Protection from cyber attack and data breach

Organisations are increasingly reliant on technology to manage their activities, so the threat of cyber-attack or data breach is greater.

Read our protection guide to discover how to reduce the risks.

Understanding cyber attack and data breach

Technology and the internet are revolutionising the way organisations communicate and how they oversee and manage data. Criminals can make large sums of money from breaching and stealing data. There is comprehensive legislation in place which imposes penalties on organisations not taking appropriate steps to secure or prevent unrestricted access to individual data. Organisations are consequently at risk to business disruption, heavy fines, and damage to their reputations.

Liabilities

  • Organisations have certain responsibilities when managing, securing, and using data
  • If they do not adhere to these responsibilities, they will be liable to fines and further actions from regulators
  • They may also be subject to civil liabilities from individuals who have been affected by a data breach resulting in the payment of compensation and any legal costs
  • You should check whether your organisation’s insurance policies cover these situations, they are not typically covered by public liability insurance

Additional expenses and costs

  • Investigating the extent of the issue and how to fix it and then fixing it. This may involve external consultants
  • Communication to and with affected parties
  • Providing support to affected parties which may include helplines
  • Reducing the impact of damage to your reputation which may include hiring external consultants
  • Standard insurance policies might not cover your organisation for both physical and non-physical damage to computer systems
  • Loss of income due to business interruption caused by damage to your computer systems
  • Illegal access to your systems could lead to money or credit being stolen from your organisation

Risk management

There are a number of things you can do to limit the risks of a cyber-attack occurring as well as the damage it can do.

  • Regular back-up of data
  • Use anti-virus software and firewalls
  • Implement email and internet usage policies
  • Background checks on staff
  • Documented procedures for transferring money
  • Use trusted data service providers in UK
  • Strong password security in place
  • Limit access to systems
  • Implement data privacy and information security policies
  • Create a crisis management policy
  • Create a hardware destruction policy
  • Implement data encryption
  • Regularly update systems

What else might you be interested in?

Display screen equipment

Typically, display screen equipment (DSE) is any computer, laptop, touch screen or similar device.

Duty of candour

All providers of health and social care services who are registered with the Care Quality Commission (CQC) are required to comply with a statutory duty of candour.

Enterprise risk management

The documents in this section are designed to help charities or churches of any size to create a framework to help them look at risk universally.