cybersecurity

Is Our Data Safer Under GDPR?

by
GDPR

Now that GDPR is in force will this make our data safer…..

The volumes of data running through businesses in the UK is difficult to visualise and practically impossible to safeguard so will GDPR actually make any difference to our data being better protected? The chances are that it will be but the same inherent threats will still exist.

So what are these threats ?

1.Businesses that have not yet complied with GDPR

In the the run up to GDPR a number of reports indicated that many business were behind in achieving the required standards expected there is therefore a danger that firms are still very much behind the curve in meeting the GDPR standards.

2.Inability to restore data

In the event of a compromise of personal data it will be important that a businesses can restore data by having the appropriate back-ups in place if this is not possible this will impact on their business confidence and reputation.

3.Internal espionage

Rogue employees or a disgruntled member of staff might wish to cause disruption or make a point on a company wide issue. Morrisons were recently involved in a court case and found vicariously liable for the acts of an employee who gained access to the personal details of employees and released this into the public domain.

http://www.hrmagazine.co.uk/article-details/the-morrisons-data-breach-and-gdpr-compliance

4. Heightened cyber security threats 

It is conceivable that there will a visible increase in cyber attacks on businesses as hackers will target firms for their data and exploiting vulnerabilities. Such threats as ransomware or a DDos attack where a hacker could hold a business to ransom by threatening to steal or disseminate data.

http://cyberbrokers.co.uk/will-ransomware-attacks-increase-under-gdpr/

5. Poor cyber risk management

A data controller with poor cyber risk management would be a prime target for a hacker. Basic cyber hygiene is vital with minimum standards of Cyber Essentials and preferably ISO27001 advanced cyber security processes in place.

6. The absence of an incident response plan

If a businesses is hit by a data breach it will need to react quickly to this, an incident response will assist with this . Business continuity and disaster recovery plans should also be in place so that the business can continue to operate.

Cyber Insurance can help….

This specialist form of insurance can provide valuable coverage in the event of a data breach and help mange the impact of this.

The main elements of coverage provided to protect data are as follows:-

  • Privacy Liability
  • Data notification costs
  • Regulatory costs and expenses
  • 24/7 Incident response services

There is no doubt that data will still be at risk with threats to its security emerging as technology and the incentives to use data for ill means increases.

Image : Shutterstock

The “Cyber Monday Morning” Feeling…

by
Cyber Monday

The “Cyber Monday Morning” Feeling..

This year Cyber Monday falls on 28th November, traditionally preceding “Black Friday” which occurs on the 25th November …. it is likely that consumers will have that “Cyber Monday Morning Feeling” ….. keen to make purchases on-line for loved ones that maybe they failed to grab on the Friday.

Cyber Monday represents one of the busiest on-line purchasing days of the year in both the UK and US. Last year according to figures from Experian and IMRG , Cyber Monday was worth £968M to on-line retailers which represented an increase of 34% on the previous year. A further increase is expected this year…. a factor that might influence this is that consumers in the UK experienced issues with crowds and traffic problems and consumers may prefer to shop from the comfort of their own home or office.

The spike in on-line shopping activity on this day does not go unnoticed by the cyber criminals and it is one of the days of the year where consumers may be most vulnerable to scams and fraud.

Keen to grab a deal that may be too good to be true, consumers could be fooled into making purchases without looking too carefully at the website that may not in reality exist or the e-mail that has been sent to them with a special one off deal that day. As a result of this lapse in concentration  cyber criminals can take advantage of this which could lead to them gaining access to personal details such as bank account details, full names & addresses and national insurance numbers.

Not only are there dangers for consumers but businesses will also be a target for cyber criminals who will be shopping for Christmas..!

Here are some cyber security measures that should be focused upon  :-

1.Updating your Software

Whatever device you are using whether it be a smartphone , tablet or desktop it is important that the software is up to date as this helps protect these devices from new viruses and malware that could lead to data being compromised.

