Now, legislation is beginning to take notice of the importance of cyber security and, as such, is laying a greater responsibility on businesses to keep their customers’ data safe.
The General Data Protection Regulation (GDPR) is the latest law to do this and is redefining how data is gathered, managed and used across Europe.
With that in mind, our experts have put together seven cyber security strategy mistakes that could leave you liable.
As businesses, we are used to protecting our physical assets, whether they be computers or stationary. When we leave the office at night we protect against burglary by locking the door and we don’t just hand the keys out randomly. And why do we do this? Because these assets have value.
Seems obvious, right?
Maybe, but many businesses fail to provide the same security to their digital assets. The information stored on a hard drive has just as much – if not more – value, as evidenced by the fact that cyber crime cost the UK economy £10.9billion in 2015/16, with SMEs losing an average of £3,000 per cyber attack.
Ensuring your data is stored securely comes down to more than setting a password. In fact, it includes all of the following…
Data is worth its (digital) weight in gold to your company, and like gold, you want it in a single, secure location, not spread haphazardly across your entire organisation.
The first step to storing your data safely is conducting an audit of where you keep your information. You may find that different departments or employees use different methods or programmes for storage.
If that is the case, pick a single storage system, such as a piece of cloud-based software, and transfer your existing data to it. Be careful to delete the data from its original location though, as you don’t want to accidentally sell a computer full of client information on eBay, as the NHS did in 2013.
Using a password to protect your database is the first line of defence in cyber security, but it is up to you to make sure it will not be broken by the gentlest of pushes. For optimum security, choose a password that is difficult to guess (including lowercase, uppercase, numeric, and special characters).
Sadly though, this advice is rarely heeded, with “123456” and “password” retaining their top spots as the most used passwords of 2017. An honourable mention for “starwars” also, which broke into SplashData’s list of most used passwords at number 16.
The job is not done once you have your password though; you also need to make sure you are changing it regularly, instead of being one of the 21% of people who haven’t changed their password in more than ten years.
A data breach can send your systems into meltdown, corrupting or deleting data in a heartbeat. Without backing up, you stand to lose all this precious information, which will not only damage your business but also get you in trouble with data protection supervisory authorities such as the Information Commissioner’s Office (ICO).
Be honest though – when did you last take the time to backup your files? And if you have, have you checked that you can restore those files properly?
We’ve all been there; minutes until you have to hand in that report or give that presentation, and a little notification pops up in the corner of your computer screen asking if you want to install a software update…
Of course not!
Updates aren’t all about making annoying changes to a menu function you just got used to, they are key to ensuring you don’t fall victim to a cyber attack.
It is imperative then that you take the time to update your computer software, as shown by 2017’s WannaCry ransomware attacks, which impacted an older edition of the Windows operating system.
In the same way that skipping software updates can have huge consequences, forgetting to scan your computers for malware can be disastrous. Having a system in place to regularly scan all of your computers is vital to immediately identifying malware that may lead to a data breach.
Malware is software with the sole purpose of damaging, disrupting or gaining access to your computer, and it can infect your computer or network through something as simple as a trojan email.
According to PandaLabs, in the third quarter of 2016, 18 million new malware samples were captured. When there are such a huge number of threats, regularly scanning your devices for malware is a must.
With any luck, your business will not be the victim of a cyber attack, but with 46% of all UK businesses suffering at least one breach or attack in the last year, you need to know your next step.
Unlike the current Data Protection Act (DPA) GDPR makes reporting data breaches that risk damaging people’s rights and freedoms to your supervisory authority a legal requirement. Furthermore, it states that businesses must notify their supervisor within 72 hours with the following information:
- The nature of the breach
- The approximate number of data subjects affected
- The data protection contact at your organisation
- A description of the likely consequences of the breach
- Any measures already taken to mitigate the effects of the breach
Supervisory authorities vary depending on where your company is based and which European companies you do business in, so make sure you take some time to identify yours.
Keeping your data safe from cyber attacks is a key aspect of GDPR compliance, but it isn’t the only one. Changes to consent, privacy policies and data requests will all have a significant impact on your business’s marketing strategy. And, with GDPR coming in May 2018, the sooner you get compliant, the better.