Cyber attacks resulting from data breaches are on the increase. In this country, because of relatively weak reporting systems, we seldom hear about individual hacking cases. In the US where reporting requirements are much stronger, news reports of data breaches are frequent. New European regulations set to take effect in 2017 will introduce much bigger penalties for failing to report data breaches, meaning that the public will be much more likely to hear when they occur.
The FCA says that it will start to examine companies’ technological and digital resilience and expect them to address cyber security at board level. The most common type of attack is where the end customer has accidentally lost or given away their login details. Passwords need to be strong. There was a case recently where a bank had 17,000 customers all using the password ‘Arsenal1’. 85% of people use the same password for all of their accounts and around 50% use their date of birth for at least one of their passwords. Many hacking attempts start with a plausible phone call soliciting personal information. Firms should check that their firewalls are up to date and that their browser security is sufficient. There should be a policy of changing passwords at regular intervals and particular attention should be paid to the security of laptops. We recommend that cyber security should be a standard board agenda item.
The above is the lead article in our monthly News Notes. Please click here for information regarding these notes.