In light of recent cyber attacks, there is a huge cloud of uncertainty plaguing customers and their online security. With the Carphone Warehouse releasing details of a cyber attack which forced their costumers to change online passwords, online attacks and security breaches are more common than ever before.
The most recent publication from HM Government looking into information and security breaches found that 90 per cent of large organisations reported that they had suffered a security breach, an 8 per cent increase from last year. Small businesses are also being affected, with 74 per cent of small businesses suffering a security breach, up from 60 per cent last year.
It isn’t just costumers which are feeling the full force of online insecurity. 75 per cent of large organisations suffered staff related security breaches in the last year, in comparison to small businesses who suffered 31 per cent of staff related security breaches.
The overriding message is that danger of hackers gaining access to personal information and online details is increasing.
With £1.46m to £3.14m being the average total cost to a large organisation as a result of security breaches and £75-311k to small businesses, the threat to businesses is a costly one.
However, there are things that organisations can do to prevent security breaches, helping minimise the risk of a cyber attack or loss of data. Mark Watson of CrimeDeter has 14 points that organisations can consider when looking at the data they hold.
Asking yourself simple questions such as:
1. Do you have the most up to date version of our security software on your systems?
2. Is a procedure in place to frequently back up our data?
3. Do you have an asset register and is it kept up to date?
4. Is the information you hold on an individual necessary and do you know the purpose for holding such data?
5. Do the individuals concerned know that the organisation hold information on them and the purpose for holding the data?
6. Are you allowed to pass on information on an individual and are our staff aware of under what circumstances they can pass on data?
7. Is the data kept on individuals stored securely?
8. Is the data kept on individuals deleted or destroyed as soon as it becomes obsolete – is there a process for secure destruction of confidential data?
9. Are staff aware that passwords should be difficult to guess and must not be shared with anyone?
10. Do we have notices alerting people that you have CCTV – are the cameras correctly located so they do not infringe on people’s privacy?
11. Have your staff received training to ensure the 8 principles of the Data Protection Act 1998 are adhered to?
12. If your staff’s email, Internet, or phone use is being monitored have they been made aware of this?
13. Do you have a Data Protection/Information Security Policy and Procedures Manual set up to handle any issues that may arise? Have you retained your Certificates of Destruction?
14. If you do need to notify the Information Commissioner – is the information held up to date?
Having an answer for these questions will immediately minimise the chances of an organisation being at risk of a cyber attack.
However, it is not always as simple as outside influence putting an organisation at risk. A few simple errors can be all it takes to leave a business vulnerable to an online attack. As an employee, certain things such as not signing out of your work station, using the same password for everything, not setting the auto-lock on your mobile device, using public computers to access comply resources and copying business files onto a personal USB device can leave a business susceptible to an online attack.
With the number of cyber attacks and security breaches increasing each year, as a business you can never be too careful. Introducing simple measures and checks can be the difference in suffering an online attack or not.