Business Resilience IT
As businesses bounce back, what about business resilience in IT?
As businesses, we all know that changes in the way we work have and will impact our support IT and reliance upon digital connectivity and systems.
Aside from the importance of maintaining customer contacts and starting marketing anew, managing your data and your IT hardware are essential parts of business resilience.
For the data you hold, the GDPR are regulations are very important – What is GDPR the see the end of this blog.
Cyber and IT security as part of your ‘bounce back’ resilience.
Homeworking IT Security
Having homes occupied continuously during the lockdown has dramatically reduced burglary according to police reporting. But, the security of your business equipment and your IT/data is always important. Replacing hardware is simple enough when its covered under home and contents or business insurance but what about your data?
Have you had a hard-drive failure? It has the same impact as a loss or a burglary.
I had one on my home PC and had assumed my back-up settings would protect me, but I was wrong! While most of my documents, photos and files were backed up, my emails and contact lists were not and my mail settings downloaded emails and deleted server copies! Fortunately, I was able to recover 90% of the data from the disk using a professional firm but at a cost of £700!
So, make sure your back up settings are saving all the data you need and check that it is doing so in the cloud or on a network storage device like a MyCloud to mirror your IT.
Perhaps surprisingly, most online criminals use a similar approach to you, as a business, to build a sales and marketing network and identify ‘customers’ to defraud. The list below covers the range of ways criminals can gather more information about you so they can be more effective when the strike.
Common forms of cyber threats include:
- Phishing: email fraud asking for your passwords or personal information.
- Vishing: fraudulent phone calls impersonating real companies.
- Hijacking: accessing your files and locking you out of them.
- Camfecting: taking over your webcam to spy on you – top tip; cover the camera with a patch when not in use.
- Screenshot Hijacking: where hackers capture screenshots.
- Keylogging: remotely recording your keystrokes for passwords or personal info.
- Ad Clicking: a link (email, or webpage) opens malware or collects data.
- Hacking: files or servers hacked for information.
- DDOS Attacks: Digital Denial of Services attacks by overloading your website.
Usually, malware or fraud relies on your input to access your system and that you inadvertently ‘override’ your anti-virus/malware program. Remember, your actions are the highest risk in the chain of events leading to online fraud.
However, here are 4 top tips.
TIP – Never just ‘click’ on email attachments or links including ‘unsubscribe’ links from unexpected emails (just mark them as junk).
TIP – No password, or indeed ‘password safe’, is unbreakable so use strong passwords and two-factor-authentication whenever you can. Change passwords every now and then.
TIP – Use a separate secure Wi-Fi channel exclusively for your business at home. Connect through your mobile phone hotspot when traveling. Routinely delete saved networks off your device.
TIP – Make sure your own business website has SSL (secure sockets layer = https) protection! Use Captcha technologies on your website.
For loads of information visit our online security page https://www.theservicesfamily.com/home/your-security-online covering strong passwords, social media, virtual private networks (VPN) and private browsing windows.
Go to this link with our friends Cyber Security Associates for a free guide for homeworking and cyber health.
Back to some other considerations in insurance.
How insurance can help your resilience.
Running your business from home may be covered under your Home and Contents policy, limited to clerical and administration work, with some cover for office equipment. It is unlikely to cover to business laptops away from your home so consider Gadget Insurance. Stock or raw materials are rarely covered by home policies and stock cover should be included on your business insurance. If you attend trade fairs or markets and take products with you then check they are covered under your car insurance? – if not then Goods in Transit cover can be added to a business policy. Finally, and in nearly all circumstances, employing someone to work at your direction requires employer’s liability insurance by law – even if they are furloughed! https://servicesfamily.insure/employer-liability-insurance-work-with-volunteer-staff-in-charities-or-companies/
Do not forget to review your current insurance and we have provided tips in our blogs about potentially seeking a reduction in your current premium through a Mid-Term Adjustment for turnover, employment, stock and premises adjustments. https://servicesfamily.insure/category/category-1/
General Data Protection Regulations (GDPR) and business resilience in IT.
What is GDPR?
GDPR is an overhaul of the old Data Protection Act. It places new regulations on businesses to ensure that customers know how they use their data, what data they have and provides you with new rights and controls over customer personal data – for the customer:
‘YOU OWN, YOUR OWN DATA’.
GDPR came into force 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of GDPR.
What can it do for customers?
There is a range of new sweeping rights for customers:
- The right to be informed – customers have to be told why a company wants their data.
- The right of access – customers can ask what data a company holds on them.
- The right to rectification – customers can correct any data you have which is wrong
- The right to erasure – customers can have all their data, aside that the company has to retain for legal reasons, removed from the company’s files.
There are further rights covering control over data usage, the right to transfer it to another company, the right to challenge the use of data by a company and to control how customer data is used in decision making or personal profiling.
Under GDPR, customers have powerful rights regarding the loss of their data. A data breach is more than just loosing personal data.
For example; a business could be responsible for a personal data breach if a customers bank details were inappropriately accessed due to a lack of appropriate internal procedures and security controls. If they were disadvantaged, they could request rectification and/or to be compensated.
What are the risks?
It is difficult to see any downside risk to you personally, but if you own a company or use other people’s data you must make sure you comply with the new regulations. More detail on how GDPR can affect you and your business is at https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/