Not having an IT security plan in place could lead to your company to be held accountable

Businesses are experiencing a double whammy of ever-changing cyber security threats plus increased accountability if something does go wrong. The combination of internet criminals on one side and GDPR on the other makes it a nervous time for many business owners and senior managers.

Natural reactions to increased punishment for failure to prevent something that you don’t understand tends to be either head in the clouds or head in the sand – “it won’t happen to me” or “frankly, I’ll just panic when it happens”. Neither, of course, is very useful.

Here is what happened to one local business:

‘One of our directors clicked on a link in an email. He gets over 100 emails a day, so was probably rushing through them. Next thing we knew was that our files were getting corrupted and encrypted. We all had to stop work, we shut down the entire company network and restored the data from the last backup. Then we went back on to the network, one computer at a time, as we checked each machine. We didn’t lose any data or pay a ransom, but it was hugely disruptive. And no-one will forget which director caused it!’

What is much more useful than a “do nothing” strategy is to take preventive action. How about devoting thirty minutes of your time to getting a better understanding of the threats that are impacting businesses and other organisations? More importantly, it would be time well spent if you came away with a clear understanding of your next steps to strengthen your organisation’s IT security.