Threats to your data
No business can survive without its data!
The world's most valuable resource is no longer oil, but data – The Economist – 6th May 2017.
This means that there must be some safeguards put in place to protect data. A business will find it very difficult to continue without access to its data. This is known as Information Security. This means that, to be secure, data must be subject to; Confidentiality, Integrity and Accessibility. This is known as the CIA principle.
Obeying the Law
Data protection legislation has at its core, the principle of Information Security. This was stipulated in the Data Protection Act of 1998 as Principle 7 - Personal data must be kept secure.
The Data Protection Act of 2018 that incorporates the General Data Protection Regulation (GDPR) also includes this aspect of data security as Principle 6 – Integrity and Confidentiality.
Data must be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.
The amount of fines that can now be levied under GDPR can be up to 4% of global turnover.
Reasons for making your data secure
So there are 4 major reasons to check that you have robust information security measures in place. The first is to ensure your business has no disruption. The second is that the law states that any personal data that you hold must be protected or fines can be levied. The third is loss of reputation through adverse publicity. The fourth is the risk of being sued by individual customers.
One of the biggest risks to your data is from cyber-attacks. These are carried out by criminals or governments in order cause disruption or for financial gain.
A recent case illustrates this, as reported by the BBC on 8th July this year;
British Airways is facing a record fine of £183m for last year's breach of its security systems. The airline, owned by IAG, says it is "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO). At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website.
The ICO said it was the biggest penalty it had handed out and the first to be made public under new rules.
Since this announcement, the victims of this breach, the customers may well sue British Airways. This is in addition to the fines that they must pay to the regulator, The Information Commissioners office (ICO).
What can be done?
A full audit can be undertaken and a risk assessment provided.
Government accreditation can be achieved
Cyber Essentials Plus
This provides evidence to your customers that their data is being handled securely. It is also a useful marketing tool to win business. Bids for new work may well be rejected without this assurance.
In addition, for SMEs, Cyber Insurance can be obtained at low, or no cost upon evidence of such accreditation.