A robust strategy to prevent against cyber attacks along with GDPR considerations is now a business necessity

Featuring Richard Wilding | 16th January, 2018

With the new year, comes new business planning, and with malware and ‘phishing’ attacks increasing month on month, combined with the imminent arrival of the new General Data Protection Regulation (GDPR), the matter of digital security should be high on the agenda of most boards.

Recent examples of cyber-attacks include the crypto-locker virus which is still bringing systems down globally. This, added to the fact that companies are bombarded with phishing scams every day, presents severe risks. These scams take the form of emails that try to persuade staff to download malicious attachments, click on suspicious links, provide personal details or other sensitive data. A targeted ‘spear’ phishing email campaign was blamed for instigating the recent cyber-attack that caused a major power outage in Ukraine.

Closer to home in the West Country, for Q1 2017, there was a reported loss due to cyber-crime of over £5,172,000, (source: Action Fraud) and this is just the tip of the iceberg, as it is believed that the majority of cyber frauds go unreported.

Although the appointment of specialised consultants can be invaluable with offering practical advice, many boards still require assurance that they are doing all that is possible to protect themselves. The UK government is now pushing businesses towards their Cyber Essentials schemes in order that a company can assess and improve their digital defences. If the company suffers a breach, as the Cyber Essentials certification provides evidence that they have carried out basic steps towards protecting their business and data from internet based cyber-attacks, the scheme can also mitigate fines from ICO (Information Commissioner’s Office). The UK government estimate that by undergoing this exercise, companies can protect themselves against an estimated 80% of cyber-attacks.

The certification covers 5 key areas:

  • Secure configurations
  • Firewalls
  • Access controls
  • Patch management
  • Malware protection

IASME offers a certification route to demonstrate that you are preparing for the introduction of GDPR. This certification is available as a verified self-assessment or as an on-site audit.

Once the assessment is passed, a business will receive a certificate and also a website/email badge to show the ‘GDPR ready’ status as well as Cyber Essentials and IASME Governance, which are all embedded in the one assessment.

With regards to GDPR, the two-year implementation period is over in May 2018, yet the majority of UK businesses are unprepared. A new report from Trend Micro has revealed that the boards of UK companies are not treating the new European Union GDPR with the seriousness that it deserves. This has resulted in an overconfidence when it comes to GDPR compliance.

Rik Ferguson, VP Security Research at Trend Micro commented, “The lack of knowledge demonstrated in this research by enterprises surrounding GDPR is astounding. Birth dates, email addresses, marketing databases and postal addresses are all critical customer information, and it’s concerning that so many British businesses, despite their confidence, are unaware of that. If businesses aren’t protecting this data, they aren’t respecting the impending regulation, or their customers, and they definitely aren’t ready for GDPR”. (Source: EUGDPR).

Writing in City AM recently, Liz Brandt, the chief executive at Ctrl Shift said, “Many businesses are less than enthusiastic, treating GDPR as another red tape burden. Too many companies are sinking huge sums of money into just becoming compliant, while many others are ignoring the looming regulation altogether.

“This is a missed opportunity. GDPR is a chance for businesses to sail ahead of competitors – to become their industry’s Netflix and leave rivals in the Blockbuster Bargain Bin. It is also a significant opportunity for the UK economy to become more creative and productive”.

PKF Francis Clark works with companies to help them protect their businesses against cyber attacks and keep their data safe via proven Cyber Security. To find out more about this and the accreditation schemes, please contact Richard Wilding on 01803 320100.

Get in Touch

How would you like to be contacted?

GDPR Consent

For more information read our privacy policy and terms and conditions.

More like this

Looking for more?
Insights
Get Regular Insights
Sign Up