Are you safe from a cyber attack?

If you want to know whether your practice is vulnerable to cyber-criminals and data protection breaches, ask yourself the following ten questions:

Have you installed security software – antivirus and firewall – to protect your computer and ensure it is kept up to date? The software should be set to automatically scan files and webpages and whole system scans should be carried out frequently

Do you and your staff follow good password practice? Use different passwords for different services so that one breach doesn’t compromise all your accounts. Change passwords regularly; use passwords with combinations of letters, numbers and characters. Never share passwords

Do you install software updates when available? Older operating systems, software, internet browsers and apps may not be supported by the provider, so they will be inherently less secure

Do you only use secure and encrypted channels of communication to send invoices and other information? Standard unencrypted email is inherently insecure and should never be used to send invoices or identifiable patient information

Do you back up your data every day and store back-ups separately? Regular back-ups mean you can restore data and are less vulnerable to ransomware demands

Do you control access to confidential data? Staff should have their own user identity which gives them access appropriate to their role

Do you have a practice IT security policy? This should cover aspects of security such as internet and email use, passwords, using screen-lock and restrict the storing of data on unsecured mobile devices. Non-compliance should be a disciplinary matter

Do you and your team receive regular training in cyber security? Alongside training, it’s worth visiting the Government’s Cyber Essentials and the ICO websites for the latest best practice information

Do you check the security credentials of other companies? Ask service providers, insurers, hospitals and suppliers about the measures they have in place to protect your data

How quickly would you recognise a security breach? The sooner you are aware of a security breach, the sooner you can act.