Cyber-crime is on the increase.

The ability to respond is poor. It is something that businesses should take all possible steps to avoid . However the list of large businesses ,with all the resources available to them, that have been hacked just keeps growing. Victims or those who have been careless depending on how you look at it, include such famous names as British Airways, Quora, Vision Direct, Marriott Hotels, Cathay Pacific and the Carphone Warehouse.

In Surveys some two thirds of people will not do business with an organisation after it has suffered a data  breach relating to financial or sensitive information.

 Basic steps any business can take includes :

1. Train staff about being careful and not falling for phishing.
2. Have a system to regularly change Passwords.
3. Help staff use proper Passwords that stand a chance of staying unbreakable.
4. Keep Software up to date.

In the year to April 2018 some 4 in 10 businesses had been subject to a cyber attack or breach , For larger businesses the figure rose to 72%. Bear in mind that large businesses are deemed more likely to identify a cyber attack than a small business so the figure of those attacked is probably higher. Even two in ten charities were attacked.

The Most Common Cyber Attacks

1. Fraudulent Emails– these intended to induce the recipient to reveal their Password or financial information or get a dodgy attachment opened
2. Cyber criminals impersonating an organisation online . This could include your bank or an eCommerce site where you enter all your card details. TV licensing is currently popular.
3. Malware and viruses

Cyber Security needs to be high priority for senior management due to the potential commercial and reputational damage that a cyber attack could do to a business. Would you continue to do business with an organisation that could hand over your details however unwittingly. Many would not and do not.

GDPR and Cyber-crime

These go together. Under GDPR a business must keep an individual’s personal data safe . It must provide appropriate security including ‘ against unauthorized or unlawful processing and against accidental loss, destruction or damage’

If such Data is lost due to Cyber-crime the Business must prove it had ‘appropriate security’ or it will be fined for  a breach under GDPR. It is accepted that no system is 100% safe and that cyber criminals will always find another way to attack and obtain information. However the business must show it took reasonable steps to provide security otherwise they will be facing a fine in addition to the commercial consequences.

For advice contact us now.anne@barkleylegal.co.uk