2.A Strong Password

The most common password remains 123456 and it is sad reflection that people do not fully realize the dangers that this poses.There are various schools of thought on what makes a good password, CyberAware, the government sponsored website provides some good advice on this.

https://www.cyberaware.gov.uk/software-updates

3.Privacy Settings

Checking of privacy settings on social media to ensure that you only wish to share personal information with persons that you know and are happy to share this with them.

4.Internet Settings

When shopping  on-line ensure that on-line retail sites are secure and that they are what they perceive to be.

5.Human Error

An inadvertent error in pressing the wrong button on a computer or smart phone  could lead to data or information being sent to the incorrect destination causing disclosure of this to a third party or hacker that may use this for ill gains.

To reinforce this there are two excellent websites to guide individuals and businesses on how best to protect their privacy and data :-

CyberStreetwise 

This is a government sponsored initiative that was launched in 2014 to encourage behavioural changes in individuals and the SME business sector in terms of adopting a good cyber security posture.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/273330/cyber_streetwise_open_for_business.pdf

Get Safe Online

This website provides advice on how individuals and businesses can protect themselves from on-line issues such as fraud , identity theft and virus attacks.  Guidance is also provided on associated subjects relating to good housekeeping of computers and mobile devices.

https://www.getsafeonline.org/about-us/

Cyber Insurance 

For all the cyber security procedures and practices that may be in place Cyber Insurance can provide that “top layer”of coverage as part of the cyber risk management program should there be a compromise of computer systems that results in a data breach or being a victim of cybercrime.

Image : Shutterstock

CiSP – Cyber Security at your finger tips

by
Artificial Intelligence

CiSP stands for the Cyber-security Information Sharing Partnership and has been formed jointly by industry and government which sits in CERT-UK.

What is CiSP?

It is an online social networking tool that was established in 2013 which allows members to exchange information on threats and vulnerabilities as they take place. CERT – UK is the national computer emergency response team with a number of responsibilities that stem from the UK Cyber-Security Strategy. It is used by many businesses across industry and provides reports that help its members to improve their awareness of cyber security threats.

www.cert.gov.uk/cisp

Recently the South West Regional Group launch of CiSP took place , this was the 12th and final launch carried out in the UK. This was jointly sponsored by the SW Regional Cyber Crime Unit (RCCU) , CERT-UK and J.P. Morgan (Regional Champion). The profile of the sponsors demonstrates the importance that attaches to CiSP and the impact that is perceived that it can make in developing the cyber security programs of businesses.

Why should you become a member of CiSP?

  • Early warning of cyber threats that may affect businesses
  • Collaboration between businesses and government in a secure environment
  • Ability to help businesses protect their livelihood from cyber threats
  • Businesses can learn from the experiences of others….both mistakes and the successes
  • Availability of specific sector content on cyber threats and incidents that have taken place
  • Businesses that have a small or non-existant cyber security budget can avail themselves of the information
  • Any business can join and benefit from the scheme
  • It costs nothing to become a member and can help a businesses prepare for a cyber attack

CiSP Membership Link

How CiSP can help a Business?

  • Alerts and advisory papers on cyber security
  • Reports om trend threats
  • Malware and phishing e-mail analysis
  • Guidance and best practice on common areas on both a national and global basis

One of the key features is the Fusion Cell that consists of a team of analysts taken from government and industry who provide source analysis of cyber threats and vulnerability updates.

The scheme is aimed at SME’s who are considered one of the most vulnerable business sectors with varying degrees of cyber maturity. It is therefore important that they understand how to protect themselves from cyber attacks and the resulting cyber crime that can occur.

Industry Endorsement

The British Insurance Brokers Association ( BIBA) is going to sponsor its members to join the scheme in order to help improve awareness about cyber cyber risks that exist.

This will no doubt become a common theme within other industries in the future.

Insurance has a role to play 

Cyber insurers and specialist insurance brokers can also contribute to CiSP by providing current data and information of cyber security attacks and data breaches that they have been involved with and managed.