The cyber attacks on the NHS last year and the recent large-scale data breach at Dixons Carphone were widely reported in the media but new figures from the Department for Digital, Culture, Media and Sport highlight that digital crime is far more widespread than a few isolated high-profile incidents.
In the past twelve months over 43% of UK businesses and 19% of UK charities suffered a cyber breach or attack. The most common incidents involved fraudulent emails seeking to deceive staff into revealing passwords, financial information or opening dangerous attachments.
The new privacy legislation, the General Data Protection Regulation (the ‘GDPR’), which came into force on the 25th May this year, places an even greater emphasis on data security. Under the GDPR, organisations must have in place appropriate technical and organisational measures (including in relation to data security). If those measures are not in place, organisations could be in danger of considerable fines or penalties from the relevant supervisory authority (which for the UK is the Information Commissioner’s Office).
There are a number of online resources available to help organisations keep up with both cyber criminals and legislative changes. One of these resources is the government scheme ‘Cyber Essentials’ which provides a certification scheme through which an organisation can either self-assess its data security systems or have those systems independently assessed by an approved body. In November of last year, it was reported that such guidance and schemes were significantly under-utilised but organisations are increasingly taking advantage of these resources.
For more information about the GDPR and its implications for the data security of your organisation, please contact Andrew Priest on 01223 532 746, or email Andrew by clicking here