Attack of the Cyber men
17th October, 2014
It's not just Dr Who that needs to worry about the cyber men.
There is probably no business in the North that has not had a security breach of some description.
If you think you haven’t had a breach it’s more likely that you are just not aware of the breach that has happened.
In a recent survey it was found that in 26% of organisations, the board had not been briefed on data security risks in the last year.
Do you have a data protection officer? Do they report directly into someone on your board?
Nuts and bolts are still important; but we’ve entered a time when data rules the world.
It’s over 400 years since Sir Francis Bacon said that “knowledge is power” and the importance of data to 21st century businesses shows the phrase is more apt today than it has ever been.
In this data-heavy world you should ask yourself a few simple questions:
Does your business have a structured system for protecting data?
Do your staff know their responsibilities for keeping data secure?
Do your staff care enough to keep data secure?
This is important enough for any type of commercial data but it is absolutely vital when you process personal data as there are strict rules set out in legislation dealing with how you can use the personal data you gather.
The thing is, simple measures such as training, raising awareness levels of data security issues, applying software patches and using robust passwords would vastly improve data security in most businesses.
If you also make sure you use up to date malware protection, manage and monitor your network, manage access rights to data and make sure you use encryption technologies where necessary (such as with laptops and smart phones) you will eliminate many of your so called cyber-risks.
Cyber security must not be regarded as solely an IT issue. Making sure your staff are engaged with the need to keep data secure is a vital tool in keeping the cyber men at bay.
If you don’t wise up to data security your customers might do it for you (and go elsewhere). Over 97% of people are concerned about the way organisations use and pass on their data.
The regime allowing fines to be issued for breaches of data protection legislation came into force in 2010.
Since that regime came in, the vast majority of cases brought have related to mislaid information. This has included data sent or faxed to the wrong person, or data being lost in transit or lost during office moves.
However, two of the last five fines issued have related to cyber attacks where inadequate security has allowed hackers to gain access to systems.
As a business, you must make sure you know what data you hold, where it is held and how secure it is.
You should also make sure you understand the data protection risks you face.
If you don’t, you are exposing yourself to data risks which you may or may not understand and which could lead to substantial fines which could have a real impact on your business.
After all, you can’t always rely on Dr Who to get you out of these scrapes.
Phil Tompkins
Partner, Company and Commercial
* For further information about the issues raised in this article, please contact Phil Tompkins.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.
Topics: