How to protect your company from a cyber-breach

About 400,000 people in the UK may have had their information stolen following a cyber-breach at the credit monitoring firm Equifax.

The US company said an investigation had revealed that a file containing UK consumer information “may potentially have been accessed”.

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

Equifax said the investigation into the data breach was ongoing and it was working with the Financial Conduct Authority and the ICO.

Cyber-attacks have become an increasing problem for firms that hold a large amount of customer data. HSBC and TalkTalk are among the most high profile British firms to be hit in recent years.

While it may seem like a cyber-breach is an eventuality rather than a possibility, there are practices that you can implement to protect your organisation.

  • Conduct a thorough cyber-risk assessment. Have an IT professional conduct a thorough risk assessment of your company’s cyber-security system and network. For any risks that are identified, you should implement solutions to address them. In addition, you should conduct this type of assessment at least annually or after there has been a cyber-breach.
  • Install firewalls. Firewalls are pieces of software that control the incoming and outgoing network traffic on a computer system and decide what should be allowed through. This screening should include sites that would be harmful or dangerous if employees were to access them. In order to be continuously effective, regularly have your firewall updated.
  • Install anti-virus and anti-malware software. Anti-virus and anti-malware programs are designed to catch, eliminate or quarantine viruses before they can harm a computer system. These programs run in the background to ensure that your computer is protected at all times. To ensure that they are able to catch the most recent malware, be sure to regularly update the software.
  • Provide your staff with cyber-security training. This training should include best practices, such as how to recognise and manage a cyber-security threat, such as suspicious email requests and other cyber-attacks.
  • Enforce safe password practices. Employees should use a strong password, which is changed at least every 90 days. In general, a good password has the following characteristics:
    • Has at least eight characters
    • Includes a mix of uppercase letters, special characters and numbers
    • Does not use the names of spouses, kids or pets
  • Implement a “bring your own device” policy. This policy should outline what is considered to be acceptable use of personal devices, which could include requiring anti-virus and anti-malware software to be installed, disabling the device’s camera and video capabilities, and prohibiting certain apps.
  • Back up your data. Your organisation should have its digital records and information backed up and encrypted on a separate drive. The drive should be regularly updated to ensure that it has the most up-to-date information.
  • Purchase cyber-liability insurance. Cyber-liability insurance can protect your company from cyber-risks, including data breaches, damages to a third-party system and cyber-extortion.

Speak to one of our commercial insurance teams today for further advice about cyber insurance