• Careers
  • Contact Us

Coronavirus - 5 Ways to Protect Your Organisation Against Cyber Attacks

on Friday, 03 April 2020.

The UK has seen some incredible acts of kindness over the last few weeks as we rally together during this uncertain time.

But unfortunately amongst the generosity, there are cyber criminals working to exploit this situation.

This article looks at what your organisation can do to protect itself against cyber attacks at this unprecedented time with 5 key tips:

1. Be Vigilant

It's easy to fall victim to a scam when your mind is understandably on other things, or you feel pressure to act quickly to protect yourself. Cyber criminals know this and will take advantage by designing bogus communications on topics that people care about. For example, the World Health Organisation (WHO) has warned that criminals are impersonating it to steal money and sensitive information.

Provide your staff with practical guidance on how to spot suspicious communications. These 'phishing' attacks usually ask for information, or encourage the recipient to open an attachment or click on a link. Tell-tale signs include the sender's email address not looking quite right, a request to act urgently or the appearance of an official source (eg. a bank) asking you for sensitive information, such as login details.

Staff should be reassured that they won't suffer adverse consequences for questioning the validity of an email even if it turns out to be genuine. It's better to be safe than sorry. Make sure that staff know who to speak to if they have any questions or think that they might have inadvertently compromised your security.

2. Maintain Your Usual Standards

Your organisation should have measures in place around online security already. Now is not the time to let your standards slip, because that is what the cyber criminals are betting on. Continue with your usual processes, such as, promptly updating security software and downloading patches. But also tighten up any areas where you think you might be vulnerable, for example, introduce two factor authentication for remote working.

Staff should be reminded that they continue to play a vital role in your organisation's security defences. Now, more than ever, they should follow your guidance eg. around not using public wifi unless your organisation has taken steps to make its use secure, making passwords strong and not using personal email accounts for work. If staff are permitted to use personal devices for work, they should be provided with guidance on how to do this securely.

3. Test New Software and Online Services

Organisations have been forced to adapt quickly to a new way of working and this has led to the adoption of new software and online services without the usual run in time. Thoroughly test the security of any new application before it is rolled out to your staff and keep a record of your testing. Don't let the need to do business as usual compromise your online security, because a cyber attack could have serious financial and reputational consequences for your organisation at this already difficult time.  

4. Are Your Processors Compliant?

When a third party service provider uses personal data on your behalf, they become your 'processor' under data protection law. Common examples include payroll and cloud storage providers. If personal data that you are responsible for is compromised (eg. lost or stolen) when one of your processors holds it, you are still responsible under data protection law. This is why the GDPR requires you to carry out sufficient due diligence on your processors' data protection compliance and have a contract in place with certain mandatory provisions. If you haven't taken these steps then you could be liable if one of your processors suffers a cyber attack.

Coronavirus Legal Advice

5. The Usual Rules Still Apply Regarding Data Breaches

Cyber attacks often lead to personal data breaches, for example, if a hacker gains access to your client database. The Information Commissioner's Office (ICO) is taking a pragmatic approach to certain aspects of data protection compliance at the moment, but there is no sign that it will relax its high standards around data breach reporting and information security. Certain personal data breaches remain reportable to the ICO within 72 hours.

Make sure that your data breach procedure still works when the key staff involved are working remotely. If you do have to report a breach to the ICO, they will expect you to evidence what you had done to prevent the breach from occurring eg. network security and staff training. This is why it is essential to document what measures you have in place around cyber security.


For specialist support on your data protection obligations, please contact Claire Hall in our Data Protection team on 07467 148750, or complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input