In recent news, British Airways has been given notice of a record-breaking £183 million fine, followed a day after by Marriott Hotels at £99.2 million.

The reason? Breaching data protection laws. This should be enough to unnerve anyone responsible for cyber security and handling personal data, whether they are a large corporate, or a small business.

Don’t fall into the same pit, it certainly won’t be easy to get out of…

What happened to British Airways and Marriott Hotels?

British Airways’ fine of £183 million represented 1.5% of its turnover in 2017, which was only achieved as a reduction to the maximum penalty through cooperation with the ICO investigation. If the ICO had sought the maximum fine of 4% of BA’s total revenue, the bill could’ve been £489m.

For Marriott Hotels, Information Commissioners Office are proposing a £99.2m fine.

It’s said that about 30 million of the hacked guest records related to residents of 31 countries in the European Economic Area. Seven million related to UK residents.

The General Data Protection Regulation (GDPR)?

The GDPR came into force in May 2018 and is the biggest transformation to data protection and privacy in the past 20 years. The GDPR gives data regulators the power to fine up to £18m, or 4% of annual global turnover, whichever is greater. In a new attempt by European policymakers to incentivise security practices and stop large-scale data breaches.

Last year Facebook was fined £500,000 by the ICO, which involved the data of up to 87 million users improperly being shared with third-party developers without sufficient consent. Given Facebook’s worldwide revenue was £31.5bn in 2017, they could have received a fine of up to £1.26bn had the case had been eligible under GDPR.

 

Small & Medium sized business are not immune.

It is a common mistake to think that your business will not be targeted. Most hackers are conducting their attacks at random – with businesses often falling victim to malicious software breaching their network, at the fault of a staff member inadvertently clicking on a suspect link in an otherwise unassuming email.

 

How can I protect our business from a Data breach?

If you’re unsure at this point, we’d recommend giving us a call; we’d be more than happy to advise your next steps.

This is not the best time to be worrying whether your security is up to date or not.

Which brings us onto the first point, cyber security best practice.

Making sure you’ve got the most appropriate security for your business, whilst also applying updates frequently to solidify its performance and protection. You don’t want to be left vulnerable simply because you’ve delayed the patch by a week or two.

Another major point; it is a legal requirement of GDPR to ensure you back-up your data, and ensure it is encrypted.

Whether this data resides on personal laptops, or stored away in remote data facilities via the internet, every business regardless of size should employ a 3-2-1 backup rule to best mitigate data loss & minimise the impact of an outage.

 

 Lastly, but very much still incredibly important, is to ensure that your team are trained and aware of their susceptibility to cyber-attack.

As discussed in a previous blog, phishing takes its aim directly at your team; firing emails left, right and centre, embedded malicious attachments and links to fraudulent websites, from which software to steal or corrupt your data can manifest itself into your network. Staff awareness is key to data protection, if your front-line team understand this level of importance, you’ll have few issues keeping out of its path.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.