These days pretty much all businesses use computers in one way or another. If yours is one of them then you need to think about cyber security. It’s a term which we’ve all heard about in the media, but which very few of us see as a direct risk to ourselves or our businesses.
It might surprise you to know that according to HM Government, one in four companies have reported a cyber breach or attack in the last 12 months.
If that isn’t enough to spur you into cyber security action, then let Telkeda tell you a little bit more…
What is Cyber Security?
Cyber security is the process of protecting any of your digital equipment and software from unauthorized access and use. Cyber criminals can gain from such access in a number of different ways. They can use the access to take funds directly from you, or they can take the information held on your systems and sell it or use it to gain funds illegally in other ways. The impact on you and your business is not just financial however. A cyber attack will disrupt your business, can cause reputation damage and may even lead to penalties if you are found to have been unprotected and unprepared for an attack.
If your business handles any of your customers’, suppliers or employees’ personal data then you are legally obliged by the Data Protection Act 2018 to ensure that their data is protected. The key principles of the Data Protection Act 2018 state that;
- The first data protection principle is that the processing of personal data for any of the law enforcement purposes must be lawful and fair.
- The second data protection principle is that—
(a) the law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and
(b) personal data so collected must not be processed in a manner that is incompatible with the purpose for which it was collected.
- The third data protection principle is that personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
- The fourth data protection principle is that—
(a) personal data processed for any of the law enforcement purposes must
be accurate and, where necessary, kept up to date,
(b) every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay.
- The fifth data protection principle is that personal data processed for any of the law enforcement purposes must be kept for no longer than is necessary for the purpose for which it is processed.
- The sixth data protection principle is that personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, “appropriate security” includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage).
You may also need to register with the ICO as a Data Controller. For more information, visit the ICO website
If your business conducts any marketing by telephone or email, then you must follow the Privacy and Electronics Communications Regulations. The Information Commissioner’s Office (ICO) have compiled a useful checklist that you can use to ensure that you have done everything you should.
Who is Responsible for Cyber Security?
Everyone working for your business has a responsibility to protect its data and that of your customers, clients and employees. Ultimately however, it is your responsibility as the business owner to ensure that your business is doing what it needs to and is compliant when it comes to data protection.
Where to Start with Your Cyber Security
So what steps can you take to start protecting your digital assets from cyber attacks? Here are a few of the basics:
By installing anti-virus software, you can protect your computer from most malware and viruses. It’s such a simple step to take but one which so many of us forget or don’t bother with. It really isn’t worth leaving it to chance. Make sure you are doing what you can to protect your systems from attack.
When you get notifications telling you that your software is due to be updated, then act on these as soon as possible. This will ensure that any built in security is as up to date and efficient as possible.
Delete Suspicious Emails
Phishing emails appear to be from a reputable source such as your bank and they will generally ask you to click a link and confirm your details in some way. You are then taken to a fake site owned by the fraudster who will then collect your details and misuse them. If you’re not sure who an email is from then just delete it – especially if you’re being asked to click a link or provide your personal details.
Use Strong Passwords
So many things need passwords these days and trying to remember them all can be frustrating. However, tempting as it might be to just use one password for everything or worse still, to not bother with them at all when it comes to your work systems, it really is a key part of cyber security that you protect your digital assets with strong passwords. A good way of generating a password that is hard to guess but easy to remember is to devise a phrase that contains ordinary words, names of people or places (so they start with a capital letter) and numbers. Your password is then obtained by taking the first letter of each word except for the numbers which are represented by figures. So, if your phrase was “Bradford is thirty two miles from Manchester” the password would be Bi32mfM. Avoid using the following passwords, which a surprising number of people use: password, QWERTY, 123456, 00000 and Letmein. Also, don’t use information that can be guessed with minimal effort. For example, Joe Bloggs would be advised against opting for a username of “Joe” with “Bloggs” as his password. Similarly, avoid the name of your spouse, children or pets, birthdays and any other details that can be discovered from social networking sites and elsewhere.
Processes and Training
If you are a business of more than just one, then you need to ensure that all employees are committed to cyber security. Think about creating some basic processes which everyone can follow to ensure that they’re not putting your business data at risk. Once you have these processes outlined then you must make sure that staff are given the appropriate training and refreshers.
Gov.uk have created some training that you can use or adapt for your business and staff.
The government offers a form of assessment called Cyber Essentials which allows your business to ensure that they meet certain guidelines when it comes to cyber security. If these are met, then your business is able to display a Cyber Essentials badge which shows customers and clients that you are well protected. For more information, take a look at the Cyber Essentials website.
What to Do if You Suffer a Data Breach
If your business does experience a data breach, then you need to be prepared. You may have customers, clients or employees to notify, you may have reputation impact to manage and of course, you may have systems and digital assets that need securing.
Telkeda can prove a huge help in this situation. We can provide, a pre-breach assessment to let you know how at risk your business is and should the worst happen, you will want to quickly assess the situation.
We will ensure a comprehensive data breach plan is created. We will help you through the process to ensure both customers’ and employees’ peace of mind is quickly restored by delivering timely, pre-defined communications. Once individuals are informed, Telkeda will also provide support and guidance to affected individuals.
Further Information from Government can be found here.