BACKUPS
We've seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great). It meant the backups were also encrypted and ransomed together with the rest of the victim's data.
WHY DO I NEED A BACKUP?
Not having a working backup when you need it will create a risk. Backups are copies of our information, stored somewhere else to the original – eg on the internet, or on a di erent device eg tapes, backup drive.
EXAMPLES OF CYBER/RANSOMWARE ATTACKS
click on links below
"Catastrophic" cyber attack on the Irish Health Service 1
Ensure you have capacity to restore your systems….make sure you can recover at speed
WHY WOULD ANYONE WANT TO ATTACK A CARE PROVIDER?
Backups are a way to get our information back if the original is lost or damaged, such as deleted by mistake, a broken computer, stolen laptop or we’ve been hacked and the hackers have locked our systems. Also if you have a new device and you want to copy existing les on to it, you can retrieve it from your backup.
You may ask yourself ‘Why would anyone want to attack a care provider?’ but we are talking about unscrupulous people with all sorts of motives, eg nancial gain, or they are looking for a challenge to see what is technically possible. Whatever the reasons, personal data can be very valuable to criminals. Take the cyber attack on the Irish Health Service or the one on Redcar and Cleveland council (which undoubtedly impacted social care services in the area).
DOWNLOADING HEALTH RECORDS
Irish Health service appointments in some areas dropped by 80%. It took four months to recover and a ected every aspect of patient care. Health records were shared online. The report into this has since highlighted weaknesses not least in their cyber security and resilience processes – ie sta awareness training and of course backups.
No care provider wants to experience a situation like this. You need to put mitigation in place and have good backups so that if the worst does happen, you can restore the data you need and have your systems back up and working as quickly as possible.
WHAT ARE THE DSPT QUESTIONS ABOUT BACKUPS?
7.3.4
ARE BACKUPS
ROUTINELY TESTED TO MAKE SURE THAT DATA AND INFORMATION CAN BE RESTORED?
7.3.1
HOW DOES YOUR ORGANISATION MAKE SURE THAT THERE ARE WORKING BACKUPS OF ALL IMPORTANT DATA AND INFORMATION?
WHAT DATA DO YOU NEED TO BACKUP?
THINGS TO THINK ABOUT
Your rst step is to identify your essential data. That is, the information that your business couldn’t function without. This doesn’t include information that is already on a cloud based system such as Dropbox or your emails or online versions of the systems you use for care management for example – your supplier should take care of these. If you are not sure contact your supplier.
HOW OFTEN?
It is best to do this at least every day, otherwise think how far back you would have to remember. To make it easier, backups can be set to run automatically which saves time.
You can buy o -the-shelf backup software which is easy to set up and a ordable considering the business-critical protection they o er.
Whether it is on a USB stick, on a separate drive or a separate computer, access to backups should be restricted so that they are not accessible to everyone. They should not be in the same room or preferably the same building as the computer being backed up (think about cases of theft or ood for example). Cloud storage solutions are a cost-e ective and e cient way of achieving this.
WHERE DO YOU KEEP YOUR BACKUPS? HAVE YOU CONSIDERED THE CLOUD?
Using Cloud storage (where a service provider stores your data on their computers) means your backups are physically separate from your location. It means you do not have to buy any kit and most providers o er a limited amount of storage space for free, and typically o er storage at minimal costs to small businesses.
Before contacting service providers, you should read the NCSC Cloud Security Guidance This guidance will help you decide what to look for when evaluating their services and what they o er.
DO YOU TEST YOUR BACKUPS?
However you test them, you must do it at least annually to make sure that information can be restored. Make sure that more than one person knows how to restore – in case one person is on leave when you need this.
FURTHER INFORMATION AND GUIDANCE
click on links below
1 Backup your data – guidance from Digital Social Care
2 NCSC guidance on backups
3 NCSC guidance on using the cloud
4 BBC article – How to back up your data and keep it safe (for smaller providers)
5 Beginner’s guide to PC backup – PCMag.com
FREE LOCAL HELP IN EAST OF ENGLAND
HERTFORDSHIRE, ESSEX, THURROCK AND SOUTHEND
Hertfordshire Care Providers Association*
https://www.hcpa.info/data-protection/
DataProtection@HCPA.co.uk
01707 708 018
NORFOLK
BEDFORDSHIRE – CENTRAL BEDFORDSHIRE COUNCIL
Bedfordshire Care Group
https://dspt.bedscaregroupltd.co.uk/
SCHHServiceDevelopment@centralbedfordshire.gov.uk
CAMBRIDGESHIRE AND PETERBOROUGH
The Care Alliance (Cambridgeshire, Northamptonshire and Peterborough)
www.thecarealliancecnp.co.uk
admin@thecarealliancecnp.co.uk
07831597711
Norfolk & Suffolk Care Support Ltd
https://norfolkandsuffolkcaresupport.co.uk/bsbc
helpdesk@norfolkandsuffolkcaresupport.co.uk
01603 629211
SUFFOLK
Suffolk Association of Independent Care Providers
www.saicp.org.uk
admin@saicp.org.uk
07949 381686