Search

CET and skills guides

Study and gain CET points through OT’s online CET exams, and access archived CET, CPD articles and skills guides in our education library

Find out more

Science and vision

News and features about the latest scientific developments and advances in optometry, ophthalmology and eye medicine

Find out more

Professional support

News and features about the latest developments relating to professional support from across optics. This includes updates from optical organisations such as the AOP and the GOC

Find out more

Jobs

Explore the latest UK and global jobs in the optical sector for optometrists, dispensing opticians and more

Find out more

The workshop

Preparing for attack

OT  poses a monthly scenario from a practitioner. This month, we look at cyber security with Lloyd & Whyte’s Will King

phishing scam animation
Getty/OrnRin

The scenario

Anna, independent practice owner

“I’ve seen lots of press coverage about cyber-attacks and scams increasing since COVID-19 hit. As an independent practice owner, I’m worried about the impact this might have on my business. After the year we’ve had, the last thing we need is more disruption. Can you advise on how I can minimise the practice’s risk?”

The advice

Will King, commercial development manager at Lloyd & Whyte

Over the last year, over a third of small businesses suffered an average cost of £3650 from lost data or assets and that it costs the UK healthcare sector £5.2 million, almost double that of the global average.

As cyber-crime becomes more prevalent it is also becoming more sophisticated. In this article, I aim to help optometry practice owners identify where they are most at risk and how to protect their businesses against and during an attack.

Unfortunately, no matter how secure you believe your system to be, or how well trained your employees are, breaches can and will still occur

 

What are the risks to your business?

Will King
Since the pandemic we have radically changed how we work, with nearly half (48%) of the UK workforce now doing some work from home. This may include your support staff, such as practice managers. The ability to work from any device has certainly made access and mobility easier. Unfortunately, the use of personal devices, such as home PC and mobiles, also gives hackers more doorways into networks.

Leading insurer Beazley reports that the two most common forms of attack to deploy ransomware are phishing emails and breaching poorly secured remote desktop protocol (RDP).

RDP enables employees to access their work computer desktops or company’s primary server from home with the press of a button, but the convenience also comes with added risks.

Additionally, social engineering is being deployed, whereby cyber criminals impersonate employees, creating seemingly legitimate communications. Actual invoices have details changed so that funds are diverted into the criminal’s bank accounts. In an industry that has a wide supply chain, security issues like this are a growing concern.

The overwhelming majority of breaches start with malicious emails or other social engineering where victims are tricked into revealing confidential information, usually because the email sounds both genuine and urgent

 

What can you do to mitigate risk?

Start with a risk assessment to identify areas and people most at risk. We have a cyber risk self-assessment form available on our website.

Manage access

Issues raised by remote working can be mitigated by implementing strong security protocols, including encryption. Use a multi-factor authentication-enabled virtual private network and have a limited number of password attempts. Given that 80% of hacking breaches involve stolen passwords or credentials, correct passwords protocol is vital.

Passwords should contain at least eight characters and comprise a combination of numbers, symbols and upper and lowercase letters. They should not be shared or written down, or used across different platforms. And they need to be changed regularly.

Educate users

Beware of phishing emails and keep up to date with the latest scams that exploit current trends. The overwhelming majority of breaches start with malicious emails or other social engineering where victims are tricked into revealing confidential information, usually because the email sounds both genuine and urgent. Risks can be reduced if employees are able to recognise scams, via ongoing security awareness training.

Back-ups and firewalls

Ensure regular back-ups that are verified and stored safely offline are completed. Allowing automatic updates on your firewall, anti-virus software and cloud storage system will greatly reduce the vulnerability in your system and subsequently the chance of you suffering a breach.

Up to 80% of cyber-attacks can be prevented by undertaking Cyber Essentials – the Government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The Government’s guidelines on managing your security can be found online.

Technical expertise and real-world claims handling experience can make the difference between suffering a catastrophic loss or getting back online quickly

 

What to look for in cyber insurance cover

Unfortunately, no matter how secure you believe your system to be, or how well trained your employees are, breaches can and will still occur, even in small businesses. Such incidences are unlikely to be covered by traditional insurance policies, therefore, it is important to ensure that you have the correct cyber cover in place. Cyber insurance can help protect your business against a range of cyber threats and exposures, including cybercrime, data breaches and system/business interruption.

Things to consider when deciding upon a policy include services such as:

  • Access to a 24/7 incident response, so you can react quickly and efficiently to any breach
  • Cover for any data protection breaches and reimbursement of any costs of notifying your clients
  • Forensic experts provided to identify how the breach occurred and implement software fixes
  • Overtime costs paid, so you can get your business back up and running again
  • Coverage includes human error, which, according to a study by IBM, it is the main cause (95%) of cyber security breaches.

Technical expertise and real-world claims handling experience can make the difference between suffering a catastrophic loss or getting back online quickly.

For more information, visit the Lloyd & Whyte website.

About the author 

Will King is the commercial development manager at Lloyd & Whyte Ltd. He specialises in creating insurance programmes for AOP members to ensure the correct commercial insurances are in place.

Lloyd & Whyte Ltd is registered in England No. 03686765. Lloyd & Whyte (Financial Services) Ltd is registered in England No. 02092560. Registered Office: Affinity House, Bindon Road, Taunton, Somerset, TA2 6AA.

Advertisement