search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
ADVICE


IT, HR and the board (and, if necessary, a legal adviser) – ready to convene if the incident is found to be serious enough. You could instead outsource this function to an external certifi ed cyber security incident response provider. Visit crest-approved.org for a list of vendors accredited by the Council of Registered Ethical Security Testers.


Not sci-fi: in the 1983 film WarGames, teenagers played by Ally Sheedy and Matthew Broderick hacked a military supercomputer. In 2018, Leicestershire schoolboy Kane Gamble was detained for mounting cyber attacks on US intelligence agencies


HOW TO...


RESPOND EFFECTIVELY TO A CYBER SECURITY BREACH


The IoD’s Information and Advisory Service (IAS) recommends a way to take control and limit the damage to your business if an attack hits home


According to the government’s latest annual Cyber Security Breaches Survey, 43 per cent of British SMEs fell victim to a cyber attack in 2017. Most of the respondents would have had in place at least some of the standard protections – from anti-virus software to awareness training – yet only 13 per cent had a procedure ready for when these failed to prevent a security breach. The government’s National Cyber Security Centre (NCSC) estimates the average direct cost of a breach to a small fi rm to be £1,400, but the longer- term cost of the reputational harm caused could far exceed that, especially if the response is botched. It’s therefore crucial to know what to do if you fi nd


48 director.co.uk


that your fi rm’s IT defences have been penetrated. The following procedure should keep the damage to a minimum.


Lock down your systems As soon as you become aware of a breach, you will need to secure the network. You’ll probably have to take your systems offl ine temporarily, which will restrict the hacker’s access to your data but disrupt your own operations too.


Activate your response team Not all breaches will warrant a full investigation, so your IT experts will fi rst need to assess the damage. The NCSC recommends that you have a trained response team – including representatives from


HOW THE IAS CAN HELP YOU


 The Business Information Service (BIS) is accessible by email (businessinfo@ iod.com) or call: 020 7451 3100


 The Directors’ Advisory Service (DAS) can give guidance by appointment, either face to face at 116 Pall Mall or over the phone: 020 7451 3188


 The legal helpline can answer quick queries about a vast range of issues: 0870 241 3478*


 The tax helpline can give callers advice on both commercial and personal tax matters: 01455 639110†


 IoD members are entitled to 25 enquiries a year to the BIS; four sessions with a DAS adviser; and 25 calls to both the legal and tax helplines. For further details, visit iod.com/ information or email businessinfo@iod.com


* Quote your membership number † Quote your membership number and reference number 33337


Report the incident


If the security of any personal data held by your fi rm has been compromised and individuals’ rights are likely to be at risk as a result, the General Data Protection Regulation obliges you to notify the Information Commissioner’s Offi ce (ICO) within 72 hours of the


discovery. Cases of online fraud or extortion should be reported to Action Fraud or the police. What other information you communicate and to whom will depend on any number of factors, but communicate you must. Be prepared for a stream of enquiries from concerned stakeholders, including clients, suppliers, regulators and even law enforcement agencies. It’s important to stay on top of these and respond as quickly and candidly as possible, because prevarication will only make matters worse. Last year the ICO fi ned Uber £385,000 under the Data Protection Act 1998 for a 2016 breach and cover-up. The fi rm admitted that it had paid US hackers $100,000 to destroy stolen data on more than 50 million users and keep quiet about it.


Review, learn and refine Before you return to business as usual, you’ll need to conduct a thorough audit of your cyber security strategy. The NCSC’s 10 Steps to Cyber Security guide is a good starting point for SMEs, as is the government- backed Cyber Essentials certifi cation scheme, which will help to reassure customers and other interested parties that your organisation is serious about cyber security.


WORDS: HANNAH GRESTY. PHOTO: ENTERTAINMENT PICTURES / ALAMY


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68