No organisation, big or small, is immune to a data breach, and instances of cyber crime have risen dramatically in recent years as organisations become increasingly dependent on technology and computer systems. According to the Hiscox Cyber Readiness Report 2018, if you factor in only those organisations that were targeted, cyber crime has cost organisations an average of $229,000 over the past year.
General Data Protection Regulation (GDPR) comes into force 25 May 2018 which will bring stricter penalties for insufficient data security. It is therefore important for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.
What is a ‘cyber risk?’
A cyber risk usually refers to some sort of data breach, and is generally considered to be any risk originating from ‘cyber space,’ or as it is more commonly known, the internet. A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.
There are various causes of data breaches:
Loss or theft of data
An example of data loss would be where a malware attack has deleted large amounts of customer data from your computer. Data theft could be as a result of a viral infection (e.g. from a phishing email or hacker) which allows data to be stolen from your hard drive.
Human error
Contrary to popular belief, data breaches are most commonly as a result of human error, with almost two thirds of data breaches caused (inadvertently) by employees. This could be anything from an employee losing a memory stick holding customer data, to sending information to the wrong person.
Hacking
Hacking is where someone maliciously gains unauthorized access to data in a system or computer with the intent of stealing the data for personal use or to sell for financial gain.
Vulnerable software
A weak or compromised security software system on your network could leave your organisation especially vulnerable to a cyber attack.
How might a breach affect your charity?
Loss of income
As well as the cost of clean up after a data breach (such as implementing new security systems), with GDPR comes more stringent penalties for data breaches. For a breach, a firm can be fined up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year - whichever is greater. For a small organisation, this could be financially devastating, so it’s important to make sure your cyber security is up to scratch.
Reputational damage
Aside from the loss of data or the financial implications, a cyber attack could cause serious reputational damage to your organisation. This could result in loss of funding or clients, with people less likely to engage with your organisation for fear of their data being compromised.
Business interruption
If a website or back office system were to be hacked, for example, an organisation may find that they need to stop or slow down day-to-day activity whilst they get their website and/or security systems back up and running following a breach. As a result the organisation may see a loss of income if products and/or services cannot be delivered.
4 tips for preventing cyber risks
1.Regularly update your protection software. As well as protecting your devices using anti-virus software, your staff should also be made aware of any potential email scams, and how to avoid them. For example, never input any personal data or click on any web links unless you’ve first verified the source.
2.Have an internal reporting process to share any concerns. It’s important for employees and volunteers to understand the importance of reporting a potential breach.
3.Have strong passwords that are difficult to decipher. Change them regularly, and store them in a secure location.
4.Consider taking out cyber liability insurance to protect your organisation against the cost of a breach of data. Cyber liability insurance offers protection for computer systems and data in the event of a breach, and some policies will also cover against fines imposed by the ICO.