Last September, the Cyber Resilience Centre for Wales (WCRC)teamed up with the Welsh Government and Matobo Learning to launch a first-of-its-kind initiative. It focused on social care organisations across the region to not only raise awareness of cyber security to a highly vulnerable sector but to promote and encourage sign-up to free cyber security training.
Seen as a high-value target by cybercriminals due to organisations holding large amounts of sensitive patient data coupled with outdated security systems and sophisticated hacking techniques, it has created a perfect storm for hackers seeking to exploit vulnerabilities for personal gain.
Recognising the need to take action, the Welsh Government invested in 2,500 licences from Matobo Learning, producer of the Cyber Ninjas training programme, and onboarded employees in the social care sector completely free of charge. Consisting of 12 online modules, it covered steps to take while working online to prevent cyber-attacks such as phishing and hacking.
And, with the support of the WCRC’s on-the-ground team –Head of Cyber and Innovation Paul Hall and Cyber Police Community Support Officer Chris Rees, 270 social care organisations have now been engaged with and 2,500 employees enrolled onto the training programme.
In addition to this, the centre joined forces with North Wales Police, South Wales Police and Dyfed Powys Police Cyber Crime Team to host the ‘Social Care Sector Business Crime Conference’, where members of the social care industry were invited to hear firsthand what the cyber risks are and how to guard against them.
Chris says: “The purpose of the visits was to raise awareness of the threat of cybercrime but also highlight the steps that can be implemented to be more secure online. The majority of organisations we visited were positive and interested in taking part in the Cyber Ninjas training demonstrating the need and want for better cyber security.
“Although initially some didn’t think it applied to them but when I explained to them how it can impact on their employees, service users and business continuity they were extremely keen to do as much as they could to protect themselves.”
And yet despite the offer of free training for staff, there were still those that only wanted sufficient licenses for their management, meaning that many of their staff remain unaware of the risks and how to identify an attack such as a phishing email. This approach is not just limited to the social health care sector but is a widely held attitude in many businesses. If an organisation is to improve its cyber resilience, then a key measure is to ensure all staff, not just managers, are made aware of these risks.
Remember, cyber resilience requires continuous monitoring, adaptation, and proactive measures. By implementing these strategies, the social care sector can better protect patient information and maintain delivery of essential services. The initiative may have come to a close and if your organisation missed out, the WCRC is still here to help.
To learn more about WCRC head to our membership and services pages on our website.