Health Service staff are being reminded to “think before you click” and to follow best cyber security practice when using ICT systems.
Cyber criminals are increasingly finding more and more sophisticated ways to steal data from organisations and while anti-virus software and network firewalls are deployed across the network, in fact the front line of defense for these threats lies with the end-user. This is a timely reminder to all staff to ensure that we all follow good IT practices.
Being security-aware at all times and ensuring a culture of security within the organisation will help us keep our network, and the data contained within it, secure. To do this we need all staff to be vigilant, to be familiar with our ICT security policies, and to follow best practice guidelines when online or using any ICT system.
Download this poster and display it on noticeboards for all staff at your location
Best practice for data security online includes the following:
- ensure your PC/laptop antivirus solutions are up to date to protect you from ongoing cyber security threats
- take steps to ensure all your critical ICT system backups are scheduled and run regularly and that completed backups are stored in a safe place
- ensure you follow basic and best practice around the use of external devices like USB sticks, which must be encrypted
- be familiar with the HSE data protection guidelines and ICT security policies
- be vigilant and pay attention to opening unknown email attachments or visiting suspicious internet sites or links in emails. ‘Phishers’ have been known to use real company logos to make their communications seem legitimate. They also use spoofed email addresses, which are similar to the actual company’s address. However, the address may be misspelled slightly or come from a spoofed domain. Do not click any links or download any attachments in the suspicious email. Instead, open up your web browser and go to the website in question by typing it into the URL bar.
- Be cautious of links and attachments in emails from senders you don’t recognize. Phishers prey on employees who open these without checking them out, opening the door to malware. If you’re unsure about an email’s legitimacy, contact the national IT service desk.
- arm yourself with knowledge about cyberattacks (below)
What is Phishing?
Phishing is a form of fraud in which an attacker masquerades as a reputable organisation or person in an email or other communication. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Phishers can also try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact the national IT service desk if you or your co-workers receive suspicious calls. Don’t leak intellectual property- even accidentally. Sharing a picture with a whiteboard or computer screen in the background online could reveal more than someone outside of your company should see. Report security warnings from your Internet security software to IT immediately, chances are, they aren’t aware of all threats that occur.
What is malware?
Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.
Hostile and intrusive, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices like smartphones, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.
Although malware cannot damage the physical hardware of systems or network equipment, it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.
What is Ransomeware?
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user’s critical data is encrypted so that they cannot access personal files and a ransom is demanded to provide access to the files.
If you have any specific concerns in relation to this you can call the national service desk on 0818 300 300
(right-click to play the video )