There is no doubt that the pace of technical innovation and the growing use of cloud services has heralded the need for a new approach to risk.
Today the World Economic Forum lists cyber security as one of the greatest threats to business. EU security commissioner Julian King has revealed that cyber crime cost the European economy £51bn last year and there are estimates that the cost to the financial services industry alone this year could reach £1.5bn.
It is clear cyber security has become a boardroom issue.
The UK government has already taken steps to help organisations understand cyber risk better by establishing the Cyber Essentials scheme. However cyber attackers have not let up. Since the turn of the year Lloyds Bank has admitted it was subject to a massive Distributed Denial of Service (DDoS) attack which affected its services.
Customers put their trust in the businesses they use to look after their money and/or their data so any cyber breach can have a huge impact on what is essentially a very personal relationship.
With more cyber attacks expected in 2017, here are some measures to take to reduce the risk of being affected:
Make cyber security a management issue in your business. Create a clear set of data protection and privacy policies that all staff have to follow and make sure they are being enforced. Treat any non-compliance with these policies as a serious HR issue.
Fully protect IT systems and monitor them constantly for any anomalies. If you are using a third party software, cloud services or infrastructure provider check that they share the same approach to compliance and data protection. How do they protect the services they provide or their data centres? Do they operate to the correct ISO, legal and/or government security standards? If using the big public cloud providers, check where your responsibilities lie.
All staff – not just those who work in the IT department – should be educated about new and existing threats and how they can be mitigated. A simple mistake by a member of staff such as opening an email attachment can open the door to cyber attackers. Training staff well and updating them regularly can help minimise the possibility of a breach.
Data protection regulation is being updated as governments understand more about the risks. Keep your business safe by adhering to relevant legislation. Whatever the outcome of the current Brexit negotiations, the new EU General Data Protection Regulation will come into force in the UK in May 2018. Those who leave it too late to adhere to the new rules could be subject to huge fines.
Sadly there is no one silver bullet to save your business from being the target of a cyberattack. However by following the guidance above you can make it a lot less likely.
To find out more about how the new data regulations will impact your business, please read our GDPR whitepaper.