Skip to the content

The consequences of a cyber attack were brought into sharp focus last month, when numerous organisations around the world fell victim to a global ransomware attack.

Cyber attacks affect nearly every organisation, with attackers attempting to steal information, data and money causing no end of disruption to day-to-day operations, as well as reputation and stability.  Research produced by Cyber Streetwise and KPMG last year revealed that 68% of companies in the South East thought cyber attacks would increase, but 56% believed it’s unlikely or very unlikely that they’d be a target for an attack.

Apathy is dangerous - the fall-out from a cyber attack can be significant, including  disruption to business, reputational damage and action by regulators for failing to respond swiftly to deal with the consequences appropriately. Data protection rules or contract provisions may also have been breached, leading to potential damages being payable – which will be exacerbated with the introduction of the General Data Protection Regulation (GPDR) in 2018.

How can I protect my business?

Cyber security is about protecting your equipment, systems, information and data from unintended and/or unauthorised access leading to change, theft and/or destruction; protection should be considered from a remote access perspective, as well as protection of physical assets that would hold information and data. You can protect your assets, reputation and customers, manage risk and gain a competitive advantage by taking simple steps and practising best behaviours to reduce threats and protect vital information, such as:

  • Passwords – implement a policy that promotes good password practice (e.g. use lower and upper case, numbers and symbols, with a periodic reset rule).

  • Emails – delete emails which appear to be suspicious as they may contain fraudulent requests for information or links to viruses.

  • Remote working – ensure that sensitive data is encrypted when stored or transmitted online.

  • Removable media – restrict and encrypt the use of removable media such as USB drives, CDs, DVDs and memory cards.

  • Privileges – manage user privileges so that staff only have access to the information and parts of the IT system they need.

  • Updates – download software updates as and when available, as they contain vital security upgrades.

  • Software – install anti-virus software on all of your devices to help prevent infection.

  • Security – use firewalls, proxies, access lists and other measures to protect your networks, including wireless networks, against external attack.

  • Training – make your staff aware of cyber security threats and how to deal with them through regular training sessions.

Businesses are encouraged to risk assess their vulnerability and put adequate measures and policies in place to prevent an attack and protect valuable data, not only their own, but that of their customers too. It’s important to recognise your obligations when handling and storing customer data to ensure it is kept securely and you comply with the principles of the Data Protection Act 1998. New EU laws, including the GDPRs, are set to provide common standards for data protection across the EU, focusing on transparency of how personal data is collected, stored and used, as well as ensuring appropriate technical and organisational measures are in place to keep personal data secure..

Cyber-attacked - what do I do next?

We all know that prevention is the most effective way to reduce the risk of an attack, but sometimes even your best efforts will not stop a determined cyber-criminal.  If the worst happens, what should you do?

Actions to take:

  • Immediately protect your business from further attack

  • Investigate what happened, when, how, who was affected and what was lost, damaged or compromised

  • Notify the police at for all cyber-attacks and fraud

  • Notify under any insurance policy covering cyber-crime

  • Issue communications internally to relevant staff, suppliers, etc.

  • Consider and carefully put together an external communication to customers

  • Check affected contracts

  • Inform regulators and those affected (particularly any breach of obligations under GDPRs as from 25 May 2018)

  • Implement measures to prevent an attack

This article was published in the Travel Trade Gazette on 6 July 2017.

To start a conversation about how we can help you to get the outcome you want

Call us on +44 (0)345 521 4545 or send an email.