We can’t expect staff to be able to spot phishing emails or to know how to create strong passwords without cyber awareness training. While a minority of cyber attacks are caused by malicious staff, the majority are due to basic human error. Many phishing emails, for example, are very convincing. By training our staff we can set them up for success.
Make sure staff are trained to know the benefits of operating digitally but are also aware of cyber security threats and how to deal with them. Due to the rapid development and changes in digital technology it is a good idea to add cyber security to your annual training plans.
Digital Care Hub and Better Security, Better Care
As part of our Better Security, Better Care programme, we have developed the free, open access Data Security and Protection eLearning Course. This covers how to keep paper and digital information safe, and it enables care providers to comply with Data Security and Protection Toolkit training requirements.
You can also use these short summary videos, taken from the elearning programme.
Better Security, Better Care offers free support to care providers to enable them to complete the Data Security and Protection Toolkit (DSPT). Care providers can check their cyber security arrangements by using the DSPT. Central and local government bodies, local authority and NHS commissioners, the Care Quality Commission and the National Data Guardian recognise it as the official tool to evaluate your compliance with legal requirements, Data Security Standards and good practice.
And we provide guidance on data and cyber security training materials and their suitability for care providers, which includes suggestions for ways to increase data and cyber security awareness amongst staff and for subject areas that training should cover. We also have staff guidance documents for data security and protection which covers an introduction to data sharing, guidance on responding to subject access requests and how to respond to data breaches.
Other training resources
The National Cyber Security Centre has produced an e-learning training package. It is free and takes less than 30 minutes to complete. The Stay Safe Online: Top Tips for Staff training is primarily aimed at small and mediums sizes organisations, charities and the voluntary sector, but can be applied to any organisation, regardless of size or sector. You can either direct your staff to the NCSC website or if you have your own online learning portal you can easily integrate it into it.
Each police force will also have a Cyber Protect team. They provide advice, presentations and planning exercises with businesses and charities to raise awareness of cyber threats and help organisations protect themselves.
Regional Cyber Resilience Centres, which are funded by the Home Office, also offer staff training on a group and one off basis. This is a low-cost service. Their other support, including guidance and webinars, is free of charge.
Other external support currently available includes the NHS England’s Immersive Labs platform, a premium online cyber security learning platform, is available for all technical and cyber orientated colleagues in social care. The Keep I.T Confidential toolkit also hosts free resources, such as digital banners, animations, and screensavers, to help promote cyber security to staff.
Skills for Care also provides useful information on digital skills.