Last month saw six out of forty seven NHS trusts affected by a cyber-attack leaving them unable to access their IT networks and many hospitals and GP surgeries risking compliance with data protection laws by functioning with pens and paper.
Following the cyber-attack and with the implementation date for the General Data Protection Regulation (GDPR) fast approaching, businesses need to safeguard themselves against unauthorised access to data.
Many businesses are already likely to have experienced cyber-attacks, many will have done so without knowing; either way, there are steps businesses can and should take to minimise further business being disrupted by such an attack including:
Make sure all IT users have downloaded and applied the latest security updates and ant-virus software.
Many cyber-attacks rely on using “easy hack” passwords that are simple to guess. Businesses should ensure they have a policy in place to ensure passwords are complex and in no way obvious.
Viruses can be hidden in emails sent by an unknown source. Be cautious of opening unexpected emails and try to avoid opening any attachments that come with it.
Being able to revert your company’s system to a recent back up can minimise the impact a cyber-attack has. Regularly check the process and update your back up system.
If you outsource IT security, it is important to check the terms of the contract with your suppliers to see what the process is if losses are caused by a cyber-attack. It is important to know from the contract whether your supplier is obligated to keep your systems secure and install updates promptly for your business’ IT users automatically.
If you are part of a supply chain, you will need to consider what you promise to customers in terms of liability if their systems are compromised due to a cyber-attack on your company.
Many insurance policies now include cover for business disruption caused by cyber-attacks. If you do not have this coverage, you should seriously consider putting it in place.
If you have been affected by a cyber-attack or successfully fended one off, you may need to report that to the Information Commissioner’s Office (ICO).
How a business responds to a breach of security can have a lasting effect on team morale and the business’ reputation.
You should carefully consider how to communicate the incident to staff, customers and suppliers. Investing in training and including the staff in refresher sessions will help with facing future attacks and create a stronger understanding throughout the whole team.
With the GDPR coming into force from May 2018, it is now more important than ever to have sufficient protection to ensure a cyber attack will not unduly disrupt your business or cause you loss.
Failure to be proactive in this area could lead to a regulatory fine, major business disruption and a damaged reputation.