Every business relies on its data and systems, and if they were not available, whether that was for an hour, a day or a week, the results could be catastrophic.
The latest figures showing that consumertargeted attacks have decreased and businessrelated cybercrime figures are up by 63% demonstrates that criminals are turning their attention to the much more lucrative target of businesses.
We have been running a series of events aimed at outlining the simple, practical steps organisations can take to protect themselves from harm. Cybercrime is a big subject, so we break our events down into three easy to digest elements that look at the Cyber Essentials scheme, cyber insurance, and the General Data Protection Regulation (GDPR).
Cyber Essentials
This is the Government-backed scheme designed to help organisations put in place some basic controls to mitigate the risk from the most common internet-based threats such as hacking, phishing and password guessing.
Not only does this protect the organisation at a basic level, it also allows it to bid for Government contracts which involve handling personal information. Having Cyber Essentials certification will not remove all cyber security risks, but it is a good starting point, particularly for smaller businesses. Having Cyber Essentials certification in place is a good starting point as it shows you have considered how you gather, manage and store data safely, and how you would respond to a breach.
Cyber Insurance
Data leaks and data losses can lead to regulatory fines and PR nightmares, while attacks could lead to shut-down servers and loss of both confidence and profits. Recent high profile cases of ransomware, which involves criminals locking your systems and data and charging thousands of pounds to give you the access key, highlight the need for organisations to properly protect themselves.
We work with specialist insurance partners who provide a package of protection that includes insurance and specialist advice, including a 24/7 response, fines and investigations cover, electronic data cover which includes data restoration, recollection and recreation following a security breach or data leak, and even PR help to protect reputations.
GDPR
We probably do not need to remind you that when GDPR comes into force in May 2018, anyone in breach of the regulation could face fines of up to 20 million euros or 4% of global turnover, whichever is the greater.
Data can be lost through malicious attack, accident or simple human error and organisations must show they have examined how they gather, manage, store and delete personally identifiable information (PII), and put policies, procedures and support measures in place to prevent against data loss or misuse. If you do have a breach, the fines may well be reduced if you can show you have made every effort to comply with the new regulations and adopted appropriate technical and organisational measures against unlawful processing, accidental loss and destruction of personal data.
This is a wide-ranging process involving every part of the organisation, and many businesses are bringing in outside expertise to help them address issues around identification, gap analysis, change implementation, governance and reporting.
For instance we are working alongside legal partners as one team, advising clients on how to be GDPR compliant, guiding them through the process, and preparing a support framework to assist with any data breaches, including court action dealing with the Information Commissioners Office, and defending any claims.
Protecting your organisation from harm does not need to be a daunting task, and it is made much easier if you have the right expert partners in your corner.
Get in touch if you would like to attend one of our forthcoming events, and learn more about the simple steps you can take to make sure your business is covered and compliant.
For more information visit our website at www.itps.co.uk, email us at contact@itps.co.uk, or call 0191 442 8300
http://www.itps.co.uk