Cyber security is a hot topic right now, and for good reason; no organisation wants to be at the mercy of hackers in the same way the NHS was as part of the WannaCry attack. Trusts all over the country were affected, with hackers causing routine operations to be cancelled and patient records to be lost. But now the government is proposing a strong financial penalty for companies in ‘essential’ sectors—including banking, power generation, and healthcare.
This financial penalty could be as much as £17m or 4% of the business’ global turnover and could be law by as early as May 2018. If it gains approval then it’s no great leap to imagine it rolling out for services not considered as essential, but which still have a substantial impact for customers.
The NHS attack may have come from a complicated programme, but it was spread in a very simple way; by opening an email attachment. Once open, the attachment locked down the system and released malware to hold it to ransom.
If your business is hit by such an attack, then, you could be facing not just weeks of stress and sleepless nights trying to recover your data but also a potential heavy fine from the government.
But because the attacks were spread by human error, it can be deceptively simple to stop them in their tracks; by making sure your team understand the risks involved in cybersecurity and understand how they can be the first line of defence. Involving your team in special discussions about security has time and again proven to be more effective than sending random emails around. One technique that’s proven to be effective time and time again is involving employees in a ‘false’ attack, where IT professionals orchestrate a similar kind of assault to see which employees will and won’t open suspicious attachments.
It’s important, too, to have all levels of your company, from the top to the bottom, understand the importance of good security protocol and the level of vulnerability your system displays. That way, the risk can be assessed more easily than trying to guess how good your firewall is.
The proposed fines that the government wants to impose on businesses who are lazy with their cybersecurity may be the opening that companies needed in order to really analyse their current system and to see if they could be at risk too.