Your staff are experts in their areas of dispensing, customer service and retail. But they might not be cyber security gurus.
This is where many cyber risks can slip through.
Currently, 34% of reported data breaches occur as a result of human error (1). For those cyber attacks that go unreported, the majority, as many as 90% result from human error.
Importantly, risk keeps evolving as cyber criminals seek new points of vulnerability. This means that your staff training should not be a one-off.
- Have all your staff and locums been trained in cyber security? Do they understand the risks and what to look for?
- Would they recognise a phishing email or business scam? Do they know how to avoid downloading ransomware?
- Do you provide refresher training to prepare staff for new points of vulnerability? The end-of-life of Windows 7 support is an example of a potential vulnerability; busy dispensing periods might be another.
Like other policies, cyber security policies and processes should be documented and visible, with quick reference guides and clear advice on what you expect from staff. For example:
- Have you documented what to do if there is a problem? And have you provided written advice on the digital behaviours that you expect from staff?
- Do you want staff to access private emails and social media on work computers? Or to connect personal devices such as phones and tablets to your network? What about plugging in USBs?
- Do you allow members of the public to connect to your Wi-Fi?
- Have you got cyber security checklists in place for when people start or finish working with your pharmacy? This helps to ensure that emails, passwords and other important access information doesn’t accidentally leave your pharmacy.
The third area to focus on is making sure that your systems and technology are as secure as possible. The following are important points to think about in preventing disruption to your business:
- Do you have a firewall and antivirus software on every computer?
- Do you have a system to detect breaches in situations where a traditional solution such as antivirus software will not be sufficient?
- Is your operating system able to cope with contemporary cyber security needs?
The most recent operating systems provide the most rigorous security protections, so making sure that your operating system is up to date is fundamental to protecting your cyber security
- Do you conduct regular backups?
- Do you act on software updates as soon as possible?
Operating system updates and security updates are a vital part of staying as secure as possible. This means avoiding operating systems that have become out of date (such as Windows 7).
- Do your cyber security arrangements cover all devices that connect to the internet?
Security cameras, smart TVs, fridges and other items – can potentially open up security vulnerabilities without you even knowing that these have occurred.
- Have you thought about whether staff dial in from off-site using unauthorised programs (such as Remote Desktop Protocols)? Make sure that you factor these in to your security plans.