top of page

How do you build cyber resilience in a social care organisation?

The social care sector is unfortunately one of the most vulnerable industries when it comes to cyber-crime due to the lack of funding and expertise. 

The industry as a whole comprises around 17,900 organisations in the UK, employing 1.79 million and aiding more than 800,000 individuals who receive long-term social care and 224,000 who require short-term care, according to

That is a lot of personal information and data social care organisations have to hold making cyber security a necessity and cyber-attacks do succeed, especially when there is little or no cyber resilience. And that is why the WCRC has been working in partnership with the Welsh Government and Matobo Learning in running FREE Cyber Ninjas security training for social care organisations across the region and which runs until the end of March.

Yet, there are also some quick wins, companies can initially implement that will help protect them from potential threats. Here are some easy tips that those within the social care sector can use to start building their cyber resilience:

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable.

  2. Consider a password manager for your staff to use.

  3. Enable two-factor authentication (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are compromised criminals still won’t be able to access the account.

  4. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never tested them, and then when they need the data the most, they find that they can’t recover it.

  5. Ensure you have anti-virus on all devices, including your phones.

  6. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for. Take a look at our Security Awareness Training Programme for small businesses and book your first session.

  7. If you have a website, get the First Step Web Assessment This will look at whether your site is secure from the most common cyber-attacks against it.

  8. Install updates as soon as possible. Criminals also know about vulnerabilities and will craft attacks specifically for known flaws.

  9. Have an incident response plan and test that it will help when the worst happens. Read our recent blog for more information on how to create your response plan.

  10. Join the Cyber Resilience Centre for Wales. It’s free, and you will be kept up to date with the latest threats you need to be aware of, as well as guidance, support and direction to free tools and services, and access to our affordable student services. Join now.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page