- Sophos-commissioned survey reveals only 10% of NHS organisations have a well-established approach to encryption
- 84% of NHS organisations recognise that encryption is fast becoming more of a necessity
- Sophos has drawn up a list of five top tips for organisations looking to introduce encrytption technology
With the introduction of the General Date Protection Regulation (GDPR) on the horizon; it is cause for concern that a recent survey has revealed only 10% of NHS organisations have a well-established approach to encryption.
At the same time, the survey, carried out by Vanson Bourne on behalf of Sophos, shows 84% of trusts recognise that encryption is fast becoming more of a necessity.
To address the issue, Sophos has complied its top 5 tips for the NHS on supporting the introduction of encryption.
Jonathan Lee, the company’s healthcare sector manager, said: “As work is increasingly being carried out in the community, and away from hospital settings, it is imperative NHS organisations start to look at not only encrypting laptops, but data itself, wherever it is stored, be it on external media, network shares, or in the cloud.
As work is increasingly being carried out in the community, it is imperative NHS organisations start to look at not only encrypting laptops, but data itself, wherever it is stored
“The technology exists to implement such measures in an easy-to-manage way, and so organisations should not be losing data at such a rate.
“Where possible, organisations should look to automate the process of encryption, so that data that is stolen or inadvertently sent outside the organisation cannot be read and is of little use to the cyber criminals.”
Here are Sophos’s top tips:
Have an integrated security plan in place that does not stifle productivity: To fully understand their Cyber threat and risk exposure, NHS organisations should undertake a rigorous security review to identify risks, understand vulnerabilities, and assess the impact of a Cyber-attack. Only then can you create an integrated cyber security plan that incorporates technical, human and physical defences to deliver effective protection without stifling users' productivity.
Follow Best Practice: Many security breaches can be prevented by ensuring existing Cyber defences are deployed at full strength. Too often NHS trusts invest in cyber security solutions, but fail to deploy them to their full advantage. This significantly reduces their effectiveness and increases the likelihood of a successful, but preventable, breach. To ensure you are getting the maximum level of protection from your existing security solutions we encourage all trusts/organisations to follow the best practice guidance offered by their trusted security partners and vendors.
Have a tried-and-tested incident response plan: Work on the assumption that an attack will happen and ensure you have a tried-and-tested incident response plan than can be implemented immediately to reduce the impact of the attack.
Identify and safeguard your sensitive data: It's almost impossible to protect all your data all of the time, so identify the information you keep which would harm your organisation if it were stolen or unlawfully accessed and implement suitable data security procedures to ensure it is appropriately protected.
Where possible, organisations should look to automate the process of encryption, so that data that is stolen or inadvertently sent outside the organisation cannot be read and is of little use to the cyber criminals
Education, Education, Education: Too many cyber breaches are caused by the inadvertent actions of users. So, it is vitally important they are educated about the cyber risks they face and the safeguards in place to protect them. Users should also understand their individual cyber security responsibilities, be aware of the consequences of negligent or malicious actions, and work with other stakeholders to identify ways to work in a safe and secure manner.