Cyber security – reducing the threats to and increasing the resilience of your business
The IBM cyberthreat intelligence report, issued this year, paints a grim picture of the vulnerability of IT systems – small and large, local and international – to cyber attack.
“The year 2020 was without doubt one of the most consequential and transformational in recent memory: A global pandemic, economic turmoil impacting millions of people’s lives, and social and political unrest. The reverberations from these events affected business in profound ways, with many making a major shift to distributed workforces.
‘In the cyber realm, the extraordinary circumstances in 2020 handed cyber adversaries opportunities to exploit the necessities of communication networks and provided rich targets in supply chains and critical infrastructure.”
Here in Ireland we know only too well about these threats, when the HSE and Department of Health IT infrastructure was the subject of a devasting ransomware attack in May 2021 and the consequences of this is still being felt today.
Ransomware attackers increased the pressure to extort payments by combining data encryption with threats to leak the data on public sites, and these kind of attacks were the number one threat globally, accounting for 23% of all cyber security attacks.
More worryingly, human error played a role in 95% of all successful data breaches, and there is overwhelming evidence that EVERYONE in an organisation must be trained to recognise potential cyber threats. Colm Murphy, a senior cybersecurity adviser with Huawei, said, “There are various degrees of training, but it is essential that everyone receives some level of training. They need to have a reasonably sophisticated appreciation of security risk, how to identify them, how to protect the company, who to call – even what to do if you have just clicked on a link or an attachment that you fear might not be what it seems.”
People are no longer working standard 9-5 jobs, they are often interacting with work IT systems on their phones and laptops – cyber security attacks don’t just happen during working hours!
What you can do
Writing in the Irish Times, Barry McCall outlined a check list which should be required reading for everyone with responsibility for the operation of IT in their businesses. We have outlined those most relevant to our community pharmacy customers:
- Embed a security culture into the organisation
Security consciousness at all levels is a prerequisite for best security practice, educating staff on the different ways and methods an attack can occur. This might not involve a major overhaul of your IT security, but might be about doing little things more often. Social engineering and phishing are the attack vectors of choice for cyber criminals, and people should be educated on how to identify them.
- Trust no one
The concept of ‘zero trust’ is paramount – people should only be allowed access to a network for a specific activity and nothing else. In the community pharmacy world, this means ensuring you have a robust firewall in place, with enhanced, new generation antivirus programmes.
- Back it up
There is no excuse for not regularly backing up data and systems. In the community pharmacy, your IT system is at the heart of your business – holding patient data, ordering details, and claims information. It is not a question of ‘if’ you will get hacked, but ‘when’. Mistakes happen, and frequent back ups will allow you to restore your data and get your pharmacy back up and running. The biggest issue is the frequency of back-ups, and we recommend that you carry these out daily. These no longer need to be manually stored on a back up key, but can be programmed to be carried out remotely, as frequently as you wish.
- Find the weakest link
It is not just the IT hardware and software in your pharmacy that needs testing – you and your staff should be put through regular training. Running simulations where fake emails are sent out will provide staff with the training and awareness that they need to spot a genuine attack and strengthen an organisation’s security defence. There are also companies who provide online cybersecurity training for staff – for more information speak to anyone on our Service Desk.
- Ensure strong passwords
It goes without saying that passwords used to access pharmacy IT systems should be complex and difficult to guess, and they should be regularly changed. You should not have the same password for all systems and for all staff.
Other things that will increase your vulnerability to attack include using a free email account and accessing other websites on your MPS system. We are always happy to provide information and advice on how to improve the cyber security of your pharmacy, please do not hesitate to contact us on ‘ITSecurity@mclernons.com’