NHS Informatics Merseyside offers a comprehensive IT security service advising on all aspects of data and cyber security and protection against threats including phishing, spear phishing and ransomware attacks.
A structured approach is used for ensuring the correct level of protection is in place to safeguard the integrity and availability of information systems and business data.
Our experienced and certified experts are on hand to provide advice and guidance on every aspect of IT security, whether you are looking to audit your systems to safeguard data or conduct penetration testing on a secure website.
Key features of our IT security service include:
- Security reviews and risk.
- Internal security scans and benchmark compliance testing.
- Cyber and IT security management– training plans and end-user awareness sessions.
- Development of policies and processes to support the NHS Information Governance (IG) Toolkit.
- IT security incident management and unauthorised access monitoring.
- Discreet and forensic investigations to support HR.
- IT security advice and consultancy.
- Research and development advice on best practice and new technologies.
As a security service, Informatics Merseyside is Cyber Essentials certified, with our infrastructure managed in accordance with ISO 27001 information security management standards demonstrating the robust security practices employed across our operations.
Our standards and certifications
CISM Certified Information Security Manager
We have certified information security management (CISM) expertise within Informatics Merseyside, which demonstrates our knowledge and commitment to information security. In addition to our technical competence, this validates our understanding of the relationship between information security and the goals and objectives of those organisations we support.
Informatics Merseyside is Cyber Essentials certified for our adherence to nationally approved guidance and best practice regarding cyber security.
Cyber Essentials consists of an assessment of security measures to ensure that the necessary 5 key controls are in place as a basic level of protection. These controls include:
- Boundary firewalls and Internet gateways for the prevention of unauthorised access.
- Secure configuration to ensure that systems in use provide only the necessary functions required for their roles.
- Access control to an appropriate level for employees with records of who has higher access within the company.
- Malware protection installed and kept up-to-date.
- Patch management to ensure that all software is the latest supported version.
You can read more about this certification on the National Cyber Security Centre website.
Cyber security awareness and support
COVID-19 Cyber Security Scams
NHS Informatics Merseyside is urging all colleagues to be extra vigilant following a rise in coronavirus-related cyber scams.
Coronavirus (COVID-19) related e-mails
NHS staff are being targeted with multiple variations of phishing emails which are pretending to deliver important coronavirus (COVID-19) updates and information.
These fake phishing emails contain different types of cyber-attacks, which include:
- Links to fake OneDrive or Office365 logins – aimed at staff working remotely to capture username and password credentials.
- Links to malicious websites – showing statistical coronavirus information whilst implanting malicious software on computers.
- Malware infected attachments - which appear to be information and guidance documentation to be opened and circulated.
NHS Informatics Merseyside has detected and blocked more than 45 different fake websites, emails and sender addresses, but it is known there are many more of these fake coronavirus phishing emails still in circulation. If you receive a suspicious looking email:
- Double-check the sender address – is it a known address? Does the address even look genuine/official?
- Does the information within the body of the email look authentic?
- If the email contains a link, hover the mouse cursor over the link and check the address, does the link look suspicious?
Cybercriminals know that many people feel charitable at this time and may look to exploit your good will. They may send e-mails from a bogus charity or ones that purport to come from a legitimate charity. Beware - they may contain a link to a scam site.
Tip: Should you choose to donate money to charity, please ensure that any donations are sent directly through the legitimate website for the charity of your choice.
Fake delivery emails
With most shops closed and online ordering at an all-time high, it can be easy to lose track of what you have ordered online. Cybercriminals know this, and send out e-mails that purport to come from legitimate courier companies. These e-mails ask recipients to click on a link, which might take you to a scam website or download malicious code onto your device.
Tip: Check the sender’s address to ensure it is a legitimate company and go to the company’s own website to track your order rather than through the e-mail you have received.
Social media scams
Cybercriminals use social media to tempt people to open and share content relating to coronavirus (COVID-19). Cybercriminals may even assume the identity of a ‘friend’ to help share content more successfully, without your real friend even knowing.
Tip: Please remain vigilant at all times and do not open any suspicious links or attachments.
Further information and support
For further information and guidance, please watch our video on the different cyber security scams taking place and what you should look out for.
COVID-19 IT Security Updates
Be Cyber Savvy
Good cyber security is everyone’s responsibility, so do your bit to protect our patients and their data by following our top tips to be cyber savvy!
- Report any suspicious emails to your IT Service Desk and then delete it!
- Watch out for malware which spreads when you download or install infected software via a website link or an attachment.
- Use a strong password such as a passphrase, which includes a mix of upper and lower case characters, a number or a special character.
- Lock all screens and log out of systems when they are not in use.
For further information, read our top tips to be cyber savvy!
Need further information?
For further information about IT security or to speak with an expert, please get in touch.