• Contact Us

We're All Going on a Cyber-Holiday

on Wednesday, 20 July 2022.

Holiday periods and weekends are peak times for cyber criminals to come out of the shadows and carry out ransomware attacks.

Last year the FBI and CISA (the Cybersecurity and Infrastructure Security) released a joint statement warning of a statistical pattern in holiday targeting by cybercriminals in the United States.

If your organisation is operating with fewer members of staff during the holiday period, you want to be sure that you are ready to act swiftly in the event of a cyberattack and avoid the risk of losing large amounts of data. Organisations of all sizes will need a plan to pre-empt such attacks and mitigate the regulatory and reputational consequences.

VWV Plus - Data Protection eLearning

What Steps Can You Take to Prepare for a Potential Cyber Attack?

  • Appropriate security measures - old systems and applications can make your organisation vulnerable to a data breach and it may also be difficult for your IT support to detect a virus or threat.  The UK GDPR requires organisations to implement appropriate technical and organisational measures to ensure the security of personal data on your systems.  Although certain measures can be costly, there are some measures that you can implement at a low cost such as data encryption, password protection and multi-factor verification methods. It's also important to keep software up-to-date, so that the latest security features are installed.  We also recommend having a form of record-keeping in place as to which staff members have access to databases and recommend storing data separately to avoid the risk of all data being accessed from a single database.
  • Staff training and awareness - human beings are often your weakest link, therefore ensuring that individuals within your organisation have the tools to spot a potential scam can be one of the simplest and most effective ways of preventing an attack.  This can be achieved by regular training and updating staff on common methods used by hackers to avoid them falling victim.   
  • Supplier contracts - it is common for organisations to use external suppliers or platforms such as Blackbaud or Shopify to manage certain activities. Hence, it is important to check the contracts that you have in place with third party suppliers who may be processing data on your behalf. Check that your contracts include the relevant data obligations for each party and that you agree an appropriate liability cap for loss of data. You should understand the requirements in relation to notifying your organisation of a data breach "without undue delay" as required under the UK GDPR. If your contracts refer to notifying within a "reasonable time" this will be open to debate and may be risky to your organisation's reputation due to the need to inform your data subjects about the breach.
  • Response plan - you should have a step-by-step response plan in pace to deal with data breaches that may occur during holiday periods as well as throughout the year. This should include having senior members of staff and your IT support on standby to make decisions in the event of a data breach and respond as quickly and efficiently as possible. To comply with the UK GDPR, you must report a data breach to the ICO within 72 hours of it taking place. Depending upon the severity of the breach, this may need to be followed by notifying the individuals who are affected by a data breach. Your response plan should also include notifying any other regulators you may have, as well as notifying your insurers at the right time so that you receive the cover you are entitled to.
  • Insurance cover - there are many types of insurance policies available and you can choose what is best suited to your organisation. Insurance can cover your own organisation's and third party's data and digital assets, as well as losses resulting from a data breach and legal proceedings in the event of claims being made by data subjects.

If you have taken reasonable precautions and have a response plan to deal with a cyberattack, you should be confident that your plan of action and systems will make it more difficult for hackers to interrupt your business and if a data breach was to occur, you can deal with it swiftly.


If you require any further assistance or advice on this area, please contact Andrew Gallie in our Data Protection team on  07467 220 831, Nahida Rashid on 020 7665 0841, or complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input