Businesses need to be prepared for cybercrime attacks
Robert Bond, partner and head of Charles Russell Speechlys’ internationally recognised data protection and cyber security team, joined forces with DI Andy Haslam, head of Surrey & Sussex Police Cyber Crime Unit to advise Surrey businesses about how to prepare for and tackle cybercrime attacks.
The event, at Charles Russell Speechlys’ offices in One London Square, was attended by over 40 local businesses, keen to find out more on how to deal with this increasingly prevalent and potentially destructive corporate crime.
The speakers talked about a variety of internal and external threats, including:
- disgruntled employees misusing client and staff data
- emails with sensitive data inadvertently sent to the wrong recipient, and
- hackers infiltrating a company website.
They asked businesses to be wary of phishing emails requesting changes to bank mandates or clicking on email links or attachments which could contain damaging viruses.
According to Robert Bond (who is also an author on data protection, information security and cyber risks):
"Businesses should never be ashamed of admitting there has been a data breach or they have been a victim of cybercrime. However, they should be ashamed if they did not have processes and procedures in place to anticipate such events. "
He explained that new laws may require that data breaches are reported to the Information Commissioner within 72 hours and that data breach subjects must be alerted under current laws. Depending on the attack, a business may be investigated and have to pay a fine if they have not complied with the Data Protection Act.
The fine can sometimes be reduced if it’s evident that the business had all the processes in place to protect itself from such an incident.
"In my view, it’s not the fine that could be the most damaging to a business," explained Robert, "The biggest damage from a corporate cyberattack is the reputational one to your brand. Losing trust is far more detrimental to businesses of all sizes than any other fall out - it can take years to build that trust back again. "
Robert’s advice to business included the following top five tips:
- Have strong antivirus software and keep your software up-to-date with the latest patches
- Require everyone in the business to change their passwords on a regular basis
- Think twice before clicking on emails – especially if there’s a link or attachment which you weren’t expecting; if you receive a request to change details on a bank mandate, telephone the company you believe it is from to verify that the information you have received by email is correct
- Appoint a rapid reaction task force/information security officer and make sure the business has agreed procedures and policies in place should a breach of security or cyberattack happen
- Make sure you know what security measures your third party suppliers have in place – such as your outsourced IT or HR companies who will have access to your data, data which you are liable for
Robert Bond highlighted the importance of increasing co-operation between businesses and the police. DI Andy Haslam advised businesses to report cybercrime attacks to ActionFraud on 0300 123 2040 as the more intelligence the police has on internet crime, the better equipped they will be to address it.
News & Insights
Uber data breach highlights notification obligations and GDPR impact
The incident provides a useful reminder of the current laws and imminent changes relating to data breaches.