Data security has hit the headlines this month as it was revealed that the ‘internet giant’ Yahoo! was the victim of a cyber-hack in 2014. An estimated 500 million accounts are thought to have been compromised, 8 million of which are in the UK.
Although Yahoo! was likely targeted due to its large number of users, businesses regardless of size should not ignore these warning signs. Even small businesses are now often targeted by fraudsters.
Given the frequency and growing public awareness of cyber-attacks and online scams, businesses who are victims of attacks are increasingly likely to be held accountable if they fail to put adequate security protections in place.
Businesses are expected to put sufficient safeguards in place to minimise risk and protect themselves and their customers from potential security breaches. This can be seen from the Information Commissioner’s Office’s interpretation that the seventh principle of the Data Protection Act 1998 (regarding information security) extends to cyber security. Also of note is the report from the Culture, Media and Sport Committee in June this year (in response to the 2015 TalkTalk hack) whose recommendations included increased fines depending on the delay in reporting a data breach and easier ways for customers who have been victim of a hack to claim compensation.
Businesses need to be proactive. Now is the time to evaluate the systems currently in place, assess the risks and enforce security measures. Consider the use of encryption technology, digital signatures and multi-step verifications. Take the time to put effective policies in place and educate staff members. Carry out seminars to ensure staff members understand how to utilise the policies and keep them updated on recent scams so they know what to look out for.