HR professionals will all work with personal data in some form, making it essential to at the very least follow best practise when it comes to data handling and online security. Payroll data is highly valuable for fraudsters, making it a target for online fraud. In fact just this month businesses we have seen the impact of mass hackings stealing payroll data, as seen by BA, Boots and BBC.
Hacking incidents on this magnitude often make the headlines, yet smaller organisations can equally be targets. Cybersecurity experts at the North East Business resilience Centre offer a much needed reminder of small steps which can be taken to prevent such attacks, even with modest resources.
Commenting on the story which has seen a cyber crime gang target BA, Boots and the BBC, issuing them with an ultimatum after a mass hacking incident. Rebecca Chapman, CEO and director at The Business Resilience Centre for the North East (NEBRC) and Police Superintendent said,
“This past week we’ve seen yet another supply chain attack, affecting tens of thousands of people, maybe more. The impact of an attack like the one seen by BA, Boots and BBC recently means that more people’s personal information is now out there, making it easier for hackers to send scam emails using the leaked information. This could leave an increased number of businesses and customers vulnerable following the initial details being shared as they can build up a picture of people’s online identities.”
Rebecca continues,
“Just because your business is small or not involved in the national infrastructure, doesn’t mean you won’t be targeted. Despite many small and medium sized businesses lacking internal resources to prevent threats, there are several really basic things we recommend all businesses implement to protect themselves, including signing up to your local business resilience centre such as the NEBRC.”
Tips on how to better protect your small business from NEBRC:
-
Use appropriate password protection and encourage this across the business. Passwords should use 3 random words, in line with NCSC guidance.
-
As a business you will likely have multiple devices in the hands of multiple people. Patching devices and keeping them up to date with all new updates is a wise idea to minimise vulnerabilities.
-
People and staff are the weakest link in most businesses, so frequent training is essential using up to date guidance and resources.
-
You should have systems in place for data back ups which are both secure and regular, should any information be erased or tampered with.
-
A business continuity plan is something that many smaller businesses don’t think about until they need them. Putting one in place as a cautionary measure is just one way to better prepare your business, should the worst happen.
www.nebrcentre.co.uk/core-membership-sign-up/