How can cyber attacks affect my business?
As technology becomes more advanced cyber security is becoming something every business needs to consider. A successful cyber attack can have a major effect on your business reputation and the trust of your consumers.
How will my reputation be affected?
Trust from your consumers is essential when growing your business, however a cyber attack can significantly erode that trust and become counterproductive when building your brand. If this happens, this can lead to a loss of customers, a loss of sales, and a reduction in profits amounting from this. Furthermore, affected customers may even consider legal action against your business. Suppliers may also lose trust in your business, and it may even affect relationships within your business such as with other partners or investors.
What about financial loss?
Cyber attacks can result in substantial financial loss arising from:
- Theft of financial information, such as bank details or payment card details
- Theft of money held within the business
- A disruption in trading due to the inability to carry out further online transactions
Furthermore, businesses who have suffered a breach in their cyber security may also incur further costs in repairing affected systems and devices. In the long-run, it is usually cheaper to hire a professional penetration tester to make sure your systems are secure, than it is to repair the damage from a breach!
What are the legal consequences of a cyber security breach?
Under the Data Protection Act you must manage the security of any personal data you hold. Any data that is either accidently or deliberately compromised due to not having appropriate security measures may result in fines and regulatory sanctions. The General Data Protection Regulation (GDPR) is a new regulation coming into force in May 2018 by European Parliament. The aim of this regulation is to give people control over their personal data. Any breach of this regulation can lead to receiving a warning (in cases of first and non-intentional non-compliance), periodic data protection audits, and fines.
How can I prevent cyber breaches?
First and foremost, make sure you invest in some anti-virus and anti-malware software. Make sure that this software remains updated and that you perform regular security scans. If you find anything on your systems that shouldn’t be there, uninstall it or quarantine it using your anti-virus software immediately.
Secondly, ensure that your employees are aware of any cyber security prevention procedures that are in place within the business. Educate them on how to keep their passwords safe (such as not keeping a piece of paper with their passwords at the desk), and not to speak to those outside the business about security. One of the easiest way to breach security is simply to obtain a password or information from an employee.
It may seem obvious, but make sure any passwords used within your business are strong. The easiest way to enter a secure website is to exploit a weak password. In order to create a strong password, make sure it is at least eight characters (or longer!) and includes a combination of numbers, letters and symbols. Try to avoid any words that may relate to you, such as names, dates or locations.
Make sure you take advantage of a two-step verification process for your business accounts. This will offer an extra layer of security as opposed to simply requiring a username and password. Banks are a perfect example of this in that they require a username, password, and often a security number in order to enter your account.
How can I minimise the impact of a cyber attack?
In order to minimise the aftermath of a cyber security breach you should have an incident response plan in place which will allow you to quickly and effectively deal with the breach.
First, contain the breach to mitigate any further damage to your business. In order to do this, make sure you assess how large the breach is and investigate all systems which may have been affected. You may need to reroute network traffic and block web attacks, and it may be necessary to suspend any compromised devices or networks.
Make sure you have personnel qualified to respond to the incident. This will usually comprise of technical employees to investigate the breach, a public relations expert to deal with any damage to your brand, and possibly a data protection expert if any held data has been compromised.
How prepared is your business in the event of a cyber security breach?
This blog post was written by Melissa Henderson. Melissa is a final year MLaw student at Northumbria University currently working in a business & commercial firm in the Student Law Office. After graduating she hopes to return to her volunteering role in South Africa before beginning her career. Her interests outside of law include animal rights and powerlifting.