STAGING

Reduce the risk and impact of a cyber incident 

How to prevent an incident from happening, and reduce the impact if it does. 

If you are better prepared, then a cyber incident will have less of an impact on your business. There are four key steps you can take to reduce the impact and likelihood of a cyber incident, and some very practical actions you can take to protect digital systems. 

Key steps 

1. Back up your data and practise restoring files from backups. 

Ensure you backup any data that is essential for running your business. And keep your backup separate from your computer or network where your data is usually stored. This could be an offline backup, or a cloud service designed for this purpose. Test your backups regularly and ensure you know how to restore files from a backup before you have to do it for real.  

See our guide on creating backups. 

 

2. Develop and test your business continuity plan. 

A business continuity plan details what you would do if your services were disrupted by something out of your control. Ideally, these situations would never happen, but a good plan would cover what you would do in the event of an incident so that you could continue to operate your business. Your business continuity plan should cover data and cyber security issues.  

Don’t assume you will be back to normal in a few days – plan for longer periods. Some cyber-attacks are known to have caused outages for months, so you should ensure that your plan covers longer periods and that you have systems in place to support that.  

It’s also important to test your plan to see if it works. A practised plan will help you make good decisions under the pressure of a real incident.  

See our guide and templates for creating and testing a business continuity plan. 

 

3. Train all your staff in data security and protection. 

One of the key things social care providers can do to protect themselves from falling victim to a cyber-attack is to make sure that they and all their staff are trained to recognise threats to data security and understand their responsibilities associated with handling data.  

We provide free data security and protection elearning training suitable for frontline staff working in adult social care. Access the training here  

Find out more about training options.

 

4. Complete the DSPT 

The Data Security and Protection Toolkit (DSPT) is the official, free online self-assessment tool to help adult social care providers store and share information safely. It shows care services what they need to do to keep people’s information safe and to protect their business from the risk of a data breach or a cyber-attack. The tool, and support programme to help you complete it, are free, designed for social care, and recognised in CQC’s Single Assessment Framework, NHS contracts, and many local authority contracts.  

Our Better Security, Better Care programme provides free, expert support to complete the toolkit. 

Find out more about the DSPT and free support.  

Protect digital systems 

Find practical advice on how to protect digital systems – follow the boxes below.