It is a well-known fact that cybercrime is on the rise, but more focus should be given to the underlying factors. A cyber-attack can have devastating effects on businesses and, as is so often the case in many aspects of business, prevention is better than cure. Here are three recommendations from us as to how you can do more to protect sensitive data from an attack.
- Know Your Data
Hackers are constantly attempting to obtain huge volumes of personal data. They stand to profit handsomely when they get it. The starting point for any business has to be a full understanding of all of the types and locations of data that it holds and how it is processed. This is especially important in organisations which have many staff performing diverse tasks. Staff may be processing data in entirely different ways. Knowing how your business stores and processes sensitive personal data is even more important.
According to the Information Commissioner’s Office (ICO), there has been an 18% increase in Personally Identifiable Information (PII) incidents in the past three months. Considering that the implementation of the new General Data Protection Regulation (“GDPR”) is just around the corner, this is bad news for those businesses which process large amounts of data. So this should serve as a helpful reminder to ensure that in the next few months you are identifying and protecting all data to the standards required by the new GDPR.
- Protecting Data on the Move
An increasingly mobile workforce means many associated challenges. Data is quite often carried around or even stored outside of the office, which increases the risk of theft or accidental loss. The ICO’s research also states that loss or theft of paperwork and unencrypted devices were two of the top causes of breaches in 2015/16.
- Have a Solid Protection Plan
Well trained staff and tried and tested control processes will make organisations a less attractive and tougher target for hackers. Businesses should have a solid plan that helps mitigate data breaches and should consider the following:
- A comprehensive audit of all data held;
- Ensure that personal data is stored and processed safely and securely;
- An awareness programme for employees that highlights potential risks, including extending policies to contractors;
- Create and implement strict remote working policies and processes;
- Ensure IT teams continually monitor IT systems and implement advanced security measures at various levels of the network, including gateway and server levels.
If you want to know more about your responsibilities under the GDPR or if you are subjected to a data breach or cyber-attack, contact DMH Stallard to see how we can help.