DON’T GET CAUGHT OUT – SMES FIRMLY IN HACKERS SIGHTS

GDPR Law Firm London


 Cyber attacks on large institutions like the NHS or companies like British Airways naturally dominate the headlines when they occur. But cyber crime is now also a major concern for many of the small and medium-sized businesses we represent.
The FBI reported in 2016 that there was an average of 4,000 ransomware attacks each day. For SMEs these attacks can be devastating. As the recent £60,000 fine on a small Berkshire-based video company shows, the size of your firm is no defence to any breach of data protection law.
Even when the breach is a direct result of a criminal hack. If you are handling personal data you’re subject to the law in the strictest sense. In addition to the threat of regulatory fines (likely to increase substantially with the advent of GDPR), cybercrime presents two more obvious threats. First, reputational and financial damage to your core business. Second, the financial threat posed by claims for damages by affected customers.
With so much at stake it’s crucial to ensure you have the right systems in place to both protect your business and minimise the fallout from any attack. If you have concerns you should seek specialist legal advice.
BOOMERANG VIDEO – A CAUTIONARY TALE
At first sight the Information Commissioner’s Office (ICO) £60,000 ICO fine mentioned above on Boomerang Video might appear harsh. Here was a small company, the victim of a criminal cyber attack, its brand name ruined being asked to pay a potentially ruinous fine. But the facts are pretty startling. In finding that Boomerang had failed to implement appropriatetechnical and organisational measures to protect customer data, the ICO established that:
  •  Hackers were able to get names, addresses, account numbers, sort codes AND the card security codes for more than 26,000 Boomerang customers
  •  The password for one section of the company website was a simple dictionary word based on the company name
  • While some information was encrypted the encryption key was not secure
  • The site had been insecure for ten years

The case should act as a lesson to all SME owners of how not to handle personal data. In its decision the ICO indicated that its motive for imposing such a high fine was to ‘promote compliance’ with the Data Protection Act. It was taking the opportunity to remind data controllers to ensure that appropriate and effective security measures are applied to personal data. The ICO provides useful online tools that enable businesses to assess their level of data compliance. But if you have serious concerns that your procedures aren’t secure you should consider instructing a cyber security lawyer for advice.
ARE YOU READY FOR NEW DATA PROTECTION RULES?
Tighter data protection laws come into force in the UK next year. Under the General Data Protection Regulation (GDPR) companies may face much harsher financial penalties than under the current system. In fact it has been estimated that the fines levied by the ICO last year would be 79 times higher under GDPR.
Of course fines aren’t the only concern of companies facing cyber security breaches. Commercial hacking victims face sometimes irreparable damage to their brand. And if Google believes a site has had malware installed it may blacklist it. So visitors will see warning messages (‘malicious site’.. ‘possibly compromised’ and so on.) These warnings have the potential to kill traffic to your site and destroy any online business you had built up.
In addition, as the developing Equifax case shows, customers of businesses that have been hacked are more prepared than ever to take a legal claim for damages. That case involves a data breach of information on 143 million Americans and an undisclosed number of UK citizens and Canadians.
Although it’s impossible to guard against every cyber attack on your business, specialist legal advice can ensure you have the correct security and compliance measures in place to minimise the threat. Maintaining robust systems can also act as a defence to potential claims or regulatory intervention. Big Data Law focuses on cyber security law and related matters. We help companies prepare for GDPR, ensuring procedures are in place for data to be handled securely.
In addition we represent companies facing regulatory intervention and other claims resulting from cyber attack. For any related query you can contact GDPR Law Firm London  Or call us on +44 (0) 7545 813 894.



Location: 4 Bloomsbury Square, London WC1A 2RP, UK

Comments

Post a Comment

Popular posts from this blog

GDPR – IT’S NOT ALL ABOUT CONSENT

Image
The General Data Protection Regulation comes into force tomorrow. Despite what you may have heard, GDPR is not only about getting consent to process the personal information of those people your company interacts with. In the last few days, as the implementation date approaches, you may have been forgiven for believing this to be the case. A degree of panic among businesses appears to have set in regarding the consent issue. Stories of unnecessary GDPR consent emails clogging up inboxes have been widely reported. And the Information Commissioner’s website that contains detailed  GDPR compliance guidance  has crashed . Whether this is due to the sheer volume of traffic following relentless media pressure is unclear. At Big Data Law we have been advising on and  writing about GDPR implementation  for some time. Granted, it represents a big change for businesses that handle personal data with heavy fines a possibility. But it’s important not to overreac...
Read more

HOW WILL GDPR AFFECT EMBASSIES AND CONSULATES

Image
With the GDPR coming into force in the UK on 25 May 2018 it is worth highlighting that the regulations have a broad territorial scope. For embassies and consulates in particular, non-compliance with GDPR could have  serious repercussions  not just for the organisation itself but also for the citizens and commercial enterprises that rely on embassy or consular services. WHERE DOES GDPR APPLY? EU EMBASSIES WITHIN THE EU AND ABROAD Article 3 of the GDPR deals with territorial scope. Where will the new rules apply? For a start the GDPR broadens the international reach of EU data protection rules. They will apply to: ·       The processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. ·       The processing of personal data of data subjects who are in the Union by a control...
Read more

FACEBOOK, CAMBRIDGE ANALYTICA AND THE IMPACT ON GDPR ENFORCEMENT

Image
Facebook’s Mark Zuckerberg  has broken his silence to comment on the unfolding Cambridge Analytica data scandal. He has announced steps his organisation will take to deal with the fallout that has resulted from Cambridge Analytica’s acquisition of the personal data of up to 50 million Facebook users. As the hashtag #deleteFacebook gains momentum it remains to be seen whether Facebook’s actions will be enough to stem the slide in the company’s share price or to restore the credibility of the social media platform. But as we ready ourselves for GDPR, the Facebook/Cambridge Analytica debacle is sure to have repercussions for any company that holds personal data belonging to EU consumers. 3 REASONS WHY GDPR COMPLIANCE MORE IMPORTANT THAN EVER We believe the Cambridge Analytica story makes GDPR compliance more critical than ever for three reasons: ·       The furore has propelled the subject of data protection to the forefront of the politic...
Read more