One of the consequences of a successful cyber attack may be the loss/theft of personal data, which HR firms hold in abundance, and could be a reason that they are a target for cyber criminals.
If personal data is lost, then the Information Commissioner’s Officer (ICO) will need to be told and they will look at what has happened, including what controls you had in place, before determining whether a fine is appropriate. In fact the ICO have recognised that ransomware has become be such an ongoing issue they have their own section about it on their website: Ransomware and Data compliance.
And one of the ways that they suggest to ensure those controls are in place, is with Cyber Essentials.
Cyber Essentials is a simple and effective Government-back scheme designed to help put in place mitigation to the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.
A study by Lancaster University found that if the controls with Cyber Essentials were implemented, over 99% of attacks were either fully or partially mitigated!
And if your data isn’t being stolen, you won’t need to speak to the ICO in the first place.
What should I do next?
Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your charity’s cyber resilience and can offer guidance to free tools that you can implement straight away.
Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.
Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide additional help if required.
Further Guidance and Support
The ECRC is a police-led, not for profit organisation which companies can join for free.
Our core membership provides:
Threat alerts both regionally and nationally
Signposting to free tools and resources from both Policing and the NCSC
Little steps programme – series of weekly emails which aligns to cyber essentials looking at bite-sized practical information to build cyber resilience
Discussion area to meet and discuss other companies in the region and our partners
Policing led – Business focused
Comentários