1. Your website is under constant attack fromboth within the UK and all around the world. Some nine out of ten login attempts to eCommerce websites are likely to be hacking attempts.
2. You must assume you will at some point be hackedhowever careful you are. Being careful obviously reduces the risk of this happening. When you are hacked you need to have everything in place to get back up and running quickly. i.e., accessible up to date back-ups.
3. Losing data through hacking is a Data Breach. If serious the breach must be reported to the Information Commissioners Office. Repeated breaches would indicate to the ICO that you are not acting properly and lead to trouble and potential fines.
4. Businesses are temptednot to report breaches to the ICO despite the legal obligation to do so. Employees are even less likely to inform their employer of breaches they have caused.  You must impress on employees the importance of proper reporting or the consequences for your business could be very bad if you do not follow the rules. The ICO could fine you and your clients could sue you.
5. Employees should be trained to regularly change passwords. Every three months is recommended. However, this must be done with some thought. Changing in accordance with a four-part connected sequence is not wise. Changing Winter24 to Spring24 and then Summer24 is never a good plan.
6. Be careful what information you put on your social media.Serious hackers will look at this for a source of information to break passwords and find memorable information. Examples are your Mother’s maiden name (see your uncles full names), your date of birth, your favourite football team, your pet’s name. Better to use random letters as passwords.
7. The most used passwordsare still 123456 and password- yes really.
8. Employeescan be the weakest link. Some will learn about security. A minority could be malicious and intentionally cause trouble especially if leaving. Make sure former employees are instantly deleted from the systems once they go. We often hear of people logging in months after they leave.
9. Training staff is essential. Most employees have no bad intent but just get lazy or make a mistake such as clicking a dodgy link that has bad consequences. Training employees is therefore key so they know what they should and should not do. Going forwards monitoring is needed so they do not slip into bad habits.
10. Ensure that staff only have access to whatdata they need to do their work. In the past often everyone could access everything. However, the more people see more data the greater the risk of a breach. You should work out what an individual employee needs to see then limit them to that. Most modern programmes enable employees access to be limited in this way so take advantage of this.

Copyright Barkley Legal 2023.

This document is for the internal use of the business or organisation that downloads it only. You must not infringe the intellectual property rights in it or use, copy or reproduce the document or part of it for profit or gain. You must not transfer or sell the document to any third parties who are not part of your business or organisation whether for payment or otherwise. 

The document is for guidance and is not legal advice because the application of laws depends upon the specific facts of each individual circumstance.