Taking a pre-emptive strike against cyber crime

Cyber security is a growing risk for all organisations, and to avoid the potentially catastrophic consequences of a cyber attack, every organisation should be taking steps to minimise and manage that risk at every level. There are a few pre-emptive steps that can be taken.

By Sara Beaumont, partner, Woodcocks Haworth & Nuttall

Every organisation will have assets, whether large or small. You need to understand what assets could be at risk from a cyber attack, such as financial data, personal data, intellectual property and commercially sensitive information.

In particular, cyber incidents can often involve external contractors so you need to ensure that all contracts are clear in terms of who has responsibility for dealing with cyber issues, whether these are bespoke contracts or standard terms and conditions.

Although your organisation may have a Cyber Policy, it will be little or no use if your employees are not aware of it. All employees should be provided with Cyber Security Training which includes ongoing education. Employers should also consider cyber threats when recruiting employees, so as to avoid the recruitment of an individual who may intent on committing cyber crime or fraud.

ComplianceFor some organisations, the legal consequences of a cyber attack could be severe. Where a breach relates to personal data, significant fines can be levied. Within the EU discussions are taking place in relation to the implementation of the General Data Protection Regulation (GDPR). Under the GDPR, those responsible for company data will be personally responsible for data breaches with fines of between 2 and 4 per cent of turnover and a mandatory requirement to disclose data losses within 72 hours.