Business reputation at risk
You might increasingly have seen or heard about cybercrime and theft of data or ransomware attacks. And it’s tempting for small businesses to think that “it’s unlikely to affect me”.
Yet that’s exactly the opposite of the reality. Every business that holds personal data, that’s names, addresses, emails, phone numbers as well as more sensitive data is affected, so everyone reading this who has a business needs to take an interest in the subject. If you don’t take action now, you could suffer irreparable damage to your business reputation and financial wellbeing that could cause your business to fail.
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and if from then you suffer a data breach, either loss or inability to process that data, you will have to announce it to the world, inform those people affected of that breach and the possible financial repercussions of that. Reputational damage could be virtually limitless to people trusting you with their data.
Most of us nowadays keep such data digitally and the protection of that is becoming increasingly compromised with email attacks that have increasing sophistication. You may generally be alert to email scams, but in a moment of inattention for you or staff, it would be very easy to click on a link in an email that allows a virus onto your PC or someone to access data by logging future keystrokes or capturing data stored on the system. Equally, the ease with which a moderately competent hacker could get into your computer is frightening, especially when you use WIFI connections that are not secure.
Many of us pay insufficient attention to securing our computer systems from outside attack or from allowing spurious emails. Regrettably, every one of us in business has to become more alert and take action to change that, by installing proper firewalls, looking at how and when we use mobile devices to have access to our system, including those devices owned and used by staff. In this way, we deter or try to prevent any unauthorised person from getting in to our system. But what if they do get access despite our best efforts; then we need to do what we can to ensure they can’t see the data once inside the system. That involves secure passwords to allow authorised users to operate and use data and is another step to deter hackers. And perhaps finally we need to consider encrypting the data so it’s unreadable by anyone who is not authorised to access it.
We also need to address how data is sent to third parties or customers. It’s typical perhaps for this to be done by email nowadays rather than by post. Yet emails are unsecured and capable of being intercepted. If that happens, again it’s a data breach that will have to be reported under the new GDPR. So the solution is to find and use a secure service that encrypts the data, so only the intended correct recipient is able to access it.
All of this might seem overkill, and certainly we haven’t been used to this level of security. Yet that’s what is needed, so speak to your IT people, and to other advisers, your accountants, who themselves should be acutely aware of the dangers this poses to your business. If you need to discuss what you need to do, contact Jacobs Allen.