The Business Exchange Swindon & Wiltshire Edition 24: April/May 2016 | Page 22

CYBER SECURITY CYBER ATTACK! YOU READY? Hear it from the experts… Businesses in the 21st Century are ever more dependent on web-based platforms to successfully run their operations and the internet facilitates ways of working that could only have been dreamed about as little as twenty years ago. Yet this reliance on the internet is not without its challenges, and certainly doesn’t exist without risk - to individuals, organisations and even communities. As such, considering cyber security should be an integral component of any crisis management strategy planning. Cyber attacks manifest themselves in a variety of guises, from phishing emails that attempt to elicit information such as banking details, to organisational ‘denial of service’ attacks and online radicalisation through social media. Indeed, when it comes to national security and the threat of terrorism, the government has made clear that it views tackling the cyber threat as important as any other means of attack. Consider, how might you be affected if critical services such as electricity, air traffic control or hospitals are attacked; or how would you feel if you realised a friend, family member or colleague had been subjected to online grooming? The UK government and associated agencies are working hard to raise awareness of cyber security issues and have made available a series of risk assessment and mitigation tools to help everyone become better equipped to counter the threat. The initiative Be Cyber Streetwise (www.cyberstreetwise.com) states that 60% of small businesses experienced a cyber breach in 2014, and that the average cost of the worst breach was £65,000 £115,000. It provides an online selfassessment tool to help businesses identify where there may be gaps in their cyber security and offers an easy-to-follow set of guidelines to plug any gaps. Another worthwhile source of information is the “10 Steps to Cyber Security” guide which can be found on the CPNI (Centre for the Protection of National Infrastructure) website (www.cpni.gov.uk), along with a wealth of other cyber-related advice. Lingua, an independent communications agency with expertise in crisis & reputational management strategy, offers a range of packages to help companies plan for the unexpected. For further information contact: [email protected] TBE insurance experts Lockton LLP look at a real life incident involving a professional services firm who discovered that their IT systems had been hacked. Although it knew that its systems had been compromised, the firm had no idea what, if any, information had been taken or whether its systems were secure. Furthermore, it had no idea whether it needed to tell clients or regulators, and if so, what it should tell them. After a forensic IT investigation, it transpired that the hackers had stolen 15,000 customer records held on a spreadsheet. The records included names, addresses, dates of birth, medical details and credit card information. Following legal advice, the firm decided to notify the Information Commissioners Office (ICO), its professional regulator and the affected clients and customers. News of the breach was also spread on social media and within a couple of weeks, the firm's CEO was invited onto a national consumer show to explain the breach and their response. Further and some months later, the firm was fined by the ICO for failing to have sufficient information security measures in place, was still dealing with unhappy customers and was still dealing with claims from the credit card companies. This case study should highlight the emergency and long term response that is required when dealing with a cyber-event and hopefully reinforces the need for adequate risk management to be in place. A cyber risk insurance policy can help in these circumstances as it will typically pay for the first party costs of IT forensics as well as experts to help the firm: • contain the breach and secure any IT system; • investigate how the breach occurred and discover what information or data was taken; • determine what legal obligations arise as a result of the stolen information; and, • notify any clients or regulators Some cyber risk insurance policies will also pay for: loss of profits caused by damage to electronic systems, losses due to cyber-crime; phishing, vhishing, social engineering and any losses due to treat or extortion. As a result a business can concentrate on what they do best! Ian Saxelby - Business Development [email protected] 0117 9065 033 What is Cyber Security and what does it mean to my business? Cyber security is mentioned a lot in the media these days, typically after a large, prominent company has fallen victim to foul play, but security breaches can happen to any one of us. So let’s look at each of these in a little more detail. 1. Update your software. Manufacturers release security updates when vulnerabilities are detected. These are important to install straightaway to fix bugs. This includes all devices (smartphones/tablets) where you store business email and personal information. These are just a few tips that may help strengthen your security brought to you by Cloud Heroes – the secure cloud for business. If you’re concerned, call us on 01225 776 555 or email [email protected]. 2. Ensure your passwords are complex. Top 5 things y