While the Financial Conduct Authority (FCA) have given their approval for companies to outsource their IT and data storage to third party cloud providers, the consent comes with a number of guidelines, issued to ensure that such providers remain compliant.
There’s always a new cyber-threat looming large isn’t there? A new virus or malware with a suitably sinister name, lurking in malicious files, waiting to cause havoc on our systems and grab headlines in the media.
The latest such nasty to make its presence felt, causing chaos and attracting the attention of the news channels, is the threateningly named: Ransomware.
A recent study suggests that the majority of organisations (97%) have an IT security policy in place. But when it comes to staff actually following that policy, demonstrating security ‘savvy-ness’ and taking responsibility for their actions in real life - a different story starts to emerge.
Concerns over network security have long since migrated from the IT department to the boardroom in many companies of all sizes and sectors.
A 2015 report jointly published by NYSE (New York Stock Exchange) and Veracode showed that, of 200 directors interviewed, 80% said that cyber-security was a key agenda point for their business. More concerning perhaps, was that 66% suggested a lack of confidence that their networks had adequate protection.
Regardless of the size or nature of your organisation, if you’re handling, using or storing customer data of any kind then you have a legal obligation to ensure that it’s protected as rigorously as possible. This is the position taken by the Financial Compliance Authority (FCA) and something which all firms need to place high on their agenda when it comes to corporate responsibility.
Research show that in the majority of cases where a data breach occurs, human error - as opposed to maliciousness - is usually the trigger. A failure to follow procedures and policies, general carelessness and failure to get up to speed on new threats tend to be the main culprits here. But what happens if the action goes beyond a simple mistake?
Cyber attack and data loss through hardware malfunction and/or through human error are all likely to be on your risk radar already. ‘Natural disaster’, by contrast, can often seem like a much more remote threat: something that happens to other people in other places. But it’s worth remembering that just last Christmas, whole swathes of the country were affected some of the worst flooding on record, the cost of which breached the £5bn barrier. What’s more, as climate change takes hold, all the signs point to spells of destructive weather becoming the new normal.
Businesses need to avoid falling into the trap of assuming that a “cyber attack” is something that only ever happens to other people. The government’s most recent information security breaches survey suggests that 74% of small businesses had experienced a security breach in the previous year. The same study suggests that the average cost of clearing up after a major breach is upwards of £75,000.
Even if you stick religiously to traditional ‘9 to 5’ hours, your customers almost certainly have other ideas. Whether it’s to browse your website, place an order or simply to leave a message, customers tend to expect 24-hour service, and if you’re unreachable, they’re likely to head elsewhere. For e-commerce especially, the longer you’re offline, the more revenue you will leak.
No matter how vigilant you are, you can never completely eliminate the risk of a serious business interruption. At heart, business continuity planning involves recognising this fact - and making sure you know how to respond if disaster strikes.