals taking advantage of the crisis.

There are many security considerations to think about when working remotely. While the pandemic has given criminals greater opportunities to exploit potential weaknesses, these basic tips can help you to counter their tricks.

Phishing scams

Phishing is a common scam that targets people by claiming to represent a reputable organisation in an attempt to obtain sensitive or personal data such as login details or phone numbers.

Now that many more people work from home, the figures show that cyber criminals have taken advantage of this, with the number of phishing emails and calls reportedly rising by over 600% since March.

Here are a few ways to make sure that you don’t fall victim:

  • Check the caller ID and email addresses of anyone trying to access your information.
  • Be especially cautious of calls or emails that you were not expecting.
  • Call colleagues if they seem to have sent you a suspicious-looking email
  • Read all the content before clicking on links or giving out data – phishing emails often contain poor grammar.
  • Be wary of anyone that asks you to check, renew or share login details or passwords – an official source will never ask you to share these personal details.
  • If you are one of the 1.4 million staff in the NHS that use NHSmail, reporting a suspicious email is as easy as clicking the ‘Report Phishing’ button on your MS Outlook ribbon or forwarding it to spamreports@nhs.net.
  • For everyone else in the sector, find out the process in your organisation for reporting spam emails
  • Report every suspicion. This way, your security team can build a true picture of what is happening if a large-scale scam is taking place.

Malware attacks and hacks

While phishing attacks try to dupe you into giving out sensitive information, malware attacks allow hackers to use software vulnerabilities to access your system so that they can take the information they need or gain control of your devices.

You can guard against this using these simple steps:

  • Install the latest software updates from official providers or NHS Digital on all of your devices.
  • Download the most up to date software to ensure your device has a high security level which can prevent new cyber-attack
  • Don’t forget to check that the software on your router is up to date too
  • Invest in anti- virus and anti-malware software but be sure to research any products you intend to purchase

One thing that many of us don’t think about when we work from home is the password for our Wi-Fi router.

Default router passwords can often be easily discovered, leavingit vulnerable to cyber criminals who can then monitor your online activity or send you  to malicious websites.

If you are still using the default password your router came with, change it to something more secure, using this advice from the National Cyber Security Centre’s experts

Out and about

We all need to work around others from time to time, even when working remotely. Whether you are grabbing a coffee in public while writing a report or live with other people, these final tips will help you to stay safe:

  • Avoid using public Wi-Fi as these networks often lack sufficient security
  • Instead, work offline and connect later once you can access a secure network.
  • Go online by tethering to your mobile device if you have sufficient data.
  • Password protect your sensitive work documents
  • Never allow anyone else to access your work devices for personal use
  • Always lock your device when you are away from it; this is essential if you live in shared accommodation
  • Do not print documents and work on them in public spaces as they will be vulnerable to theft or misplacement.
  • Use a screen protector to prevent others from viewing your screen over your shoulder or ‘shoulder surfing’, in public spaces.
  • Keep your work telephone conversations discreet and hold them in a private place where possible.

Keeping information secure is everyone’s job. Make sure you know how to report an incident and do so, no matter how small you may think it is. It may have a bigger impact than you realise.