It’s estimated that around 81% of all cyber security breaches in the UK are due to poor passwords which is why NHS Trusts have robust password security policies to protect against cyber criminals.
With 1.2 million NHS employees in England alone, the sheer number of passwords being used is significant so, having an effective process in place is essential.
Password protection
BDS Solutions works with NHS Trusts to ensure they have effective identity and access management processes in place. We actively promote Specops Password Policy and Password Reset for Active Directory to protect sensitive data from being accessed by cyber criminals.
The automation of new passwords when dealing with such a vast number of employees is critical to ensure a sufficient level of security. Some Trusts use a single sign on system, whilst others still have multiple log on details for various systems, depending on how they have been set up.
Despite the serious risks of weak passwords, it’s surprising how many organisations do not implement security policies requiring computer passwords to be regularly changed.
Fear of forgetting new passwords or the time consuming nature of having to change them too often are the most common reasons.
Password behaviour
All that’s required to access NHS computer systems is a password and, in the wrong hands, the wrong people can have access to sensitive patient data. Entire systems can also be affected, crippling many day-to-day operational functions.
Even when the risks and implications are well documented, there’s still evidence of irregular password behaviour; sharing passwords amongst colleagues, leaving one person logged in with multiple users accessing the same computer and even writing the password on a sticky note and attaching it to the computer.
Our 2 top tips for NHS cyber safety are:
1. Enforce a strong password policy and build automation and visibility to ensure that the password policy is being adhered to.
2. Get the staff on board by helping them understand the value of good password behaviour. They’ll help protect the systems and data and also make those sticky notes disappear.
A powerful password policy and process should not be underestimated. Be prepared and protect.