Data Breach

Cyber Security and the GDPR

Cyber crime is on the rise, in the last 12 months, 46% of businesses reported a cyber attack, and 32% of those attacked happened more than once every week.

Cyber crime is rising fast.

Unfortunately, cyber criminals continue to attempt to obtain access to IT systems for financial gain. Latest reports show that approximately 16% of all attacks involved a ransom for the release of the system that has been unlawfully accessed. In most cases, a phishing email was sent and was the source of a third of incidents. The covid-19 pandemic has also had a large impact on the cyber security threats to businesses. As such, there has been an increase of phishing emails related to Covid-19, the cyber criminals using the fear of the pandemic and curiosity to gain access to IT systems.

There has also been a large increase in remote working and, with little notice or preparation time, businesses have had no choice but to rely on potentially unsecure networks and personal devices. Furthermore, IT teams have been overloaded by changes to the business infrastructure and operations, which in turn has affected their impact to respond to the identification of security issues. The key to preparing for a cyber-attack is not only having robust cyber security measures in place, but also having the resources to be prepared on how to act in the event of an attack.

Threats to business

Where attacks to take place and the GDPR Regulations are enforced, business can face large fines following security incidents. This is large financial risk to businesses who are not prepared for cyber security attached. Between March 2019 and May 2020, there were 190 GDPR fines coming to a total of over 414 million Euros. Of these 190 fines, 30% were related to personal data breaches. However, the value of these fines equates to 77% of the total fine issued. It is therefore clear that personal data breaches are more severe in light of the GDPR and fines will be higher for security incidents involving personal data.

Any latest high profile cases?

In the UK, there has been major incidents such as the British Airways data breach, were cyber criminals directed over 500,000 customers to a fake website to collect their personal data. The Information Commissioners Office (ICO) found that a significant amount of customer personal data was compromised as a result of poor data security and, as a result, issued a notice of intention to fine British Airways £183.90 million. This fine, however, is yet to be finalised.

The ICO’s approach sends a clear message to businesses in the UK and the enforcement of the GDPR, that personal data protection should be a priority. Whilst there is a financial risk to businesses through the implementation of regulatory fines from the ICO, there is also a further risk of litigation from those who have had their personal data exposed.

The most significant case in terms of data protection claims is the Court of Appeal’s decision in Lloyd v Google LLC, where the bar for bringing mass data protection claims was lowered and moved towards more of a strict liability approach. Essentially, this has opened the door to data protection claims regardless of whether the Claimants are distressed by the data breach. Furthermore, Claimants need not establish that there has been any financial loss to claim. However, the Supreme Court has permitted Google to appeal on three grounds, with that appeal due to be heard in April 2021.

As it stands, recent case law has reduced the threshold for bringing a claim in the UK and more individuals are able to bring a claim. Furthermore, there has been an increase in litigation funding, and third party funders are increasingly offering funding where there is over 50% prospects of success.

Top 10 ways to help

We have a quick guide to help businesses prevent data loss and cyber attacks.

1. Train your staff

One of the most common ways cyber criminals get access to your data is through your employees. They’ll send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files. Links often seem legitimate to an untrained eye and it is easy to fall into the trap.

This is why employee awareness is vital. One of the most efficient ways to protect against cyber attacks and all types of data breaches is to train your employees on cyber attack prevention and inform them of current cyber attacks.They need to:

  • Check links before clicking them
  • Check email addresses from the received email
  • Use common sense before sending sensitive information. If a request seems odd, it probably is. It’s better to check via a phone call with the person in question before actioning the “request”
2. Keep your software and systems fully up to date

Often cyber attacks happen because your systems or software aren’t fully up to date, leaving weaknesses. Hackers exploit these weaknesses so cybercriminals exploit these weaknesses to gain access to your network. Once they are in – it’s often too late to take preventative action.

To counteract this, it’s smart to invest in a patch management system that will manage all software and system updates, keeping your system resilient and up to date.

3. Ensure Endpoint Protection

Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops that are connected to corporate networks give access paths to security threats. These paths need protected with specific endpoint protection software.

4. Install a Firewall

There are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks.

Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber attack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage, something we can help you with.

5. Backup your data

In the event of a disaster (often a cyber attack) you must have your data backed up to avoid serious downtime, loss of data and serious financial loss.

6. Control access to your systems

Believe it or not, one of the attacks that you can receive on your systems can be physical, having control over who can access your network is really really important. Somebody can simply walk into your office or enterprise and plug in a USB key containing infected files into one of your computers allowing them access to your entire network or infect it.

It’s essential to control who has access to your computers. Having a perimeter security system installed is a very good way to stop cybercrime as much as break ins!

7. Wifi Security

Who doesn’t have a wifi enabled device in 2020? And that’s exactly the danger, any device can get infected by connecting to a network, if this infected device then connects to your business network your entire system is at serious risk.

Securing your wifi networks and hiding them is one of the safest things you can do for you systems. With developing more and more everyday there’s thousands of devices that can connect to your network and compromise you.

8. Access Management

One of the risks as a business owner and having employees is them installing software on business owned devices that could compromise your systems.

Having managed admin rights and blocking your staff installing or even accessing certain data on your network is beneficial to your security. It’s your business, protect it!

9. Passwords

Having the same password setup for everything can be dangerous. Once a hacker figures out your password, they now have
access to everything in your system and any application you use.

Having different passwords setup for every application you use is a real benefit to your security, and changing them often will maintain a high level of protection against external and internal threats.

10. Employee personal accounts

Every employee needs their own login for every application and program. Several users connecting under the same credentials can put your business at risk.

Having separate logins for each staff member will help you reduce the number of attack fronts. Users only log in once each day and will only use their own set of logins. Greater security isn’t the only benefit, you’ll also get improved
usability.

Latest Articles

View All

Was my pension transfer the wrong thing to do?

Pension transfers are a big decision and transferring out of a final salary scheme is rarely good advice. However, many people were advised to do that due to negligent financial advice. Evans Hughes are financial mis-selling experts and specialise in helping clients claim compensation when they have been given negligent financial advice to transfer their pensions.

April 26, 2021

What are Business Energy Claims?

It has been estimated that around 50% of UK businesses use an energy broker to find them a competitive deal on their business energy. Unfortunately, an industry-wide problem is coming to light which shows that many companies have been mis-sold gas and electricity. Third parties are charging commissions that are not made explicitly clear from the outset, resulting in much higher energy charges.

April 26, 2021

Push Payment Fraud Compensation Claims

Push payment fraud is a very serious crime, and the victims can suffer financial loss and distress as well as loss of privacy. In many push payment scams, banks are reluctant to compensate. So, people can be left not knowing where to turn.

April 26, 2021