Category Archives: Cybersecurity

Cybersecurity, Law, Technology

What businesses can learn from the Travelex cyber attack

Foreign currency seller Travelex was forced to take down its website following a cyber-attack on New Year’s Eve with hackers still holding the company to ransom more than a week later.

Although the company said an early investigation “shows no indication that any personal or customer data has been compromised” Travelex has resorted to carrying out transactions manually.

Susan Hall a specialist in information and communications technology said the company’s response to the attack has been spot on and other businesses should take note.

Susan, a partner in the intellectual property team at national law firm Clarke Willmott LLP, said:

“Initial indications suggest that Travelex are doing the right thing. Businesses, particularly ones in the financial services sector, have to be prepared to be the focus of a cyber-attack, and this is an example, working through in real time, of what seems to be a disaster recovery plan swinging into operation.

“There is a manual alternative to keep services running, clear communication to the public and reassurance about data security.

“It’s particularly admirable since it’s multinational and occurring at a time where there are likely to be a lot of people off on holiday.”

Susan believes Travelex has demonstrated a good model of practice and has given a five-point plan for businesses to protect themselves in similar circumstances.

1) First step is to develop a good disaster recovery plan for your business. This plan should be constantly refined and updated and most importantly it should be tested to check it is fit for purpose.
2) Response team should be on call 24/7 – cyber criminals don’t sleep so your team can’t either!
3) Causation, Correction and Communication: analyse what went wrong, correct what went wrong and communicate what you’re doing.
4) Lead from the top: make sure that communications come from a senior source who acts as the company spokesman. It is therefore important to ensure that whoever is on the frontline is appropriately media trained and confident in dealing with press and public enquiries.
5) Don’t skimp on resources – throw everything at it that’s needed.

Clarke Willmott LLP is a national law firm with seven offices across the country in Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton.

For more information visit www.clarkewillmott.com

Cybersecurity, Data, Midlands News

23% of Midlands workers who mishandled sensitive information lost their job

Office workers in the West Midlands have experienced the most serious consequences from the mishandling of sensitive information at work, with nearly a quarter (23 per cent) admitting to having lost their job as a result of their mistake.

The national survey, commissioned by information security specialist Shred-it, found that 13 per cent of workers in the West Midlands had made a catastrophic error at work by leaving sensitive information lying around or losing something important.

Furthermore, 42 per cent of West Midlands-based workers admitted that their company had lost money or customers as a result of their losing private or sensitive information, compared with 25 per cent in the North West, 36 per cent in the North East and 26 per cent in the South West.

When asked if they had reported the loss of sensitive data to their company, 23 per cent of West Midlands workers said they had, whereas this figure was higher in other key regions, including 35 per cent in the North West, 38 per cent in the South East and 55 per cent in London.

The research also looked at the most common workplace errors, and revealed that 30 per cent of workers in the West Midlands had copied in the wrong person to an email, while 38 per cent had left their computer screen unlocked while they were away from their desk, leaving them and their company exposed to a potential data breach.

Ian Osborne, VP UK & Ireland for Shred-it, commented:

“This survey shows the different attitudes to handling sensitive information at work and when travelling to and from the office between workers across different regions of the UK. It is interesting to see that nearly a quarter of workers from the West Midlands had experienced the most extreme consequence of losing their job as a result of mishandling sensitive information at work.

“It’s all too easy to leave a laptop open without password protection or to throw sensitive documents in the bin, however these seemingly small errors can have serious repercussions, both for companies and their employees, no matter where they are located, potentially resulting in hefty fines or – as we have seen – even job losses.

“Companies must have strict policies on data protection that are communicated clearly to all employees and updated whenever necessary, to avoid potential breaches and to ensure compliance at all levels. Data protection is an important element to all businesses and one that cannot be ignored.”

For more information about Shred-IT, who authored the survey, please visit https://www.shredit.co.uk/en-gb/home

Brexit, Cybersecurity, Data, News, Technology

Data Privacy & Cyber Security are top Brexit countdown worries for UK Business Leaders

Technology issues are now seen to be the biggest threat to business continuity in a post-Brexit world, according to new research conducted among UK business leaders commissioned by ThoughtWorks.

