All posts by dswpadmin

Understanding the fundamentals of data

It is important that a business understands what data is so they can identify what data they hold and the importance to protect it. Data is the facts and statistics gathered that can be then analysed/used to create information.

 

Data formats

 

Data can vary in its type as it can be paper based or digital, as a business it is important that both are kept safe. Many businesses now look towards keeping data digitally as it is easier to manage access and protect. Digital data also come with a higher risk as it could be accessed by an outside party and used maliciously. Many businesses are exposed to the risk of hacking for data theft and ransomware attacks.

 

Types of data

 

There are several types of data that a business may hold. Personally, identifiable data (including; names, addresses, dates of birth), private data (including; driving licence numbers, passport numbers), and confidential data (including; bank details, credit/debit card numbers, and medical information).

 

How to protect it?

 

Data that is stored digitally should have restricted accesses so as users can only access the data that they need and restrict permissions on the most important data. This will improve the security of your data however you should also have anti-virus software installed so as any malicious malware is blocked from accessing your data.  You should also have a cloud back up for your data that will mean that you have more than one copy of your data so should you have it stolen or break then you have access to it and can continue working.  Have a locked network that requires a password to access, it is common that data is stored on a network that allows people to have access to it from various locations however it is important that your network is secured to prevent it becoming easy for hackers to steal your data.

If you have any questions please don’t hesitate to…

Data Protection- How To Reduce Your Risks?

Cyber Risk Exposure Exists For All Businesses

Every business in the modern era will have some form of data and will almost certainly have cyber risk exposure. You may not identify it immediately but there’s guaranteed to be some form of risk attached to your business. As a result, you will need to look at your data protection protocols and ensure that they are adequate enough to meet risk exposures and legal requirements.

Businesses that use any form of software to manage data will have risk exposure. If you keep data on a spreadsheet and the file is corrupted can your business still operate? Data protection is now longer just an ethical practice it is required by law under both the data protection act and the GDPR regulations that are coming into force in 2018.

Data Storage Risks Are A Business Liability

It’s not only important from a business point of view to ensure that you have the data you need to continue to operate, but also have the ability to protect the data as you are responsible for it. Any business that holds data, whether it be an address, bank details or national insurance number, you are responsible for protecting that data.

7 Key Questions To Consider For Data Protection & GDPR

When looking at data protection and GDPR, (new regulation coming into force in 2018 to ensure a business is protecting data correctly and using the information ethically), it is important that you are able to answer the following questions:

  1. Do you know where ALL your data is within the business and who has access to it both internally and externally?
  2. Have you reviewed in the last 6 months your privacy policy, if so were there any changes and what were they?
  3. Have you carried out or considered a Privacy Impact Assessment for your work streams?
  4. Do you have and follow a robust records retention policy?
  5. How are you managing supplier and third-party relationships with regard to their obligations to your information?
  6. Do you know if you are a data controller or data processor in each of your business relationships?
  7. How much progress have you made in readiness for GDPR?

 

Be Prepared For Cyber Risk

Answering these questions will help identify areas for improvement, allowing you to reduce your risks. This will not only mean that the business is safer from cybercrime, but also in line with what is expected under the data protection act and forthcoming GDPR legislation.

GDPR will become a major stipulation for your business to follow and it is important that you understand as much about it as possible and begin to prepare in the right way for it.

To find out more read our blog; Are you ready for GDPR?

NHS Data Breach Highlights Cyber Risk

Global Cyber Attack Hits 300,000 Computers

The world was shocked by the global cyber-attack that was made targeting everyone and everything. It has since been estimated that 300,000 computers were affected. The cyber-attack was made more famous by the magnitude and also the one large organisation that it managed to penetrate. The NHS is responsible for millions of confidential data records and personal information and one cyber-attack proved that the cyber security risks are huge and its security will need upgrading.

 NHS – Computer Dependent With Huge Risk

The NHS is a trusted organisation in the public sector and as a result would have been high on the list for hackers to target and as a result the cyber security risks would have been huge. This will have meant that cyber-attack is highly likely. And once attacked the organisation ended in meltdown for a day which will have meant that operations couldn’t be carried out and appointments were missed. This demonstrates perfectly the dependence large organisations have on their systems and the vast impact that is can have if the system goes down.

Cyber Attackers Do Not Discriminate

This is a big warning sign to businesses of all sizes and structures that you can never be too safe with data. Not only were NHS files and computers victim to the WannaCry ransomware attack but the files of some of its employees have also been taken as an IT contractors server was hacked. It is currently thought that over 4,000 employees have been affected.

NHS – Failure To Update Systems Leads To Cyber Risk

It has since transpired that the NHS organisations that were affected were still running Windows XP despite being told to change their systems as Microsoft were to stop providing updates for the operating system. It is due to this that the NHS became such an easy target for the bug.

All in all, it hasn’t been the best of times for the NHS. However, as with all failures, there are lessons to be learnt and a lot can be gained by other businesses about the importance of protecting data. Protecting against your cyber security risks should become a priority as an incident could change the way your business operates and have an impact that the business may never recover from.

 

BA IT Failure

 

British Airways IT Failure – A Lesson In Cyber Risk

In recent weeks, there was a system failure that lead to a standstill of aircraft from BA (British Airways), the IT failures resulted in over 75,000 of its passengers stranded in foreign countries and unable to go on holidays and even business trips. This highlights the real-world risk to all businesses should systems fail as a result of a cyber attack.

The failure resulted in over 700 flights being cancelled. It has since been estimated that the failure is going to cost approximately £80million to compensate all passengers as well as unmeasurable financial losses from reputational damage.

It was reported by BA that the failure occurred due to a human error. The Failure occurred at a crucial time for the business on a bank holiday meaning that many people with short weekend getaways were unable to go and as a result, thousands of disgruntled passengers were left with a hole in their pockets. A hole that BA are going to expected to fill in order to salvage any pride and avoid further reputational damage.

More and More Businesses Are At Risk From Cyber Crime

BA isn’t the first business to be struck down by a system failure and they will definitely not be the last. There have been numerous high-profile incidents whereby large business has lost systems resorting in business losses. It has become so common that big businesses pay to have an external IT support whose responsibility it is to ensure the upkeep of their systems.

Playstation and Coca Cola Have Suffered From Cyber Crime

Other system failures that have caused damage to business include; the loss of the PlayStation Network, a Hack meant that users were left without access it was also then discovered that the hackers were trying to gain access to the payment details of some of the accounts. Coca- Cola had their IT system hacked in 2009, the breach occurred after a senior official opened a malicious link in an email the installed keyword loggers and other malware. In June 2012 RBS were hit by a computer glitch that meant accounts were affected for up to 2 weeks when a software update didn’t work correctly.

As you can see this isn’t the first time that a major company has issues with its IT, for BA now it is about how they recover as they cannot allow this incident to affect their plans moving forward, but by the same token cannot simply ignore what has happened and will need to ensure it doesn’t happen again.