Cyber threats are likely very soon to become your biggest concern for the survival of your business. It is that serious. One fact jumps out to us from the figures, almost all attacks have involved co-operation by those internal to the victimized business.
Statistical research reveals 88% of businesses experienced a data breach within the last 12 months, 73% involved actions facilitating the breach coming from an insider to the business (whether deliberate or innocent). [Information Commissioner’s Office]
What you can do
Employers need to educate their staff on their online activity. Staff need to know what is meant by waterholing, phishing, spear phishing and whaling. These are the methods by which most malware is imported by unsuspecting staff into their IT system. Malware allows a hacker to open up your database to being viewed, copied and in a growing number of cases, taken over and held to ransom. This is now such a profitable industry that hackers have gone as far as to employ call centre staff to offer a false support service. They can take card payments and offer support and advice on how to take back control of your company’s database and operating systems.
Another key means by which data is stolen or compromised is through misuse of that data by staff. Loss of laptop, phone, portable storage or USB stick is common and many incidents could be avoided if employees took some simple security measures, or more care to comply with your business’s data security policies.
What we can do
Griffin Law has a better understanding than most law firms on what might have facilitated the cyber-attack or data theft. This allows us to advise on legal remedies open to you and how you can take steps, (legal or practical), that seek to shut down the means by which your IT system and your secure data has been compromised so that it does not occur again.
We acted in a case of theft by an outgoing Sales Director of a company’s entire customer and supplier database. The survival of the business was at stake. By employing the prospect of our client utilizing an urgent court injunction as part of a comprehensive commercial strategy including High Court proceedings, we managed to retrieve the original data, ensure copies were destroyed rendering further use impossible (and subject to contempt of court if our client was being misled even further). The other side even had to pay our client’s legal costs.
Griffin Law aims to educate businesses to re-think the very nature of cybersecurity, making sure your staff are educated and informed, so that they can act as a strong line of defense. If your issue as surpassed the benefits of training, we can apply legal remedies to minimize the damage.
You may not view these issues as all that serious now, but you can bet that your insurers will look very closely at any claim where there is a degree of complacency. You may not have the claim rejected this time, but why expose yourself to having to make that claim
If you would like advice on what to do in the event of a cyber-attack, or, would like to arrange cyber-defence training to your staff, Griffin Law can help. Contact us at firstname.lastname@example.org or on 01732 535923
Article by Dan Sherlock, Senior Associate, Griffin Law