It might surprise you to know that according to HM Government, one in four companies have reported a cyber breach or attack in the last 12 months. (https://www.cyberaware.gov.uk/cyberessentials/)
If that isn’t enough to spur you into cyber security action, then let us tell you a little bit more…
What is Cyber Security?
Cyber security is the process of protecting any of your digital equipment and software from unauthorized access and use. Cyber criminals can gain from such access in a number of different ways. They can use the access to take funds directly from you, or they can take the information held on your systems and sell it or use it to gain funds illegally in other ways. The impact on you and your business is not just financial however. A cyber attach will disrupt your business, cause reputation damage and may even lead to penalties if you are found to have been unprotected and unprepared for an attack.
If your business handles any of your customers’, suppliers or employees’ personal data then you are legally obliged by The Data Protection Act to ensure that their data is protected. The key principles of the Data Protection Act state that;
- You must only collect data for a specific purpose. That means not asking for details with a reason.
- You must keep the data secure – so cyber security is essential
- You must ensure that the data is relevant and kept up to date
- You must only keep the data that you need, for as long as you need it
- You must allow the person whose data it is to see it if they make request
You may also need to register with the ICO as a Data Controller. For more information, visit the ICO website (https://ico.org.uk/for-organisations/register/self-assessment/)
If your business conducts any marketing by telephone or email, then you must follow the Privacy and Electronics Communications Regulations. The Information Commissioner’s Office (ICO) have compiled a useful checklist (https://ico.org.uk/media/for-organisations/documents/1551/direct-marketing-checklist.pdf) that you can use to ensure that you have done everything you should.
Who is Responsible for Cyber Security?
Everyone working for your business has a responsibility to protect its data and that of your customers, clients and employees. Ultimately however, it is your responsibility as the business owner to ensure that your business is doing what it needs to and is compliant when it comes to data protection.
Where to Start with Your Cyber Security
So what steps can you take to start protecting your digital assets from cyber attacks? Here are a few of the basics:
By installing anti-virus software, you can protect your computer from most malware and viruses. It’s such a simple step to take but one which so many of us forget or don’t bother with. It really isn’t worth leaving it to chance. Make sure you are doing what you can to protect your systems from attack.
When you get notifications telling you that your software is due to be updated, then act on these as soon as possible. This will ensure that any built in security is as up to date and efficient as possible.
Delete Suspicious Emails
Phishing emails appear to be from a reputable source such as your bank and they will generally ask you to click a link and confirm your details in some way. You are then taken to a fake site owned by the fraudster who will then collect your details and misuse them. If you’re not sure who an email is from then just delete it – especially if you’re being asked to click a link or provide your personal details.
Use Strong Passwords
So many things need passwords these days and trying to remember them all can be frustrating. However, tempting as it might be to just use one password for everything or worse still, to not bother with them at all when it comes to your work systems, it really is a key part of cyber security that you protect your digital assets with strong passwords. For more information on creating strong passwords, take a look at one of our recent Experian Experts blogs on the subject (http://www.experian.co.uk/blogs/consumer-advice/password-protection/).
Processes and Training
If you are a business of more than just one, then you need to ensure that all employees are committed to cyber security. Think about creating some basic processes which everyone can follow to ensure that they’re not putting your business data at risk. Once you have these processes outlined then you must make sure that staff are given the appropriate training and refreshers.
Gov.uk have created some training (https://www.gov.uk/government/collections/cyber-security-training-for-business) that you can use or adapt for your business and staff.
The government offers a form of assessment called Cyber Essentials which allows your business to ensure that they meet certain guidelines when it comes to cyber security. If these are met, then your business is able to display a Cyber Essentials badge which shows customers and clients that you are well protected. For more information, take a look at the Cyber Essentials website (https://www.cyberaware.gov.uk/cyberessentials/).
What to Do if You Suffer a Data Breach
If your business does experience a data breach, then you need to be prepared. You may have customers, clients or employees to notify, you may have reputation impact to manage and of course, you may have systems and digital assets that need securing.
Experian’s Data Breach Response can prove a huge help in this situation. We can provide, a pre-breach assessment to let you know how at risk your business is and should the worst happen, you will want to quickly assess the situation.
We will ensure a comprehensive data breach plan is created. Your dedicated service manager will help you through the process to ensure both customers’ and employees’ peace of mind is quickly restored by delivering timely, pre-defined communications. Once individuals are informed, Experian’s call centre will also provide dedicated support and guidance to affected individuals.