Hackers target the public sector data during Covid-19 pandemic

The last few weeks have demonstrated a great spirit in collaboration and hard work to get the country through the pandemic with the greatest care being given to the most vulnerable. The public sector whether a local council, school, police force, or NHS worker has seen a huge shift in its workload and responsibilities in the battle against the challenges presented by COVID-19.
Colleagues have to respond to a dynamic and difficult situation nimbly and with creativity while they find new ways and places to work. This has resulted in significant changes to ensure services are delivered. And these services must be delivered without risk to the data safety of the patients, the wider public and colleagues.

Hackers have been quick to exploit the overwhelmed capacity of many patient data systems. These cyber-attacks serve as a reminder that public sector organizations need to review their information security management systems even during these exceptionally busy times.

Many cyber attackers are motivated by financials and will take all steps to exploit organizations with weak security infrastructure. Media reports suggest that some of the healthcare information systems which are under cyber-attack related to cyber espionage to obtain detailed information relating to tests or vaccines. This information would then be sold on to a competitor who wishes to develop a new product.

Does your organization have a robust information management security system and when was its processes last reviewed? For example, do you have a clear incident response plan i.e. are you prepared for a ransomware attack or data breach? 

With so many colleagues working from home, check that that restricted access controls and mechanisms are optimized.
Consider a vulnerability test and analysis. Once weaknesses are identified, resolve them and track them. Finally, ensure these measures are also written into a business continuity plan, so you have a plan if critical systems are attacked.

These are a snapshot of some of the steps which could be taken to protect information.

ISO 27001 helps you develop a robust information management framework that covers physical security, manual data, and tangible security property. It is particularly important to sectors whose information is sensitive and critical, such as, IT, finance, health and public agencies and those managing information on behalf of others.

Being independently certified means that your customers can rely on the integrity of your information security practices and that you can demonstrate control over future security threats.

ISO 27001 information security management systems can also help your organization on the road to General Data Protection Regulation (GDPR) compliance.

BM TRADA is a UKAS accredited certification body whose name is readily accepted by many regulators, purchasers, and suppliers around the world, providing you with a 'passport to trade'.

Be prepared for a new way of working. Learn more about ISO 27001

Click here to contact a BM TRADA certification expert who will guide you through the process.

We offer a wide range of management systems training courses