Cyber attacks - a matter of 'when', not 'if': limit your risks and exposure

30 Nov 2018

As we mention previously in our Cyber Monday article, cyber attacks can have a devastating impact on a business’ operation and reputation. A skilled attack could bring down IT systems for hours or even days and cause significant disruption and revenue losses, as well as requiring substantial resources to fix the problem and alert  - and reassure - customers. The attack that shut down parts of the NHS in 2017 is a good example of what could happen if an organisation doesn’t keep its operating systems up to date; the number of attacks on organisations has been increasing, and experts make clear that a cyber attack is more a matter of when, not if.

The fact that the National Cyber Security Centre (NCSC) has defended the UK from over 10 cyber attacks per week since it was created two years ago speaks volumes. It’s impossible to guarantee that cyber attacks can be prevented, therefore it is even more important that businesses do all they can to reduce their exposure and risks to cyber attacks.

We recommend that you review the terms of your contracts with any service providers to ensure that the service levels are adequate and meet your business needs. For example:

  • Mistakes: Check the extent to which your service providers bear liability for their own mistakes and for the intentional malicious acts of their own employees.
  • Cyber attacks: consider the scope of your service provider’s responsibilities in the event of emergencies.

Here are a few more tips about what to include in your internal cyber security policy in order to mitigate the impact of cyber attacks:

  • User access control: maintain a cyber policy that limits which employees can execute commands. This will limit the risk of having malicious software accidentally installed by untrained staff.
  • Password policy: train your staff to keep strong passwords.
  • Firewalls and internet gateways: good network perimeter defences will detect and block executable downloads, block access to known malicious domains and prevent your computers from communicating directly with the internet. Ensure that your computers have firewalls and software undertaking web filtering and content checking.
  • Whitelisting and execution control: ensure that software cannot run or install itself anywhere on the system, including USB or CD drives.
  • Secure configuration: limit the operating system, applications and functionality of every device. This will avoid the exploitation of vulnerabilities of unused applications and will help you find malicious codes more quickly in case of an attack.
  • Regular staff training: ensure everyone is up to speed on basic cyber security knowhow.

DMH Stallard is part of the SME Cyber Alliance alongside PAV i.t and Sutton Winson. Together we offer expert legal advice, IT support and insurance protection to provide a personal, effective and fast response to cybercrime. If you would like to have a chat about how your business can protect itself better from cyber attacks, review your contracts, or if you were the victim of an attack, please do get in touch with Robert Ganpatsingh on 01273 744213.

(Written by Beatrice Bass) 

Further reading

CMA fines pharmaceutical company more than £100m

Drug pricing policies under scrutiny as CMA comes down hard on inflated prices and supernormal profits
Read more Read

5 data protection changes to be aware of

Commercial law specialist Liz Gillingham provides a summary of recent developments in data protection law
Read more Read

Destination: office?

Blog, News & PR
Emily Wood considers the results of our recent survey and the implications for the future of the post-pandemic workplace
Read more Read

Commercial lease renewals and pandemic clauses

Will commercial reality trump the law when leases are up for renewal? Property expert James Picknell takes a look
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch