Cyber threats are growing in frequency and severity, we highlight six reasons to review your approach to cyber security.
Cyber threats are growing in frequency and severity with a number of high-profile hacks and breaches having been reported in recent months. In this article, we highlight six reasons to review your approach to cyber security:
1. It is about all businesses, including yours
Being connected to the internet leaves a business exposed to a global criminal contingent that is effectively operating with anonymity, 24 hours a day. The perception is that it is just big businesses being targeted as large scale hacks make the headlines. The reality is, however, that it is a problem that is facing firms of all sizes.
Not considering and addressing the risk that cyber security presents could have a negative impact on your firm’s risk profile and, consequently, your professional indemnity insurance premium. Clear and well documented policies and contingency plans can help to show that your firm has considered the risk and the steps it would take to prevent or deal with a security breach.
2. Breaches are expensive
Breach notification laws are becoming more common and draconian with the EU set to implement its own new legislation in the near future. These laws will generally require businesses that lose sensitive data to provide written notification to any individuals affected. Aside from the legal implications, customers will demand an explanation from the businesses they entrusted their data to.
When drafting your contingency plans, think about the detail of who would need to be contacted in such an event and who, in your firm, would be responsible for ensuring action was taken promptly and properly.
3. Brand damage can be catastrophic
Once your brand is damaged with clients, it can take a long time to re-establish trust. Think about what measures you can take to protect your client data and reassure clients that you are dealing with their information securely. What would be your PR plan if your client data was compromised?
4. The threat is everywhere
A laptop left on the tube, a tablet stolen in a bar, a corrupted USB stick; just three of the ways in which data can be compromised when in a portable format.
Spending time to make staff aware of their individual responsibility to protect data could prevent incidents from happening in the first place.
5. Can your firm survive without data?
Data is the most valuable asset for any business. Consider how long your firm could function without data.
Think about the steps you would need to take to recover and restore data. Do you have a plan to deal with the short-term and long-term implications?
6. The problem is evolving
Twitter, LinkedIn, Facebook; three examples of platforms that have changed the way most of the world communicates in the last 10 years. Businesses are often held responsible for the actions of their employees on these platforms even though it is practically impossible to police business-wide activity 24/7.
Having a clear policy on social media use will help you and your staff to be aware of best practice, potential issues, and what steps to take if things do not go to plan.
Cyber defence checklist
We would recommend firms looking to minimise their cyber risk exposure work their way through the checklist below:
- Hire an expert
- Update processing systems
- Upgrade firewall and virus protection
- Encrypt sensitive data
- Employ 'bring your own device' rules
- Conduct penetration test
- Procure cyber insurance
- Develop crisis response plan