Cyber attacks – what can you do?
16th May 2017
The recent wave of cyber attacks has hit private and public sector organisations in the UK and across the world.
Large organisations and SMEs can take practical steps to protect themselves and their systems from attack.
The UK National Cyber Security Centre informs us that 81% of large companies report they have suffered security breaches, with the average cost of a security breach being £600,000 to £1.15m.
In cyberspace it is difficult to know who is next going to attack you, so you should make sure your cyber defences are robust and up to date.
I run a large organisation – how can we protect it?
There are three key steps which large organisations can take against potential cyber attacks:
- Keep your organisation’s cyber security up to date. This includes updating the system’s software security patches on a regular basis as updates are issued. You should also make sure that all of your software is “supported”. By this we mean you have a support and maintenance package which will keep the security of the software up to date.
- Use proper anti-virus software services and ensure you have the latest version with any updates.
- Regularly back up data which is crucial to you and your organisation.
I run a small business – how can I protect it?
Small businesses and individual users face a similar challenge to large organisations but are unlikely to have the same level of systems or dedicated staff. As a result, small businesses are advised to carry out the following actions:
- Run Windows Update.
- Ensure your anti-virus software is up to date and run a scan on your system. If you do not have an anti-virus scanning system fitted, free trial versions are available but you should ensure that the vendor is reputable.
- If you do not already do so, you should ensure that you back up your important data so that cyber criminals cannot hold you to ransom for its return
What about my staff?
It is important to remember that data security is not just a technical issue: people are often the weakest link.
Lots of breaches happen because individual employees download unauthorised files, fail to use strong passwords, don’t reset admin passwords and don’t understand the consequences of their actions.
Making sure your staff are well trained and aware of cybersecurity and data protection issues is critical in any cyber security programme.
My business hasn’t been affected – do I still have to take action?
It is important to stress that the wave of cyber attacks reported at the end of last week may be followed by further related incidents. In any event, cyber attacks are a continuing threat and even if you have not been affected by this incident, if you do not take the right measures, it could easily be you next.
As a result, it would be a mistake for businesses and organisations who have not been hit to think they may be safe.
What happens if my business is affected?
In addition to the potential for direct damage to a business, companies could face fines if they have been negligent in keeping their cyber security up to date.
The 7th Principle of the Data Protection Act requires you to put in place technical and organisational security measures to prevent unlawful or unauthorised access to the data you hold.
Companies and organisations which fail to do so and which fail to protect customer or user data as a result leave themselves open to potentially sizeable fines from the Information Commissioner’s Office (ICO) in the event of a data security breach.
The ICO has issued more than 60 fines under the Data Protection Act with the vast majority of these for data security breaches, such as the £400,000 fine issued to Talk Talk after the details of thousands of customers were unlawfully accessed.
How can Ward Hadaway help?
We can help you to understand your data risks and vulnerabilities and can assist you to avoid enforcement action from the ICO.
Where you are already involved with the ICO, we can help you navigate the tricky process of dealing with them.
If you have a data protection issue which you need help with, please get in touch.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.