Keep IT as secure as NHS visitors
I respect the optimism of Professor Mark Skilton, who wants a “global cyber police force” (News, Issue 502, page 6) following the Wannacry hack, but it will never happen. Can anyone seriously imagine Israel sharing security details with Iran? Or North Korea with South Korea? OK, so President Trump seems relaxed about the Russians knowing what the US is up to, but that will stop once sanity returns to the White House.
Instead, companies and organisations must realise that protecting their computer systems is just as vital as protecting their buildings. The NHS is a good example. My daughter has just given birth, so I’ve spent some time recently in a local maternity ward. Every effort is made by the hospital to keep patients safe. You can’t go up to the ward in the lift, and you have to be buzzed in by the nurses. They are strict about this, and rightly so, after the baby-snatching scandals of past years.
But it seems that the same rigour isn’t applied to IT security at the NHS. I suspect that to the people in charge of money and PR, the threat of being hacked feels more abstract than baby snatching. They wouldn’t admit it, but subconsciously they probably take it less seriously. That will hopefully change after the hack.
What’s needed is a joined-up effort to make NHS staff as disciplined about IT security as they are about who goes where in hospitals. They need to realise that opening a dodgy email carries the same risk as letting anyone on to maternity wards. More money may be needed, and they should certainly move on from XP. But a change in attitude is more urgently called for.