Password protecting your practice’s computers aims to prevent unauthorised users from accessing your data. Encryption products that require a password before allowing your computer to boot will also protect your IT systems from unauthorised use. Some systems may also allow an additional level of security through two-factor authentication.
Ensure that password protection and any built-in encryption systems are switched on and configured for all your IT equipment.
• Encryption products can be retrospectively installed if your systems are not currently protected by them.
Ensure that your computer systems automatically lock if they are unused for a set amount of time, with a password required to unlock them.
Encourage staff to lock their workstation whenever they leave it unattended.
Encourage staff to avoid predictable passwords and to keep them secure.
• There are various approaches to setting strong passwords e.g. three random words. The National Cyber Security Centre has some useful advice on how to choose non-predictable passwords [1]
• An online password manager [2] can create and store passwords which are then accessed via a 'master' password.
Restrict the access of users to the systems required for their role only.
Change all default passwords on new pieces of equipment before distributing to staff.