The NHS is delaying its annual cyber security audit to help managers concentrate on the 2019 novel coronavirus (COVID-19) pandemic.
The six-month delay means that NHS trusts don’t need to complete their standard cyber security checklist until September.
Although the decision is somewhat understandable, as it helps reduce non-essential travel and contact at a time when the NHS battles to stay on top of the coronavirus outbreak, it opens the door to cyber crime.
The healthcare sector is one of the worst affected by data breaches, and failing to address vulnerabilities increases the likelihood of a security incident.
In fact, given the spike in coronavirus-related scams, you might argue that cyber security is more important now than ever.
That appears to be the opinion of NHS Digital’s chief executive, Sarah Wilkinson, who issued a warning this week over the “opportunism” of hackers and fraudsters who are attempting to exploit the chaos caused by coronavirus.
Likewise, a briefing sent to NHS organisations said that it was “critically important” that health and social care remains “resilient to cyber attacks during this period of COVID-19 response”.
Was this the right decision?
As with many organisations across the globe, the NHS is currently dealing with extreme uncertainty and an overworked and potentially depleted workforce.
Meanwhile, it’s pushing employees to work from home where possible. Without the protections that they receive in the office, such as network firewalls and physical perimeter security, there is an added risk of sensitive data being mishandled or misappropriated.
But although this is undeniably an important time to be thinking about cyber security, it’s probably not the right time to be conducting these audits, which are designed to give an overall understanding of NHS facilities’ resilience to cyber attacks.
Any checklists conducted now would hardly be representative of an NHS organisation’s cyber security posture. It’s therefore for the best that any tests are delayed and staff be given the opportunity to focus on urgent response measures.
Staying on top of the coronavirus crisis
The coronavirus is an unprecedented issue for organisations, which must act quickly to find ways to continue operating in the face of mass disruption.
As the NHS has demonstrated, this sometimes means making tough decisions based on the circumstances. However, through all this, you must acknowledge your responsibility to protect your sensitive assets.
After all, the thriving cyber crime industry will not continue during these disruptions but in all likelihood see massive gains.
There has already been a spate of scams cashing in on people’s uncertainty, and organisations’ growing reliance on technology as employees are asked to work from home will increase the possibility of attacks.
With months of disruption potentially ahead of us, it’s essential that organisations find solutions to these risks. Thanks to our range of distance learning training courses, you can provide the lessons you need without jeopardising your employees’ safety.
Two courses that we recommend are our Certified GDPR Foundation Distance Learning Training Course and our Complete Staff Awareness E-learning Suite.
The former is ideal for managers who want to learn how to implement measures that ensure their new work set-ups meet their regulatory requirements, while the latter provides a comprehensive overview of the data protection issues that employees should be aware of.