Your accounts, HR & Payroll information, Warehousing & Stock Control, Transport & Logistics, Asset Management & Maintenance, Intellectual Property & Contracts are just the common ones.
Research released by the Department for Culture, Media & Sport (DCMS) which looked at Cyber Security incidents during 2019 showed that 98% of businesses (and 95% of charities) heavily rely upon at least one online service, such as Email, Websites/Blogs, Online Banking, Social Media, Online Payments, CRM & Personal Data, Cloud Services. More than three quarters also process personal data regularly as part of their business activities, so Information Security should then be an important consideration.
It is encouraging to read in the DCMS report that more than three quarters of the businesses canvassed consider Cyber Security as a high priority, rising to in excess of 90% in much larger organisations, but that does of course mean that there are a potential 25% of businesses who don’t consider Cyber Security a high priority.
One in five respondents had reported experiencing some form of cyber security incident in the last 12 months, which similarly rose as high as 65% as organisations got larger. Now these are not inconsequential numbers, especially when you consider that between 25% and 30% of businesses experiencing a Cyber Incident in 2018-2019, had also experienced one in 2017-2018; and a whopping 29% saying they experience incidents frequently.
The really worrying statistic however was that 30% of respondents indicated that their business had had taken no action to prevent a similar incident occurring following their most disruptive breach. Inaction is as bad, if not worse than no action and when you consider that 60% of Personal Data Breaches are a result of Human Error, where simple training and minor modifications of processes could in part, mitigate those risks, there really is no excuse for inaction.
What should we be doing?
- Identify what information your business holds that would have a significant effect on your ability to provide products or services (Think about how long you could operate without it).
- Ensure you have processes, procedures or other mechanisms to recover your information should it be lost, stolen or inaccessible.
- Ensure that your staff are educated on your processes & procedures and that everyone knows who to contact in the event of a security incident.
- Remember, information security is not just Cyber Security. Think about physical access to your buildings, screens that display confidential information that are visible through windows or to people that have no need to be able to see that information.
- Review your insurance cover. Cyber policies can help with the costs of information recovery, professional services, or even legal costs in the event of an unlawful cyber incident.
- Be particularly mindful of Phishing Emails and fake websites. Threat Actors are getting better at spoofing email addresses and messages and it only takes that split-second lapse in judgement to click a link on an email that looks genuine. If you weren’t expecting it, treat it with suspicion. Ransomware is also becoming an ever-more significant risk for businesses. Be particularly vigilant and ensure you enforce a “lowest allowable permission” structure on your systems to help mitigate damage should a given user be affected by Ransomware.
These are just some of the things you can think about and do to help protect your business and its information. Xynics are experts in data protection and keeping information safe, secure and flowing, so why not have a free consultation with one of our data protection experts who can help you review your information security practices, build strong information security policies & procedures and provide professional data compliance guidance.