May 18th 2023
For homecare providers, running a service that people can trust is vital. Data and cyber security are a part of that, and can be a key issue for homecare services particularly when staff are out and about – using paper or digital records remotely.
Last week we held a webinar for small homecare services looking to improve their data and cyber security practices. We covered some of the key issues that impact homecare and gave advice on what steps you can take to protect your business. You can view the webinar recording here.
- Smartphones – BYOD or provide?
If you’re considering letting staff use their own devices, you will need to implement a Bring Your Own Device (BYOD) policy. You will need to have considered what information your staff might share and where that is stored. The automated backup of smartphone data to cloud-based accounts can lead to your businesses data being revealed. A good BYOD policy will consider this, and will ensure that personal devices only have access to business data that you are willing to share with staff.
Don’t forget you will need to communicate your new policy through staff training so that staff understand their responsibilities when using personally owned phones for work purposes. You can read more detailed guidance here.
2. Text messaging – is it safe?
Using text messaging to communicate with staff can expose you to some vulnerabilities. For example, have you considered who can see the message? What you would do if the receiver was a victim of a Malware attack? There are secure alternatives you can use to reduce the risk:
- Encryption – use an app that has End to End Encryption (E2EE), this will be advertised as a feature to a secure messaging app.
- End-user verification – can the app confirm that the person using the app are who they say they are?
- Passcode protection – can a secondary PIN be used to protect the app?
- Remote-wipe – can the messages be removed if the device was lost, stolen or redeployed to another staff member?
- Message retention – does the app allow automatic deletion of messages after a period of time?
3. Business continuity planning
You may already have a business continuity plan that details what you would do in the event of severe weather, but have you thought about how a continuity plan that includes data and cyber security could help you protect your business? Digital social care has an adaptable template policy you can use, and this could help you manage risks such as:
- If you lost data records
- If you were hacked
- If phone operating systems were down
- If your supplier’s system failed
4. Staff training
Don’t underestimate human error. Data and cyber security awareness training will educate staff on important issues such as how to spot a cyber-attack. We have collated various training resources for staff which can help. You can also access the manager’s discussion tool which is a helpful training resource to check your staff’s understanding of data and cyber security.
5. Use the DSPT
The DSPT is a helpful self-assessment tool that you can use to check and improve your data and cyber security arrangements. The DSPT applies to all CQC-registered care services, irrespective of service size or type, and applies to paper as well as electronic records.
There is free support to complete the toolkit through the official Better Security, Better Care support programme. Care services are encouraged to contact their Local Support Partner who can help you save time by offering expert, tailored support.
Photo by Matt Bennett on Unsplash
View all News