Cyber security - are you safe from an attack?
Cyber attacks affect nearly every organisation with attackers attempting to steal information, data and money causing no end of disruption, not only to day-to-day operations but also to long term reputation and stability. The latest high profile attack saw almost 157,000 customer records hacked from telecoms giant TalkTalk, including 15,000 who also had their bank account and sort codes hacked.
With recent headlines also hailing the impending threat of three-year old hackers, how prepared is your business, how protected is your data and how compliant are you?
Recent research produced by Cyber Streetwise and KPMG shows that 68 per cent of companies in the South East think there will be more cyber attacks in 2016 compared with 2015, but 56 per cent believe it’s unlikely or very unlikely that they’d be a target for an attack. Only 38 per cent said they feel “completely prepared for a cyber security issue”. Research by The Department for Business, Innovation and Skills found that 90% of large and 74% of small organisations suffered some sort of cyber security breach in 2014.
What is cyber security?
Cyber security is about protecting your computer-based equipment, systems, information and data from unintended and/or unauthorised access leading to change, theft and/or destruction.
By adopting good cyber security practices, you can:
protect your assets, your reputation and your customers
save money through adopting an efficient risk management approach
gain competitive advantage by taking security seriously
What steps can I take to protect my business?
By taking simple steps and practicing best behaviours you can reduce the risk of online threats to your business and protect vital information:
Passwords – implement a policy that promotes good password practice including the use of lower and upper case letters, numbers and symbols, with a periodic password reset rule programmed into your IT infrastructure. Also ensure that default passwords to software and hardware applications are changed to more complex passwords.
Emails – delete emails which appear to be suspicious as they may contain fraudulent requests for information or links to viruses.
Remote working – ensure that sensitive data is encrypted when stored or transmitted online so that only authorised users can access the data.
Removable media – restrict the use of removable media such as USB drives, CDs, DVDs and memory cards. In addition, protect any data stored on such media to prevent breaches.
Privileges – manage user privileges so that staff only have access to the information and parts of the IT system they need.
Updates – download software updates, including those to web browsers, as soon as they are available. They contain vital security upgrades that keep your devices and business information safe. Go one step further and ensure that automatic updates are pushed to your devices as soon as they are available.
Sotware – install anti-virus software on all of your devices to help prevent infection. This software helps to keep your computers, tablets and smartphones free from infections caused by viruses or malware.
Security – use firewalls, proxies, access lists and other measures to protect your networks, including wireless networks, against external attacks.
Training – make your staff aware of cyber security threats and how to deal with them through regular training sessions. Your people play an important role in keeping your business safe.
For further guidance on protecting yourself from a cyber attack, download the Government’s guide: What you need to know about cyber security.
Businesses are encouraged to risk assess their vulnerability and put adequate measures in place to prevent an attack and protect valuable data, not only their own, but that of their customers too. It’s important to recognise your obligations when handling and storing customer data to not only ensure it is kept securely, but to also comply with the principles of the Data Protection Act 1998. Our highly experienced team is on hand to help should you need any guidance in understanding your obligations.
For more information on cyber security and data protection, please contact Debbie Venn, Partner and Head of Technology, Media and Telecommunications.
Published: 11 Mar 2016