Hundreds of small and medium-sized organisations in the healthcare sector are set to receive government funding to boost their cyber security practices.
The decision, which was announced by Digital Infrastructure Minister Matt Warman during London Tech Week, will help healthcare providers, which are particularly vulnerable to data breaches and cyber attacks.
According to a Clearswift study, 67% of UK healthcare organisations experienced a cyber security incident during 2019, and the issue has got worse this year amid the coronavirus pandemic.
Eligible organisations are being invited to apply for a share of the £500,000 funding, which is intended to help them certify to Cyber Essentials, a UK government-backed scheme that contains guidance on how to prevent some of the most common types of cyber attack.
“We know there is a heightened cyber threat for healthcare businesses at the moment so we are releasing new funding to help those playing a vital role in the pandemic response to remain resilient,” said Warman.
Paul Chichester, the director of operations at the NCSC (National Cyber Security Centre), added: “Protecting healthcare has been our top priority during the Covid-19 pandemic and we have been working hard to ensure organisations can keep themselves secure.
“While we will continue to support them, signing up to initiatives such as Cyber Essentials is an excellent way for organisations to help themselves.”
What is Cyber Essentials?
The Cyber Essentials scheme contains five controls that, when implemented correctly, help organisations prevent up to 80% of security incidents.
Those controls are:
These are designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software is essential for them to be fully effective.
Boundary firewalls and Internet gateways determine who has permission to access your system from the Internet and allow you to control where your users can go.
2. Secure configuration
Web server and application server configurations play a crucial role in cyber security. Failure to properly configure of your servers can lead to a wide variety of security problems.
Computers and network devices should be configured to minimise the number of inherent vulnerabilities and provide only the services required to fulfil their intended function.
3. User access control
It is important to keep access to your data and services to a minimum. This should prevent a criminal hacker being presented with open access to your information.
Obtaining administrator rights is a key objective for criminal hackers as it allows them to gain unauthorised access to applications and other sensitive data. Convenience sometimes results in many users having administrator rights, which can create opportunities for exploitation.
4. Malware protection
It is essential to protect your business from malicious software, which will seek to access files on your system.
The software can wreak havoc by gaining access and stealing confidential information, damaging files, and even locking them and preventing access unless you pay a ransom.
Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.
5. Patch management
All devices and software are prone to technical vulnerabilities.
Cyber criminals can rapidly exploit vulnerabilities once they’ve been discovered and shared publicly.
Criminal hackers take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
Updating software and operating systems will help to fix these known weaknesses. It is crucial to do this as quickly as possible to close any opportunities that could be exploited to gain access.
How you can certify to Cyber Essentials
If you’re thinking about certifying to Cyber Essentials, we are here to help.
IT Governance has issued more than 4,800 Cyber Essentials certificates, and we provide all the resources you need to meet the scheme’s compliance requirements.
Our fixed-price bundles contain expert support and compliance tools, including technical tests and assessments conducted by experienced cyber security practitioners.