How to minimise cyber security risk

How to minimise cyber security risk

This month, we have seen further reported incidents of the use of malware and cyber security to gain personal data from consumers.

The Banks’ Integrated Reporting Dictionary (BIRD) website, owned by the European Central Bank (ECB), was hacked early this August, whereby the names, email addresses and job titles of the 481 subscribers to the bank’s e-newsletter may have been stolen.

Since 2018, the Information Commissioner’s Office (ICO) has made a total of 67 enforcements in an attempt to reinforce the confines of GDPR compliance and UK privacy laws.

 

Cyber security: On the rise

 

In Banking, new data released from banking trade body, UK Finance, revealed that incidents of online payment scams reached nearly 85,000 in 2018, with total losses of £354.3m. In Science, more recently, we saw the incident of Eurofins Scientific, the UK’s biggest forensic services provider, being targeted by a highly sophisticated ransomware virus in June. British police suspended work at the company in order to deal with investigation, creating a backlog of 20,000 forensic samples as a result.

 

The amount of sensitive data handled by large companies makes them a prime target of cyber attacks. Poor data management could lead to firms becoming vulnerable to threats such as bank transfer fraud, phishing scams, ransomware or data breaches, which allow for additional compliance risks. Furthermore, data collected through fraudulent means can be used many years after the event has taken place, and can be used to facilitate deception scams against companies and consumers, making them highly convincing and far more difficult to guard against.

 

As digital transformation continues to proliferate, companies would be wise to look to key technology providers in the industry, in helping them navigate these potentially challenging new territories.

 

Managing the data breach risk

 

Our current commercial climate is becoming increasingly data-driven. With more and more companies offering access to data and services online, and a high upward trend in mobile users, which is currently forecasted to reach 5.9 billion by 2025, the equivalent to 71% of the world’s population[1]. The more that corporate companies are expected to deliver their services digitally, and handle sensitive data frequently, in large volumes, the more they are at risk of advanced data breaches, and therefore the considerable resulting fines:

 

Fines applied to Knuddels, Google, Taxa4x35, and Bisnode, plus proposed penalties for British Airways and Marriott International, for GDPR compliance violations. Revenue figures calculated using publicly-available investor reports and estimates from Owler.com. Maximum possible fine is defined as either €20m (£17.6m) or 4% of annual revenue, depending on which is greater, as stipulated in GDPR.

Source: ExchangeWire

 

Factors affects the breach reporting process

 

Every breach is unique, therefore, knowing what to do in response to every breach that occurs can be challenging. Invariably, this means that not all potential or actual breaches can be reported in the same way, and defining the right process to also becomes more challenging

Having clarity at a business level of the risk severity and action points is very important. A lack of this results in companies being slower to make decisions, which impacts on the ability to meet deadlines and action points

Every step of the breach management process must be documented  for the regulator – this audit trail is essential to minimise a fine. If there is no consistent process for this, or if it is manual, mistakes are more likely, and the regulator will likely consider this when assessing the fine

Communication during the process, whether it be to the regulators, supply chain partners, employees, media outlets, the Board, breach victims, stakeholders, and so on, will all be assessed when reviewing any fine. Clear, succinct templates are needed to ensure that no information is missed out

 

With no process or tools in place, an organisation’s ability to plan and focus resources against future incidents becomes impaired.

 

Introducing the Cordery Breach Navigator – effectively protect your organisation

 

Cyber security and data protection will continue to be major topics of focus for in-house lawyers in 2019, with the heavy emphasis on protection of personal data, GDPR compliance and the avoidance of high-risk data breaches. 

 

 

LexisNexis Cordery Breach Navigator is a sophisticated tool that combines legal expertise with the latest software to help Data Privacy Officers (DPOs) and their teams deal with current and potential data breaches in a consistent, informed manner using the very latest best practice techniques.

Cordery Breach Navigator’s decision engine is based on years of best practice intelligence developed by LexisNexis’ expert teams, who have worked with regulators, compliance teams and law enforcement to regularly understand the key issues faced by in-house legal teams. It is informed by direct legal advisory engagement on over 60 live cases, enhanced through analysis of over a year’s worth of regulatory findings from the Information Commissioner’s Office in the UK, and Data Protection Authorities across Europe.

This legal expertise allows the software to make consistent assessments of risk severity and reporting obligations, and to suggest actions and remediation plans that have proven to be effective in cases that share similar attributes.

 

5 key reasons to protect your business with the Cordery Breach Navigator:

 

  • It provides breach handlers with a consistent triage process for any type of data privacy event, with supporting guidance notes and templates at each stage
  • It records the process and builds the event timeline
  • It dynamically recommends immediate actions to remedy the situation and provides longer-term remediation plans based on the type of event
  • It prepares a draft report to be sent to the Data Protection Authority, with necessary details of the incident, supported by a clear timeline and details of actions and remediation plans
  • It provides a complete audit trail, ensuring complete tracking of GDPR compliance

[1] GSMA Intelligence 2019

 

Click to request a demo:  LexisNexis Cordery Breach Navigator

Related Articles:
Latest Articles:
About the author:

Amy is an established writer and researcher, having contributed to publications, such as The Law Society, LPM, City A.M. and Financial IT. Her role at LexisNexis UK involved leading content and thought leadership, as well as writing research reports, including "The Bellwether Report 2020, Covid-19: The next chapter" and "Are medium-sized firms the change-makers in legal?"