Feeling exposed to – and unprepared for – a range of pressing data safety and cyber risk issues (33%) was a greater concern for 2020 than a range of specific Brexit challenges – such as the weak Pound (24%), supply-chain disruption (20%) and the employment of EU citizens (22%).

With Michel Barnier urging UK businesses to safeguard themselves against cyber threats in the run up to Brexit[1], ThoughtWorks – the global software consultancy – asked 1,022 British businesses which perceived threats to business continuity post Brexit they were not fully prepared for. Overall, 82% of firms identified one or more threats to business continuity as a result of Brexit, a view that was consistent across all sectors and major cities.

Of the 33% of business leaders that mentioned tech worries, the specific areas of concern comprised of:

● changes to the transfer of personal data between the UK and the EU (54%);

● vulnerability to cyber-attacks (42%);

● changes to the storage, purpose and processing of customer data (30%).

These findings come less than 18 months after GDPR was introduced, which has been followed by a series of widely-publicised data breaches involving major brands. Indeed, the survey suggests data safety becomes a bigger issue the larger the business. The larger companies polled were more than twice as likely than small businesses to see tech issues – including cyber-attack risks and data safety – as the biggest threat to business continuity in post-Brexit Britain (47% compared to 22%)[2].

Beyond tech fears, there were a number of additional financial and operational concerns for businesses in adjusting to the prospect of Brexit. Financial issues included the falling value of the Pound (24%) and disruption to flows of capital or changing investor appetite (14%). In terms of operational issues, many foresaw disruptions to their supply chain as a threat to business continuity (20%), whilst other business leaders were worried about access to talent – specifically, the employment of EU citizens in the UK – and UK citizens in the EU (22%).

Whilst London is often seen to be at the centre of Brexit debate, the ThoughtWorks research canvassed business leader opinion across the UK, listening to decision makers from more than 10 of the country’s biggest cities. The results show that whilst across all cities business leaders were uniformly worried about risks to business continuity, technology issues were a particular concern in England’s three biggest cities – London (44%), Manchester (39%) and Birmingham (38%).

Specific city highlights:

● Edinburgh businesses were the most likely to say they were concerned about exposure to cyber-attacks (25%). Beyond tech issues, firms in Edinburgh were also highly likely to worry about the prospect of economic protectionism and trade wars after Brexit (25%).

● London businesses were also worried about cyber security after Brexit (24%) but were slightly more likely to be concerned over changes to the storage, purpose and processing of customer data after Brexit (25%).

● More than a third of Glasgow firms (35%) forecasted tech issues as the biggest threat to continuity after Brexit – with nearly a quarter worrying about the safe storage of data (24%). Glasgow businesses were also the most likely to worry about storing data safely compared to any other UK city (21% Vs. national average 12%).

Every sector – except for the retail sector – saw data and cyber-related issues as the biggest threat to business continuity after Brexit. The import and export of goods slightly tipped the balance for businesses in the retail sector (36% vs. 35%). However, for all the other sectors surveyed, tech issues topped the Brexit worry list – with the public services sector coming top at 47%.

Other sectors where business leaders were particularly worried about the impact of tech-related threats to business continuity included; media and tech (40%); financial services (37%); retail (35%) and manufacturing (33%).

Jim Gumbley, Head of Cyber Security, ThoughtWorks UK commented:

“After a period of unprecedented economic and political uncertainty, we wanted to ask businesses around the UK how prepared they felt for the key operational, financial, regulatory and tech issues that could result from Brexit. Whilst data security and cyber risks were seen as top concerns, it is important to stress that they are no longer just tech issues. Given what’s at stake for businesses, in terms of revenues, brand equity, trust and reputation, security and processes surrounding data need to be factored into the highest levels of corporate strategy.

“Whether UK businesses are pursuing their own development initiatives or investing in tech-driven start-ups, data security must be factored in from the get go. From our London and Manchester offices, ThoughtWorks is helping major brands spanning a range of industry sectors to put data and security at the heart of their thinking and to develop a culture of innovation and agility so they can go towards change and market uncertainty .”