13 November 2017
Cyber security is certainly a digital risk that is 'of the moment' as recent headline attacks have helped to highlight the issue and bring it to the fore.
Indeed, the rapid onset of the digital age and smart mobile technology means that criminal activity can take place far more remotely than ever before - increasing the risk of an attack in the process. Putting preventative steps in place before the fallout has to be dealt with is therefore highly advisable. However, it is important not to get lost in the headlines and recognise that this is just one digital risk amongst a range of others that business owners must be aware of and protect against with exactly the same level of urgency as for a cyber-attack.
Highlighting an inherent need for this is a recent survey of 1000 businesses throughout Europe by Gowling WLG. UK respondents identified far fewer digital risks as a threat to their business when compared to the views of their European counterparts. Although it is never a good idea to ignore other digital threats, addressing the risk around these now could well pay dividends.
Identity theft/ cloning & loss of data
Whatever uncertainty exists politically at the moment, the UK will be adopting the EU General Data Protection Regulation ("EU GDPR") and updating our own Data Protection Act. This has a direct bearing on the way that personal data is stored and processed and the necessary permissions that will need to be sought, Businesses will already be looking at their data storage processes and policies with a view to these falling in line with the new legislation. A good idea, therefore, is to (in conjunction with the general audit) conduct a compliance/ risk assessment of the most important/ relevant data that could be stolen and develop controls and processes that help address these risks. Also, the creation of scenario planning that establishes how a security breach incident will be addressed if it occurs can really help ensure that responses are swift in the event of this occurring.
From the customer's perspective, online privacy and security has fast become a major USP, as consumers are now savvy enough to think with their feet and choose another provider for a product or service, should a provider's reputation for data security be impacted. It is precisely because a serious data breach, if it becomes public, can have such a serious impact on a business's reputation and bottom line that organisation need to treat this threat as a priority:
- Ensure all departments are briefed on the importance of customer security so there is a shared, unified approach
- Encryption efforts change rapidly so it is important to be up to date with the latest methods and implement these accordingly
- Limit access to customer data to those that actually require it
- Ensure that bring your own device (BYOD) policies for staff - establish a policy that requires employees to provide notification in the event of a lost or stolen device so that measures can be taken to prevent data loss
- Ensure there are several layers of online security so there is back up if one fails
Lack of sufficient technical and business knowledge amongst employees
This is, of course, a key digital risk to consider, given that the actions of one employee could make all the processes and strategies that are put in place to protect against digital risk redundant. It is therefore important to see these types of risk as imminent threats to the business which everyone must be aware of protecting against. Implementing a cascaded programme of education about this throughout a business is therefore highly advisable in order to drive awareness and a sense of personal responsibility throughout the workforce.
A robust digital infrastructure is the most vital component where making the most of the data that is housed within a business is concerned and use it as something to transform successes. Optimising data in the best way means more than collecting, storing and processing bits and bytes. Ensuring reliability and security across a stable network will help to turn data into actionable information and further protect it from outside attacks - thereby helping to protect and promote the organisation in one fell swoop. As well as handling increasingly large volumes of data, an efficient digital infrastructure can help overcome network and connection problems and help implement governance around digital activity.
As the GDPR and data protection points above highlight, compliance with the law is vital in terms of protecting the business from fines that could have been avoided if the right preventative steps had been taken in advance.
So, by being extremely proactive in this area, businesses succeed in complying with the law, protecting themselves against digital risk and transforming their operations, if the right digital infrastructure is in place.
Our recent research of 999 large SMEs in the UK, France and Germany showed that external cyber risks remain the biggest worry for European businesses, yet only one third of businesses use legal support as part of their digital security measures. Take a look at our Digital Risk Calculator to find out your business' digital risk score and identify your top five digital risks.
NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.