As businesses and organisations become increasingly reliant on technology and computer systems for their day to day operations, this in turn increases the risk of cyber attacks and data breaches. With high-profile cyber attacks on companies such as Sony raising awareness of this growing threat, it’s never been more important for organisations to protect themselves against the risk of cyber crime.
To help combat this, the General Data Protection Regulation (GDPR) comes into force on the 25 May 2018, which will bring stricter penalties for insufficient data security. Although the key principles of data privacy will still hold true, the laws around holding or processing customer and employee data are about to become more stringent, with larger fines attached and a wider definition of customer data. Most importantly, the new legislation gives individuals more rights when it comes to the use of their personal data. It is therefore vital for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.
What is a ‘cyber risk?’
A cyber risk usually refers to some sort of data breach, and is generally considered to be any risk originating from ‘cyber space,’ or as it is more commonly known, the Internet. A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.
There are various causes of data breaches, but most commonly they are caused by loss or theft of data (e.g. phishing emails), hacking, vulnerable software, or purely due to human error. In fact, almost two thirds of data breaches are caused (inadvertently) by employees, for example, by losing an unsecured company laptop, or a memory stick holding customer data.
How might a breach affect your organisation?
A cyber attack on a small business can have a huge financial impact. As well as the cost of clean up after a data breach (such as implementing new security systems), an organisation may also be subject to heavy penalties under the GDPR. For a breach, a firm can be fined up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year - whichever is greater.
As well as a potential fine, a firm may also see a loss of income off the back of a data breach – if a website or back office system were to be hacked, for example, a business may find that they need to stop or slow down day-to-day activity whilst they get their website and/or security systems back up and running following a breach. As a result the organisation may see a loss of income if products and/or services cannot be delivered.
Aside from the loss of data or the financial implications, a cyber attack could cause serious reputational damage to your organisation. This could ultimately result in loss of clients, with people less likely to engage with your organisation for fear of their data being compromised.
10 tips for preventing cyber risks
Train employees in cyber security principles to ensure sure they understand why they need to undertake certain protocols when it comes to data protection.
Regularly update your protection software. As well as protecting your devices using anti-virus software, your staff should also be made aware of any potential email scams, and how to avoid them. For example, never input any personal data or click on any web links unless you’ve first verified the source.
Employees should also download and install software updates for your operating systems and applications as they become available.
Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure and hidden. It’s also a good idea to use a firewall for your internet connection.
Have an internal reporting process to share any concerns. It’s important for employees to understand the importance of reporting a potential breach.
Have strong passwords that are difficult to decipher. Change them regularly, and store them in a secure location.
Make backup copies of important business data and information.
Control physical access to your computers and network components, lessening the risk of anyone downloading or installing malicious malware, or compromising your security systems.
Limit employee access to data and information – only grant access to key individuals, as this will limit your exposure.
Consider taking out cyber liability insurance to protect your organisation against the cost of a breach of data. Cyber liability insurance offers protection for computer systems and data in the event of a breach, and some policies will also cover against fines imposed by the ICO.
Make sure you’re covered
A data breach could have a devastating financial impact on your business, potentially costing you thousands (or even millions) of pounds in lost sales or damages.
That’s why it’s important to make sure you have the tools and cover available to protect your company against losses from cyber attacks, and our Commercial Team is on hand to discuss specialist tailored products with expert support and advice for businesses, charities, cultural, leisure and sports organisations.
To find out more about Endsleigh’s specialist commercial insurance, get in touch on 0333 234 1358 or e-mail firstname.lastname@example.org.
*Taken from ‘Cyber Risks and Liabilities: Cyber Security Tips for Small Businesses’ © 2012 Zywave, Inc.