GDPR - six months on
Cybercrime: Is your business protected?
Cybercrime is no longer just an issue for IT professionals, it’s something everyone needs to be aware of. If you are a small or medium-sized enterprise (SME) then there is around a 1 in 2 chance that you will experience a cyber security breach.
Agricultural businesses are embracing the digital world and are increasingly using computer-controlled systems and equipment which may increase productivity and profitability but which may also make their business more vulnerable to cyber-crime.
How do cyber criminals operate?
Increasingly, cybercriminals are using subtle social engineering techniques to quietly penetrate businesses, deploying malicious software that can live undetected in network systems for months. Cybercriminals can then remotely and covertly steal valuable information, whether in the form of personal, customer or employee information, financial data or intellectual property. Examples of the types of fraud that could be perpetrated include impersonation scams where Cybercriminals who have penetrated network systems send out incorrect bank details using email accounts when they realise money is about to change hands between parties.
The impact of a cyber breach or attack can be huge: it includes the time you could lose through having to fix your systems, the potential loss of business, damage to your reputation and all the other potential consequences of a hacker getting their hands on your data and business information.
One of the biggest changes introduced by the General Data Protection Regulation (GDPR) last year in respect of personal data is in relation to accountability – a new data protection principle that states that businesses are responsible for, and must be able to demonstrate, compliance with the principles of data protection. Although these obligations were implicit in the Data Protection Act 1998, the GDPR makes them explicit.
Businesses need to be proactive about data protection, and need to ensure that they take practical steps to mitigate the risk of cybercrime and have adequate security systems in place.
Staff training is a key element of ensuring that your business is compliant with the GDPR and protected from cyber-crime. Technology can offer you the tools to store personal information but it is your people that determine its success.
If you would like to find out more about the training packages we offer at Brachers (which range from on-site sessions to interactive webinars) please do not hesitate to contact a member of the team.
Personal data breaches
In most cases businesses are required to notify the Information Commissioner’s Office (ICO) if a ‘personal data breach’ occurs. A personal data breach includes any breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. They must do so within 72 hours of becoming aware of that breach, therefore time is of the essence. It is therefore important that staff know what could constitute a breach and who within the business should be notified of the breach in case reporting needs to take place.
As well as training staff it is also important to put in place an incident response plan. This should include sourcing legal advice in relation to potential legal or regulatory issues such as if and how the issue should be reported to the ICO and whether there is also an obligation to notify the individuals whose data has been compromised, this being necessary where the potential risk to them is viewed as high.
Our team of experts at Brachers can assist agricultural businesses on all aspects of GDPR compliance, staff training and, where data breaches occur, your reporting obligations to the ICO and data subjects. For more information on how we can help, please contact Antonio.
This article was first published in the February 2019 edition of South East Farmer.
- News & Events