Cyber attacks - a matter of 'when', not 'if': limit your risks and exposure

30 Nov 2018

As we mention previously in our Cyber Monday article, cyber attacks can have a devastating impact on a business’ operation and reputation. A skilled attack could bring down IT systems for hours or even days and cause significant disruption and revenue losses, as well as requiring substantial resources to fix the problem and alert  - and reassure - customers. The attack that shut down parts of the NHS in 2017 is a good example of what could happen if an organisation doesn’t keep its operating systems up to date; the number of attacks on organisations has been increasing, and experts make clear that a cyber attack is more a matter of when, not if.

The fact that the National Cyber Security Centre (NCSC) has defended the UK from over 10 cyber attacks per week since it was created two years ago speaks volumes. It’s impossible to guarantee that cyber attacks can be prevented, therefore it is even more important that businesses do all they can to reduce their exposure and risks to cyber attacks.

We recommend that you review the terms of your contracts with any service providers to ensure that the service levels are adequate and meet your business needs. For example:

  • Mistakes: Check the extent to which your service providers bear liability for their own mistakes and for the intentional malicious acts of their own employees.
  • Cyber attacks: consider the scope of your service provider’s responsibilities in the event of emergencies.

Here are a few more tips about what to include in your internal cyber security policy in order to mitigate the impact of cyber attacks:

  • User access control: maintain a cyber policy that limits which employees can execute commands. This will limit the risk of having malicious software accidentally installed by untrained staff.
  • Password policy: train your staff to keep strong passwords.
  • Firewalls and internet gateways: good network perimeter defences will detect and block executable downloads, block access to known malicious domains and prevent your computers from communicating directly with the internet. Ensure that your computers have firewalls and software undertaking web filtering and content checking.
  • Whitelisting and execution control: ensure that software cannot run or install itself anywhere on the system, including USB or CD drives.
  • Secure configuration: limit the operating system, applications and functionality of every device. This will avoid the exploitation of vulnerabilities of unused applications and will help you find malicious codes more quickly in case of an attack.
  • Regular staff training: ensure everyone is up to speed on basic cyber security knowhow.

DMH Stallard is part of the SME Cyber Alliance alongside PAV i.t and Sutton Winson. Together we offer expert legal advice, IT support and insurance protection to provide a personal, effective and fast response to cybercrime. If you would like to have a chat about how your business can protect itself better from cyber attacks, review your contracts, or if you were the victim of an attack, please do get in touch with Robert Ganpatsingh on 01273 744213.

(Written by Beatrice Bass) 

Further reading

What’s the state of Employment Status?

Blog, News & PR
Rebecca Thornley-Gibson highlights the challenges faced by businesses who struggle to determine employment status and the impact this has on innovative operating models
Read more Read

Employer's question: how to effectively deal with stress related sickness in lockdown

There are a variety of contributing factors caused by the pandemic that have seen a rise in stress related claims at work, but how can employers deal with this more effectively?
Read more Read

Use of statutory demand to make company insolvent suspended until June

Blog, Legal Updates
Cheraine Williams looks at more temporary Covid-driven measures that will protect businesses and tenants from possible legal action
Read more Read

New guidance issued for valuation of flats and investigating fire safety

Blog, Legal Updates
Cheraine Williams looks a the current situation facing leaseholders looking to sell or re-finance their property; will new guidance provide clarity?
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch