Posted on

Business Centre Break-In and Data Protection

Padlock | Cybercrime Legal Services

Business Centre Break-In and Data Protection

If your business experienced computer theft, would the data you hold be safe?

The recent break in at Chichester Enterprise Centre is, sadly, one of many that happen daily across the UK. But this is more than an unfortunate inconvenience for the businesses based in the building. The implications can be astronomical. When computers are stolen data is immediately put at risk. Following the new General Data Protection Regulation (GDPR) legislation that came into force in the UK in May 2018, businesses and organisations, big and small, have an obligation to keep data safe.

Your obligations under GDPR

The introduction of GDPR saw the most important change in data protection law in 20 years. With it came new obligations and duties which organisations of all sizes are required follow to keep data safe. So, what do you need to do if your business ‘computers get stolen? How safe is the data stored on them? Is your business covered by cyber insurance?

Unfortunately, a staggering 60% of small to medium-sized businesses who experience a Cyber attack following a data breach. are forced to liquidate within 6 months of being Attacked!

The good news… this is preventable!

Would your business be covered if you suffered data theft?

If your business stores personal data such as names, email addresses, addresses, medical data or banking information, you need cyber liability insurance.

If your business relies on computers, communicates using electronic methods or has a website, you need cyber liability insurance.

If your business collects payments using a merchant card facility, you need cyber liability insurance.

Without this insurance, you could find your business facing both financial and reputational consequences.

A final word on GDPR and small businesses

GDPR legislation affects every business in some way. You might think your business is too small and is therefore immune to the new law, but you may be surprised. If your organisation has a website – and let’s face it, most do – you have legal obligations! You must display the correct legal documentation on your site for visitors to access and understand. Failure to do this could result in your business breaking the law, and ultimately receiving a fine or other punishment. It is far better to be prepared and to limit your liability in the first place.

Speedy action by Chichester Police force has resulted in the arrest of those responsible. Our thoughts are with those affected by the recent break-in at Chichester Enterprise Centre.  If we can be assistance in anyway please contact Owen Costen Head of Compliance Services.



Posted on

What legal documents does a website need?

People holding document | Cybercrime Legal Services

What legal documents does a website need?

Every business with a website, must ensure they have the correct legal documentation on their website for their visitors to access and understand. Without these documents, the businesses may break the law, face fines or other punishment, or fail to limit their liability.

In a world where online scams are on the increase, having these documents adds credibility to a website and a business. Customers can become informed about how the business will keep their data safe, and trust in its transparency and customer service. This trust can earn the loyalty of customers and keep businesses ahead of the competition.

1.     Privacy Policy

All businesses, charities or sole traders processing, using, storing or sharing personal data must provide the individuals to which that personal data relates, with information about how that data is used. It has been law under the Data Protection Act, and now further requirements have been layered on top by the new General Data Protection Regulation. These requirements can be sufficiently fulfilled by providing customers, clients, service users and other individuals with a Privacy Policy, also known as a Privacy Notice.

Providing privacy information is not only fulfilling a legal requirement, but it is also a fantastic opportunity for a business to demonstrate high standards, trustworthiness, honesty, transparency and good customer service; to build a strong relationship with individuals so that they will continue to use its services or purchase its products.

In order to succeed in achieving this however, the Privacy Policy must be legally compliant, factually reliable, 100% bespoke to the businesses processes, in-keeping with the style of the website and marketing tone of voice, written for its audience (especially if they are children, parents or elderly) clear, easy to understand and transparent.

2.   Cookie Policy

The Privacy and Electronic Communications Regulation requires businesses to provide “clear and comprehensive” information about how particular cookies are used, whilst obtaining consent from the visitor to use them.

This information includes explaining the way the cookies are used and what they are used for in a way visitors can access easily and understand.

Whilst the law doesn’t specify exactly what information must be provided, many businesses and charities exhibiting best practise provide the name, category, purpose and lifetime of the cookie, so their customers can make informed decisions about whether to accept cookies when visiting their website.

