The modern age of internet computing has revolutionised the way businesses operate. Whilst technological developments assist and allow businesses to grow and operate more efficiently, almost everyday news stories mention businesses which have suffered major data breaches.
Data breaches are serious concerns – not only are they bad publicity, but they may also lead to competitors getting information that could assist them. Businesses which hold personal data are also subject to data protection legislation and leaked data may amount to a breach which could result in a business facing a fine or other action. The law on data protection is undergoing change and from 25 May 2018 the new EU General Data Protection Regulation will apply. There will be a greater emphasis on accountability and as such data protection will be even more significant. Read our Talking Business blog post ‘Are you up to date with your data processing?’ for more information on the Regulation.
Andrew Horton considers how a business can adequately protect the vast amount of information it holds and what can be done if a business’ data is breached.
Broadly speaking there are two different types of data breach:
- Internal threats where an employee, or other person, who has access to information, removes such information from the business.
- External breaches such as hacking.
Recent years have seen a sharp rise in businesses being hacked. An increasingly common attack on businesses is what is known as ‘Ransomwear’. Ransomwear is software that, once on a device, is designed to intentionally prevent access to the information stored on it, until a ransom is paid by the business so that they can regain control of the information or ensure the information does not get released onto the internet.
There are ways to protect against such data breaches. Whilst the below list probably won’t help against the most determined of hacker, it details best practice and may help against an opportunistic attack or a rogue employee.
- Ensure that you have adequate anti-virus software sufficient for your business needs and that the software is regularly updated.
- Use a firewall.
- Ensure any software (especially business critical software) receives regular updates.
- Don’t use old and no-longer supported versions of software.
- Restrict access to business critical information to only those who need it.
If there is a data breach then it is important to act quickly and identify:
- How the breach originated;
- Ways to fix the breach; and
- What information has been removed.
At Gateley Plc we are experienced in how to help your business if such breaches occur. We have effectively used Court ordered remedies (such as freezing injunctions and search orders) as well as other remedies, which have not required us to instigate formal legal proceedings, to protect the unauthorised use of business information following a data breach. We have also helped our clients to identify the culprit (even in circumstances where the culprit has made attempts to conceal their identity) and supported our clients to achieve a positive outcome following the data breach.
For further information, please contact:
Safeea Shafiq, Associate, Commercial Dispute Resolution team, specialising in IT and Telecom disputes.
T: 0121 234 0152