Staff Training/Data & technology

Cyber Security training

This training covers how to protect our computer systems, data and the people we support from cyber threats. You will learn our security procedures, how to recognise risks like phishing and viruses, and your responsibilities under data protection law. Cyber security is everyone's responsibility and protects both our service users and our organisation.

Annual For your care team
CareStreamAI Cyber Security training

A clear, practical grounding in cyber security.

This training covers how to protect our computer systems, data and the people we support from cyber threats. You will learn our security procedures, how to recognise risks like phishing and viruses, and your responsibilities under data protection law. Cyber security is everyone's responsibility and protects both our service users and our organisation.

By the end, your staff will be able to:

Identify common cyber security threats including phishing, viruses and unauthorised access
Apply our password and access control procedures correctly in daily work
Explain your responsibilities under data protection law when using computer systems
Recognise security breaches and know the correct reporting procedure
Describe safe practices for using email, internet and external storage devices

A closer look at the cyber security module.

The module is built in short, practical sections. Each one teaches a part of the topic, then applies it to a real care scenario and checks understanding before moving on.

01

Understanding Cyber Security Risks

Cyber security means protecting our computer systems and the personal information we hold from theft, damage or unauthorised access. Our service holds sensitive personal data about the people we support, including health information about children in some cases. A security breach could harm the people we support and result in heavy fines from the Information Commissioner's Office. Common threats include viruses, phishing emails, hacking attempts and theft of devices or storage media.

CareStreamAI Cyber Security training: Understanding Cyber Security Risks
02

Password Security and Access Control

You must use passwords at all times and change them regularly. Passwords must be at least eight characters including numbers, letters, both upper and lower case, and at least one symbol. Never choose obvious passwords like names or dates. Keep all passwords completely confidential and never share them with colleagues or anyone outside our service. Always close password protected sites when finished and switch off computers. Never leave a computer open and unattended.

CareStreamAI Cyber Security training: Password Security and Access Control
03

Levels of Access and Authorisation

You are only permitted to access parts of the computer system you need for your normal duties. Your line manager and the data security officer decide your access level. This ensures consistency and protects sensitive information. If you need temporary access to something outside your normal level, this requires written authorisation from your line manager, the data security officer and where appropriate the data protection officer. A written record must be kept and the temporary access cancelled when no longer needed.

CareStreamAI Cyber Security training: Levels of Access and Authorisation
04

Safe Use of Email and Internet

All incoming emails are monitored and scanned for viruses before reaching you. You may access the internet but certain sites are blocked. Attempting to bypass these restrictions is a disciplinary offence. Never send abusive, rude or defamatory messages about people or organisations via email or post them on websites. Do not use the system for private work or playing games. Be cautious with unexpected emails, especially those with attachments or links, even if they appear to come from someone you know.

CareStreamAI Cyber Security training: Safe Use of Email and Internet
05

External Software and Storage Devices

All software used in our service must be formally authorised by the data security officer. No external software may be used without authorisation from both the data security officer and your line manager. CDs and DVDs from external sources must be checked for viruses by the IT department before use. Keep all CDs and DVDs in a secure place. The Information Commissioner's Office has imposed heavy fines on organisations after loss of CDs and DVDs containing sensitive personal data.

CareStreamAI Cyber Security training: External Software and Storage Devices
06

Recognising and Reporting Security Breaches

Misuse of computers is a serious disciplinary offence and may be gross misconduct. Examples include fraud, system sabotage, introducing viruses, using unauthorised software, obtaining unauthorised access, breaches of data protection law, and hacking. All security breaches must be reported to the relevant director or managing director. Serious breaches must be reported to the Information Commissioner's Office within 72 hours. If you suspect a colleague is abusing the computer system, you may speak in confidence to the HR manager.

CareStreamAI Cyber Security training: Recognising and Reporting Security Breaches

The things your team must remember.

  • Keep all passwords confidential, use strong passwords with at least eight characters including numbers, letters, upper and lower case and symbols, and never share them with anyone
  • Only access parts of the computer system you need for your normal duties and never try to bypass access restrictions
  • All external software, CDs, DVDs and USB sticks must be checked by IT before use to prevent viruses
  • Report all security breaches immediately to your line manager or the relevant director, and serious breaches must reach the ICO within 72 hours
  • Never leave computers unattended while logged in, always close password protected sites when finished and switch off computers
  • Be alert to phishing emails and suspicious messages, and report them rather than clicking links or providing information

Who and how often

Cyber Security is refreshed every year, for the staff in your care setting whose roles require it.

CQC and standards

Supports the training evidence CQC expects to see for a well-run, safe care setting.

Not a slideshow once a year. Training that sticks.

CareStream delivers cyber security training in the hub your team already uses, grounded in best practice and your own policies, so it fits your care setting and not a generic template.

Teach, then assess

Short teaching sections and a real care scenario, then an assessment that checks understanding.

In any language

Staff complete it in over 60 languages, while your records stay in English.

Learn and retry

A wrong answer triggers a short follow-up lesson and a fresh question, so the gap is closed.

Renewals handled

Automatic reminders at 90, 30 and 7 days, with a live compliance dashboard.

Frequently asked questions.

Give your team cyber security training that actually sticks.

See how CareStream delivers your mandatory training in the hub, in any language.