The ICO is now fining companies for doing nothing.
The ICO is now fining companies for doing nothing.
An article by Chris Windley
You have been fined £4.4 Million
by the Information Commissioner’s Office ( ICO )
Your bank tells you that unless you can prove that you have taken the appropriate precautions they will not refund the money stolen from your account.
The ICO says the reason they fined you £4.4 Million is that you failed to put appropriate cyber security measures in place to prevent cyber attacks and that is why the hackers gained access to the personal data of your 113,000 employers via a phishing email.
You can read the full detail on this in the article link at the end of this email.
The UK Information Commissioner basically said this:
– The hackers are not the problem – complacency in the company is.
– They did not put in place cyber security measures to prevent a cyber attack so the hackers got access to the personal data of their staff – 113,000 people.
– The attack started with a phishing email.
He said ” If your business does not…
– Regularly Monitor for suspicious activity AND
– Fails to act on warnings OR
– Does not update software AND
– Fails to provide staff training
YOU can expect a similar fine !!”
full article here > https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/?
In the Cyber Security World we say that there are 4 key areas to ensuring that you reduce the risk from Cyber Attack:
- Leadership – the senior management and Directors ( who are responsible legally ) must lead the company in defending it against Cyber Attacks.
- People – must be trained
- Processes – must exist to stop common forms of cyber attack and scamming.
- Technology – must be used as required.
I am a small and medium sized business Cyber Security specialist having spent 2 years working in the GCHQ NCSC Cyber Accelerator and 18 months working with the Police on the Cyber Resilience Centre roll out and over 30 years in Information Technology.
I work with Leon Gicquel of UK Cyber Security and we have a simple, quick, low cost, easy to use solution based on the Government Cyber Essentials standard to avoid getting fined by the ICO. ( see attached )
Be safe and you may wish to tell your connections about these fines.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us