Cyber security is a hot topic at present – and rightly so. With more of us handing over major elements of both our personal and working lives to online apps and websites, having the right security precautions in place is essential.
In his latest blog, Dale Jessop – MyMedic’s non-executive director and tech healthcare specialist – provides an insight into online security and how MyMedic has got it right.
In essence, good security should be like an onion, with many layers of security that need to be peeled away before you're compromised.
Of course, the more layers of protection that are in place, the longer it takes an intruder to penetrate your defences. The name ‘security onion’ is often given sometimes as a reference to help people visualise the explanation security specialists give when talking about the layers of security, and it's a reference I quite like as well - given that people are usually quite familiar that good old staple of the kitchen.
Without going into the technicalities of how to implement multi-layered security and just focusing on the principles that surround it, we can use an example that we’re all familiar with – household security.
Household alarm systems, CCTV cameras, neighbourhood watch stickers & schemes will all act as a deterrent to crime. If an intruder has the choice between a home which clearly has visible security in place or a home that does not, their choice is simple, right? But what good are all these visible security systems if you leave your door unlocked – none whatsoever! The same is true of IT security for companies and their applications.
However, with IT security and especially with multi-layered security, the aim is to use each of the layers to stop certain types of attacks, but never expecting one layer to stop all attacks.
The reason for this is also simple; no one single solution will stop all vectors of attack and by attempting to employ a single solution you would be put at risk as the would-be hacker has only one layer to remove before gaining access whereas with multi-layered security the real objective is actually to slow-down, frustrate and deter any would-be attacker so that you have time to respond and deal with the situation.
This means that security by obscurity is just not enough. Referring to the assumption that no one would want your information, this is a huge security risk. Personally, I know and would expect most people to know someone who has been a victim of cyber-crime, whether it is identity theft or credit card cloning etc. therefore in your professional or personal life multi-layered security can offer protection.
Take a walk around your office, look at people’s desks. Do you see post-it notes with possible password related information on them? Ask a colleague what their first pet was called, what their mother’s maiden name was, or what their first car was... it's amazing how much information is given freely which could be used against you. It’s a common and easy mistake to make, after all we're British aren't we and we don't like to be rude and say no!
The truth is, sadly, that for some systems, passwords are all too often the only line of defence. A better solution to this dilemma is to apply layered security by implementing multiple, overlapping security solutions across both hardware and software, so that your most-critical assets are buried deep behind several lines of defence.
This is why I'm proud of what has been built at MyMedic, and of the thoughtfulness and expertise of our development team.
I know that they have implemented numerous layers of security from hashing & salting passwords, to the use of development frameworks that have inbuilt protection against the OWASP top 10 vulnerabilities, to ensuring every transaction in the system occurs over HTTPS/TLS.
In addition to this, the business also holds a Cyber Essentials certificate and, because we operate in and serve the healthcare industry, we have a Quality Management System, that contains the procedures and policies of expected behaviours within the business.
Our clients and customers can rest assured that at MyMedic, we have the right systems and policies in place to keep their data and information safe.
If you've any questions or comments, or if you're a potential client who'd like to discuss setting up an account with MyMedic, please send us a message, so we can contact you. Alternatively, just give us a call on the number below.
Locums: If you're interested in joing the MyMedic network, please use our locum enquiry form.
MyMedic, Gresley House, Ten Pound Walk, Doncaster, DN4 5HX · Tel: 0330 043 2464 · firstname.lastname@example.org