Good cybersecurity management is important to minimising risks and maintaining business continuity in current climate. With remote / home working the current norm, organisations have to keep systems and data secure to minimise the risk of becoming victim of a cyberattack.
Prevention is best when it comes to protecting your data and here are some steps to take:
Protect and secure your organisation’s systems i.e. use Virtual Private Networks (VPNs), have a fully updated anti-virus system in place, try not to mix work and leisure activity on the same device;
Ensure strong co-ordination and clear communication regarding following standard payment protocols between colleagues, clients, suppliers and third parties;
Request all employees and customers to be extremely suspicious of any communication asking to check or renew their credentials or making changes to established procedures even if it seems to come from a trusted internal or external source; and
Put in place a mechanism to monitor suspicious activity and / or security breaches.
If you fall victim to cyber crime, act quickly to:
NOTIFY the bank if you discover fraudulent activity – the sooner you notify the bank, the more likely you are able to stop the onward flow of funds and the more likely the fraudsters will be deterred from spending further time and energy trying to attack your business;
COMMUNICATE immediately with customers –notification of any hack or phishing fraud to customers will most likely put a stop to the fraud because everyone is on notice and on guard (and will also reduce the risk that customers will have legal claims against you);
REPORT any data breach to the ICO; and
IDENTIFY bank account holders – focussing on those who benefit from the fraud (by the receipt of money) leads you to the fraudster or accessories to the fraud, all / any of whom may be liable to compensate you.
Please contact Alexander Wildschütz and Nadia Osborne if you would like further assistance.
Useful resources
Recognising the risk faced, the UK’s national cyber security centre (the NCSC) recently published guidance which focusses on how organisations can (a) prepare for an increase in home working; and (b) spot coronavirus scam emails (https://www.ncsc.gov.uk/guidance/home-working).
In addition the EU Agency for Cyber Security (ENISA) has also shared some top tips for cybersecurity when working remotely which includes guidance on how to manage COVID-19 phishing attacks (https://www.enisa.europa.eu/news/executive-news/top-tips-for-cybersecurity-when-working-remotely).
Related articles on risk identification and business continuity
The legal content provided by Fladgate LLP is for information purposes only and should not be relied on in any specific case without legal or other professional advice.
Copyright is owned by Fladgate LLP and all rights in such copyright are reserved. Material is not to be reproduced in whole or in part without prior written consent.
Fladgate LLP is a limited liability partnership, registered in England and Wales with registered number OC334334. It is authorised and regulated by the Solicitors Regulation Authority, number 484783. The term partner is used to refer to a member of Fladgate LLP. A list of members is available at the registered office shown above.