As the amount of data handled by businesses and HR professionals continues to grow, data privacy and security issues are also increasing in importance. Which is by leadership and HR professionals need to prepare and prevent such attacks like those seen in the news recently following the Electoral Register hacking incident.
The Electoral Commision have announced that the cyber attack began in August 2021, with perpetrators having access to the Commission’s servers until it was detected over a year later in October 2022. Whilst it is not thought that the attackers had access to email systems and that the name and address data accessed hasn’t created a high risk to those on the list. It could be the case that this data can then be coupled with additional information that cyber criminals have access to, making those whose data was exposed more vulnerable.
With HR professionals often working with sensitive personal data for a large number of staff, there are many lessons which can be learned from the attack. It’s not just large corporations and those involved in the national infrastructure that are at risk.
Cybersecurity experts at the North East Business resilience Centre offer a much needed reminder of small steps which can be taken to prevent such attacks, even with modest resources.
Fraudsters and cybercriminals want access to data which they can use for malicious purposes, such as opening bank accounts and obtaining loans. It’s important to remain vigilant by your checking credit ratings and understanding if your information has been compromised in data breaches.
Just because your business is small and unconnected to our national democracy, doesn’t mean they won’t be targeted. Despite many small and medium sized businesses lacking internal resources to prevent threats, there are several really basic things we recommend all businesses implement to protect themselves, including signing up to your local business resilience centre such as the NEBRC.
Tips on how to better protect your small business from NEBRC:
-
Beware of phishing emails – This is the most common choice of entry for attackers, they will use information gleaned from data breaches to make their malicious emails look more convincing, in order to trick you into clicking on malicious links or opening attachments, and divulging further sensitive information.
-
Create a business continuity plan – A business continuity plan is something that many smaller businesses don’t think about until they need them. Putting one in place as a cautionary measure is just one way to better prepare your business, should the worst happen. The Electoral Register incidents just goes to show how far back your back up systems may need to go to make your systems safe.
-
Report all incidents – Always report any incidents to the police, you might also consider police cyber alarm as this can detect attacks and where they have come from. Police have the ability at force level to investigate attacks and the NEBRC have partners who can be called to advise should a business be hacked. This can help recover data and provide advice on next steps.
-
Follow national best practice – Use the small business guide from NCSC which provides affordable, practical advice for businesses managing cyber security prevention and response.
-
Follow the 10 little steps – The 10 little steps programme issued by the NEBRC was developed with small business in mind to support online security and reduce risk. This includes keeping devices up to date, following password best practice and implementing back ups amongst others.
-
Train and upskill your teams – Consider completing the cyber essentials and CE+ certifications as ways of ensuring that you are protected from attack in the first place. This could be for yourself or ideally to train the entire business to reduce cyber risk.
Should your business face any of the issues discussed above, contact the NEBRC for further help and advice. You can also sign up for the NEBRC free core membership online for ongoing support https://www.nebrcentre.co.uk/core-membership-sign-up/