The consequences of a successful cyber attack can be ruinous for businesses.
- loss of business, for example during a denial of service attack;
- damage to your reputation; and
- loss of sensitive company information and assets, including cash;
- fines of up to €20 million or 4% of global turnover (whichever is the higher), prosecution and claims for damages from customers.
The General Data Protection Regulation (“GDPR”) has ‘raised the bar’ in terms of the legal requirements for protecting data. Cyber attacks are a threat to businesses’ ability to comply with the requirements of GDPR.
We can help you ensure you are GDPR compliant and we can help to minimise the damage caused by a cyber attack. There are many things that can be done to avoid cyber attacks in the first place. Here are some of them.
- Keep your operating system up to date. Make sure the operating system your business uses (e.g. Microsoft Windows) is up to date with the most recent patches having been installed. If your operating system is too old to be supported by updates then upgrade your operating system as a matter of urgency.
- Ensure your anti-virus software is kept up to date with the most recent upgrades available.
- Keep your IT systems clear of any old and unused software.
- Ensure that you have an organised and consistent approach to IT security particularly in larger organisations, so that you can avoid having unnecessary vulnerability in your IT security. GDPR places legal obligations on businesses to do this.
- Ensure you have a robust system of backing up your data. Back ups should be isolated from your main IT set up so that it has standalone integrity and will not be vulnerable to attacks on your main system. One type of ransomware, a worm, searches out different areas to attack once installed on to a system. Therefore if your back up system is not isolated, it can be attacked by the same ransomware and will be useless to you.
- Test your back ups on a regular basis as part of a wider business continuity plan. Rehearse scenarios where you are likely to need to call upon your back up data. These rehearsals should take into account any reliance you have on external providers who may themselves be targeted by cyber attack. What would you do if you were without that particular provider?
- Watch out for malicious insiders. If employees have the ability to cause severe damage and disruption to your IT system, consider using internal monitoring software.
- Watch out for careless insiders. Careless employees are often the main source of cyber attacks. Train staff not to open suspicious attachments and to avoid giving away information which could be used by criminals to launch attacks.
- Treat cyber security as a board level priority. Remind yourself that your business is a continuous target to cyber criminals and that an attack at some point is inevitable.
- Consider cyber insurance to cover potential losses from a cyber attack and to fund the cost of repairing and mitigating any damage.
DMH Stallard has a dedicated team of cyber crime and data protection specialists who can advise on this and other related matters. For more information contact Robert Ganpatsingh.