Businesses deploy locks, bolts, keys and alarm systems to guard against intruders, so why leave the door ajar for attackers in the digital world and run the risk of being crippled both commercially and financially. Here Allott and Associates explains why companies should consider whether their cyber protection is sufficiently robust.
Robust cyber security is as crucial as physical defences for safeguarding business operations. The odds of a firm suffering a data breach are one in four. These relatively short odds for potential large-scale disruption means businesses should have a strong plan in place to keep the digital enemy at bay as well as a contingency strategy for dealing with data that is compromised.
Successfully breaching a company’s defences could lead to the embarrassing theft of company secrets or, if personal data is involved, a massive fine if the authorities consider that the safeguards in place were inadequate and the response did not follow regulatory guidelines.
Recently a Jisc test of UK university defences against cyber-attacks found that one of the most effective approaches was so-called “spear fishing”. This is where an email might appear to be from someone you know or a trusted source but is really a way of concealing an attack, such as downloading “malware”.
Employees should be cognisant of phishing email scams that may put the firm at risk of monetary loss, be taught to update their antivirus software, not use commonly-predicted passwords and not log into email accounts while on public WIFI.
Consider testing your workforce with a controlled phishing campaign, look at face-to-face or eLearning user awareness training, know what to do if you think you have been attacked, monitor your own IT against the cyber threat. One in three of all employees can be identified as an ‘insider’ threat, the key is to differentiate between ‘accidental’ and ‘deliberate’.
End-to-end security and engaging an IT specialist should be in the mind when devising a strategy to minimise the possibility of interference, tampering or hijacking of data. Other steps firms can take to strengthen cyber security is by training their employees on basic data security protocols.
According to the Breach Level Index (BLI), globally over nine billion data records have been lost or stolen in the past five years. Business do not want to sleep-walk into a multi-million-pound nightmare if they fail to comply with European Union regulations governing the use of personal data.
The EU’s General Data Processing Regulation (GDPR) is considered an additional weapon in the fight against cyber-crime. It will remain UK law whatever the outcome of Brexit. For the first time companies have new security obligations when processing and storing the data they hold, whether for employment purposes, suppliers, customers or potential customers.
Allotts is a GDPR specialist and we recommend that organisations should appoint a Data Protection Officer (DPO) who is savvy with the EU regulation as part of a plan for protection against a cyber-attack, accidental loss of data, damage or destruction. In the UK firms will have just 72 hours to notify the ICO of a data breach and what is being done to rectify the situation or face potentially crippling penalties, which could even result in the operations of a company being suspended.
Allotts can help businesses meet their ongoing legal requirement for GDPR. We can guide your organisation through data protection obligations, provide GAP analysis as well as ongoing data protection monitoring to ensure you stay legal and compliant.
Cyber attackers are becoming more sophisticated in their efforts to breach security measures and gain access to a firm’s data bank. Backing up data, preferably remotely as well as on-site, should be part of a defence strategy and can help your company recover from hardware failure or data corruption or loss.
Vigilance is the key to combating attacks on security systems – the cyber threat is going to be a never-ending battle – the more we are working remotely, the greater the opportunity for the bad guys to find a way to hack and access data with the potential for draconian economic losses.
