All posts by dswpadmin

What is data?

It is important that a business understands what data is so they can identify what data they hold and the importance to protect it. Data is the facts and statistics gathered that can be then analysed/used to create information.

Data formats

 

Data can vary in its type as it can be paper based or digital, as a business it is important that both are kept safe. Many businesses now look towards keeping data digitally as it is easier to manage access and protect. a digital format also comes with a higher risk as it could be accessed by an outside party and used maliciously. Many businesses are exposed to the risk of hacking for data theft and ransomware attacks. However, more traditional methods of data storage also apply to GDPR, so it is important that your business understands where it’s data is stored.

Types of data

 

There are several types of this that a business may hold. Personally, identifiable data (including; names, addresses, dates of birth), private data (including; driving licence numbers, passport numbers), and confidential data (including; bank details, credit/debit card numbers, and medical information).

 

How to protect it?

 

Data that is stored digitally should have restricted accesses so as users can only access the data that they need and restrict permissions on the most important data. This will improve the security of your data however you should also have anti-virus software installed so as any malicious malware is blocked from accessing your data.  You should also have a cloud back up for your data that will mean that you have more than one copy of your data so should you have it stolen or break then you have access to it and can continue working.  Have a locked network that requires a password to access, it is common that data is stored on a network that allows people to have access to it from various locations however it is important that your network is secured to prevent it becoming easy for hackers to steal your data.

Read more on data and GDPR

Why doesn’t my PI cover me for cyber liability?

This is a common question that is raised by our clients and a misconception that a professional indemnity policy covers you should a data breach occur. But why? A professional indemnity policy is designed to cover errors and omissions that arise from the negligence of an individual. Whereas a cyber liability policy is designed to cover errors and omissions arising from the theft/loss of data and/or systems.

 

Key differences;

A Professional indemnity policy will cover the costs for a third party should a breach occur. Professional indemnity will allow mean that the of compensation and other costs to third parties once a breach has occurred. A professional indemnity policy will cover the breach of confidentiality and claims that arise from third parties due to this event.

Whereas…

A cyber policy will cover both the first party and third party costs. A cyber liability policy will cover the costs that are incurred by the business should a breach occur. For example, a cyber policy will cover the business interruption costs and the cost of reinstalling a system should it go down as well as the cost that is incurred from a third party claim against the business. Cyber liability policies have the ability to cover all 1st party costs that are associated with a cyber/ data breach. For example, a cyber policy is able to cover the cost of forensic investigation and system rectification costs as well as covering the costs of business interruption.

Professional indemnity isn’t a specialised policy that is designed to cover these costs that are associated with your business. a professional indemnity policy will cover costs that are incurred on a third party due to an act of negligence or an omission occurring.  This type of insurance can cover all types of incident. Whereas a cyber liability policy focuses on the costs that can arise to both a business and a third party from a breach in data or another malicious attack on the businesses systems / data. Such as a DDOS attack to shut down a system or a ransomware attack that meaning that systems and services are withheld until a sum of money is paid.

 

Read more on cyber insurance.

Jargon Buster

As is often the case with any kind of specialist industry there are often keywords and phrases that are used which you may not always understand. As part of our mission to create transparency we felt that it was important to ensure that our clients and understood exactly what we were saying. So we have put together a list of keywords that you will often see when looking at this subject and tried to explain them as clearly as we could.

 

Keywords-

 

Data-

This is the raw set of numbers/ figures and words that a business has collected for market research etc. It remains data until it is given a context. Data is used as parts of a jigsaw to build a bigger picture of an environment or person.

Information-

This is where data has been given a context and it now means something to the business or whoever is looking at it.

Cyber-

This simply relates to the use of anything digital, cyber can be anything from the use of a piece of software to the data/ information held on a hard drive.

Cyber Attack-

This is the term used for when hackers try to get into your systems and steal/ withhold access to your information or other systems to disrupt the businesses operations.

Ddos attack-

This is where a hacker floods your website with traffic to shut it down. Often small websites cannot cope with the traffic volumes and as a result the website crashes.

Trojan horse attack-

This is where a hacker hides a malicious piece of software as something else to get it installed onto a computer and from there they are able to hack into your system.

Ransomware-

This is a piece of software that blocks access to files and other systems until a payment is received and then they may grant access to your files.

General Data Protection Regulations (GDPR)-

These are the new regulations that are coming into force in 2018 to standardise the legislation across border all around the EU. It will be replacing the current data protection act.

Data breach-

This is where a business suffers from the loss or theft of data that they hold. They are liable for this as data controllers and as a result must notify the relevant authorities.

 

Now you understand what were going on about, have a read about Cyber insurance you might need it.

The Importance of Security

Security isn’t just a physical presence anymore in order for an individual or business to remain safe they will need virtual security to protect their systems. As data once fallen into the wrong hands can become extremely damaging. From a business’s point of view, it is more important than ever to be able to keep your data secure. Not only are you responsible for your own data but the data of clients and employee’s.

Cyber security is important to understand as it can often be the difference between a data breach and not. Which in turn is the difference between damage to the business and not, with both financial and reputational damage at risk.

Cyber security is not normally high on the list of considerations for a business when they are looking at their risks. A lot of business’s over look cyber security as it has never previously been an issue. This is where they can be caught out. A business is more at risk in today’s world than ever before especially online. Now people are able to break into a network steal data and use it fraudulently without getting out of bed. The best ways for a business to protect themselves would be to employ a cyber security specialist but that would be unrealistic. So, we have put together a list of aspects to check in order to improve your online security. It also happens that Cyber insurers consider these aspects when calculating a premium.

Considerations:

Passwords; Are your passwords changed regularly? Are the passwords considered strong?

Restricted access; Do people only have access the data they need to complete their work?

Closed network; Can you only access the network from a certain location on a certain device or can you access the network anywhere?

Cloud usage; If you use a cloud server to store data what software protection does it have? and is the server private or shared?

Data relevance; Is the data that you store still useful? Do you delete data that you are no longer required to keep?

Read more of our Cyber Checklist