Sophos’s top five tips for securing NHS organisations

In my role, I visit NHS sites across the UK on a daily basis and organisations are increasingly asking me how they can stay protected against today’s growing threats, including ransomware. Cyber security is now becoming a board-level issue and organisations are concerned with keeping systems functioning so that patient care can continue uninterrupted.

Next generation products can be added to your security armoury that will further enhance your defences. These include anti-exploit and anti-ransomware protection, such as Sophos Intercept X at the endpoint and sandboxing such as Sophos Sandstorm at the gateway.

However, there are still many ways in which you can bolster the protection provided by your existing tools.

Here are our top five tips to put your organisation in a better position to remain protected and quickly react to any attack it faces:

1. Have an integrated security plan that does not stifle productivity

To fully understand your cyber threat and risk exposure, you should carry out a rigorous security review to identify risks, understand vulnerabilities and assess the impact of a cyber-attack. Only then can you create an integrated cyber security plan that incorporates technical, human and physical defences to deliver effective protection without deterring productivity.

2. Follow best practice

Many security breaches can be prevented by ensuring existing cyber defences are deployed at full strength. Too often NHS organisations invest in cyber security solutions but fail to deploy them fully – significantly reducing their effectiveness and increasing the likelihood of a successful, but preventable breach. To ensure you are getting the maximum level of protection from your existing security solutions we encourage all NHS organisations to follow the best practice guidance offered by your trusted security partners and vendors.

3. Have a tried and tested incident response plan

Work on the assumption that an attack will happen and ensure you have a tried and tested incident response plan than can be implemented immediately to reduce the impact of the attack.

4. Identify and safeguard your sensitive data

It’s almost impossible to protect all your data all of the time, so identify the information you keep that would harm your organisation if it were stolen or unlawfully accessed and implement suitable data security procedures to ensure it is appropriately protected.

5. Education, education, education

Too many cyber breaches are caused by the inadvertent actions of users. Therefore, it is vitally important that users are educated about the cyber risks they face and the safeguards in place to protect them. They should also understand their individual cyber security responsibilities, be aware of the consequences of negligent or malicious actions and work with other stakeholders to identify ways to work in a safe and secure manner.

If you would like any further information about how to best protect your organisation, please contact my team at

Leave a Reply

Your email address will not be published. Required fields are marked *