3.     Website terms of use

Also known as Terms and Conditions, these terms limit the businesses liability by setting out the legal rights and obligations of the business and the visitor. This document’s roles include, explaining how visitors are expected to use the website, restricting the actions of visitors to protect the website and business and limit the liability of the business.

Get compliant

Here at Cybercrime Services we specialise in producing bespoke website legal documentation for businesses of all sizes. Just visit our legal services page for prices and further information.

Posted on

10 Tips for Preventing a Cyber Attack on your business

Woman on computer | Cybercrime Legal Services

10 Tips for Preventing a Cyber Attack on your business

1. Understand cyber criminals

Cyber criminals have a wealth of different ways they can access, steal or damage your assets. Knowing the different methods they use is key to understanding how to protect yourself. Examples of these methods include phishing emails loaded with malware, unauthorised access through devices and systems and gaining information from staff to deceive them.

2. Train your staff

You’ve heard the saying ‘a chain is only as strong as its weakest link’. 80% of cyber attacks on businesses were preventable, mostly caused by a lack of staff training. Make sure every member of your staff has been trained, for example, to use systems correctly, to update their devices when instructed and to recognise cyber crime attempts.

3. Preserve your data

Make regular back-ups of your important data and conduct checks to ensure the back-ups can be restored should you need to recover corrupted or stolen data. Keep the back-up separate from the original systems and consider storing a copy in a cloud-based location. Should a hacker hold your vital data to ransom and demand payment for its recovery, you can refuse knowing you have it stored safely elsewhere.

4. Be smart whilst working remotely

If your staff ever work remotely or may access company data, systems or accounts remotely, you should have a relevant policy in place. Key restrictions include never using public Wi-Fi networks, keeping portable devices updated, using complex passwords or fingerprint technology to access devices and set them to be tracked if stolen or lost.

5. Prevent malware damage

Use antivirus software on all computers and laptops, as well as on on portable devices where possible. Ensure you use only reputable and approved providers of this security. Updates are developed regularly for software and devices to continue to prevent new malware and viruses from breaching your firewalls. Make those updates to all devices when prompted, and ensure your firewalls are switched on.

6. Restrict removable media devices

USB sticks, portable hard drives and SD cards can all carry dangerous viruses and software, which can quickly spread from one computer to all devices. Consider introducing a policy on the use of such removable media devices and restrict their use. Transfers of files can be safer through cloud platforms.

7. Don’t punish staff

A crucial step to protecting your assets in the event of a cyber attack is reporting it in time to act. Don’t punish staff if they are caught out by an attempt by a cyber criminal, it will discourage staff from reporting it in the future, which may lead to more damage than necessary. If you suspect a successful attack has occurred, immediately change all passwords and begin scanning for malware.

8. Avoid a phishing attack

Millions of phishing emails are sent every day and many can be very convincing. The obvious signs to look out for include poor grammar and spelling, poor quality graphics and logos, and unfamiliar sender email addresses. Even if you know the sender personally, check their email address is one you have safely communicated with them previously. If an email contains links, especially links to sign in to an account or provide personal information, avoid using them and go to the website independently. Never open an attachment if you are not sure the email is legitimate.

9. Protect your passwords

With the UKs most common passwords including 123456, password and Qwerty, cyber criminals are quickly able to gain access to our accounts and devices with little effort. The recommended formula for a safe password is three random words, including numbers and symbols. For example L0ND0NAPPL@B3@CH. Do not enforce regular password changes, they only need to be updated in the event a successful attack is suspected.

10. Control access to data

It is unlikely that all staff need access to all drives and folders for all departments of your company. It is easier to keep data secure if staff only have access to the data they need to access, and if you have a record of who has permissions to access which files. It is also vital that permissions are removed, accounts suspended and passwords change once a staff members employment comes to an end.