If there is one thing recent cyber attacks on the likes of Talk Talk, Tesco and Yahoo have taught us, it is that all of us, businesses large and small, are at risk.
Online fraudsters are utilising increasingly sophisticated techniques to hack companies and are not afraid to go after the big boys.
As reported in The Yorkshire Post as recently as this Autumn, banks are increasingly throwing massive amounts of resource at the problem. They know an attack on the scale of that which was visited on Talk Talk could be catastrophic for their business.
The hacking that Talk Talk suffered saw the communications firm hit with a fine of £400,000, the most a company has ever been penalised with.
At the time of imposing the fine, the Information Commissioner’s Office said: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent.”
Talk Talk was by no means the only firm to be targeted this year.
However, when the new regulations concerning cyber-security take affect from May 2018, this fine will begin to look like small beer.
The General Data Protection Regulation (known as GDPR) will mean the maximum fine a firm can be handed will rise from £500,000 to the greater of €20m or four per cent of the firm’s annual turnover.
The importance of being getting data protection right has never been more important. And you can bet it is on the agenda for board meetings.
The picture is bleak but no cause for alarm.
Vikki Hoyle, senior associate in the regulatory and compliance group at the Leeds offices of law firm Walker Morris, told The Yorkshire Post: “When the GDPR comes into effect there will be no transitional period - the period we are in right now is the time for transition.
“Businesses need to make sure they have all of their appropriate system in place and that they are the latest versions. Older systems are more prone to bugs and can be exploited.
“Firms need to put steps in place so that deal with it quickly and effectively if they are breached so they can begin to deal with minimising the effects.
“For most companies it is a question of when, not if, their business is going to be hacked.
“Talk Talk is not the only high profile data security breach to be in the headlines recently. The hacking of 500 million Yahoo user accounts shows that it can happen to any business.”
As well as ensuring systems are up-to-date
Although GDPR is a European piece of legislation there have been no indications whatsoever from Government that they intend to fail to comply with it.
With Article 50 set to be triggered in the Spring, the two year negotiating period will mean that GDPR will almost certainly have come into full force by the time Brexit officially occurs.
Even then, UK businesses will continue to sell good and services into the European Union, which will still be subject to GDPR, as well as monitoring EU citizens via matters such as online tracking sales.
In short this is not going anywhere.
The penalty for being hacked is high, but no-one can say we have not been warned.
However, as well as Ms Hoyle’s considered comments on being prepared for hacking, I can also recollect and publish similar remarks from Lloyd Emmerson, digital fraud manager with Lloyds Bank.
Mr Emmerson spoke at The Yorkshire Post’s summit on cyber-security in September on the challenges the banking sector on this score.
Speaking about being targeted by scammers he said: “If it doesn’t feel right, put the phone down.
“If it doesn’t feel right it usually isn’t.”
Increased vigilance is the key to combating the fraudsters.