Security

The MLCSU Cybersecurity team takes a proactive approach in the prevention of potential threats, utilising experienced subject matter experts to deliver best practice guidance across an array of security monitoring systems.  A wholistic approach is undertaken across all IT aspects fostering a ‘Secure by design’ ethic.

The team lead on all Information Security matters, working alongside other functions within the CSU to ensure that the organisation complies with legislation and national guidance in relation to the access and use of all digital applications and initiatives. We contribute to and advise on the strategic development and implementation of effective systems and processes to support the deployment and operation of systems.

The team supports customers with all aspects of audit compliance, information security governance matters, support and guidance. Providing quality and excellence is at the heart of the function.

Managing the Cyber-threat landscape

Yesterday’s update is no longer defensive and tomorrow’s threat already exists.

The cyber-threat landscape continuously evolves which adds a challenge in protecting us from existing and emerging threats. The MLCSU Cybersecurity team actively seek to mitigate and remediate cyber-threats through a number of workstreams:

  • Automatic alerts: threat detection
    • Network detection and response (NDR)
  • CareCERT Management
  • Practicing good security standards:
    • Annual Cyber Essentials (and Plus) fulfilment
    • Annual Data Security and Protection Toolkit submission
  • Authorship of IT and Cybersecurity policies and standards
  • Penetration testing and vulnerability management
  • Cybersecurity led communication campaigns
  • Reporting standards
  • Phishing simulations

One click, to rule them all…

95% of known cyber-attacks are caused by human error; predominately in the form of phishing.

Phishing requires little to no technical sophistication it relies on socially engineering a user to: click on a link, open an attachment or respond with sensitive information.

Just that one interaction i.e., clicking on the link, is all what the threat-actor needs to get the ‘payload rolling’.

Strength in numbers, power with partnerships

Our cyber security team have attained exclusive membership with industry-wide and community-led security groups that provide early threat intelligence, knowledge-sharing and opportunities for professional development. Groups and networks listed below:

  • Cyber Associates Network (CAN)
  • Cheshire and Merseyside Health and Care Partnership | Cybersecurity Group
  • NHS National Security Group
  • Warning, Advice and Reporting Point (WARP)

Staff training is an important line of defence

We have developed a NCSC accredited end-user cyber security awareness course ‘CyberStrong’ to increase staff awareness and embed an effective cyber security culture throughout our supply chain and customers. Training is available as online (including ESR e-learning), remote learning and classroom based.

MLCSU are the first NHS organisation to be accredited by Government Communications Headquarters (GCHQ)

(Accrediting organisation has changed to NCSC)

Our robust, proactive approach to cyber security ensures peace of mind for individuals and organisations. Our team’s contribution to managing the WannaCry attack in May 2017 was recognised by a Special Commendation Team Award from South Cheshire and Vale Royal CCG’s.

Our Cyber Security Team are so highly thought of; they now sit on the NHS National Security Group – the industry-wide voice of expertise for major, scalable incidents.

Further Information

For training, please email: MLCSU IT Training Team mlcsu.ittrainingteam@nhs.net

For general cybersecurity enquiries, please email: MLCSU Cybersecurity mlcsu.cybersecurity@nhs.net