top of page

Social care organisations - Are you at risk of insider threats?



Welsh social care organisations remain an attractive target for cybercriminals, often attributable to outdated IT systems, fewer, if at all cyber security protocols and IT staff, and valuable data. This combination makes it vital that organisations in the sector prioritise cyber security in order to protect their employees and clients.

However, protecting against external attacks is not the only focus organisations should have.


What are cyber insider threats?

Insider threats come in two forms, malicious and accidental.


Malicious - often in the form of a disgruntled fired employee who wants to get back at their former company, though they can also come in the form of employees still working at the business. In that case they may be part of an organised crime network or an individual looking to do harm through fraud, IT sabotage, intellectual property theft or espionage.


Accidental – employees who unintentionally expose confidential data through poor cyber hygiene, weak passwords or reveal sensitive information after being duped by phishing attempts or by not following company polices.


At the beginning of this year IBM investigated the root cause of breaches and found that 53% of UK breaches were malicious in nature. 23% were caused by system glitches and 25% by human error – by accident or otherwise.


Primarily, breaches from former employees stem from organisational failures, such as improperly identifying a change in employee status, such as moving roles or leaving the company. This leads to permissions being set to higher than necessary, bringing security weaknesses into the organisation.


So, what can you do to protect yourself?

Threats like these are amongst the most difficult to guard against however there are some key considerations for companies.


· Have clear HR policies around staff leaving the organisation and ensure that they are adhered to. All staff leaving to have documented and audited exit interviews to include return of company IT equipment, password cancellations etc, to limit opportunities for former staff members to be able to access company networks. Implement a handover period to try and limit impact on the organisation.


· Make staff are aware of the type of attack, and methods to identify them – in this case, phishing attacks. By doing so it will really help strengthen an organisation’s cyber resilience. They must also understand the importance of strong and unique passwords, and the risks associated with sharing too much information on social media. The WCRC can provide bespoke staff awareness training tailored to what threats your company and employees might face. Contact us now to find out more.


· Implement strong access controls and allow admittance to systems that people really need for their roles rather than everything e.g., a cook wouldn't have access to HR records as they don't need this information in order to perform their role. Alternatively, if you were working in a physical location, you might have some areas which were only accessible to staff who worked there, and for anything really valuable, maybe a safe. But you wouldn’t give the safe keys to everyone who worked for you.


· Have internal network logging. This will enable you to see unusual activity - such as thousands of e-mails suddenly being sent outside of the network. (Logging made easy is a self-install tutorial for SMEs to gain a basic level of centralised security logging for Windows and provide functionality to detect attacks. It was originally created by NCSC but is now maintained by the US cyber security agency Cybersecurity and Infrastructure Security Agency).


· Have policies and procedures which cover data control and access. Consider limiting the number of attachments that could be sent out at once, and then set up a rule which alerts you if any more than that are sent. This gives you the ability to check that what is being sent is going for a legitimate reason. Tell your staff that their emails are being monitored and tell them about the policy. Also, set out policies that cover data handling and password security that staff members can follow.


The WCRC is currently working with the Welsh Government, offering FREE cyber security training for all Welsh organisations operating in the social care sector. If you’re interested in getting involved then get in touch with a member of our team who can help you access this essential training programme.


You can also contact the WCRC for general cyber security guidance and support through our e-mail enquiries@wcrcentre.co.uk.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page