0370 270 6000

Protecting your business from cyber threats

10 February 2020

Did you know that cyber attackers can use publicly available information about your business and employees to make their attacks more successful? Information is often gleaned from websites and public social media accounts.

To make it more difficult for attackers to target your business, there are a few steps that you can take to prevent your business being so forthcoming with important data to assist a cyber-attack:

  • ‘Meet the team’ pages: useful to add personality to your business but an absolute Pandora’s box for those with malicious intent! If an attacker has details of your employees they can use this to craft targeted phishing emails so limit this information where possible;
  • Social media: LinkedIn and other social media accounts often provide information which attackers can use to find a “way in” to your business. Review the information on these sites and ask yourself if it is really necessary to post details about recent contracts won, suppliers your business uses and partners with your business. Think about the information you are posting and how it may be used against your business;
  • Be aware of what others are saying about you: review what your business partners, clients, contractors and suppliers give away about your business online;
  • Use of employee credentials for 3rd party sites: your business may use corporate email addresses to sign up for 3rd party services, such as employee benefit schemes, cloud storage providers etc. If these services are breached and employees reuse passwords across accounts, then this can be a big threat to your business. Leaked credentials can provide a simple way in for an attacker.

Be aware and if in doubt, err on the side of caution to prevent your business falling victim to the ever increasing cyber threat.

First published by Business Live on the 7th February 2020.

Focus on...

Legal updates

More good news for data controllers: High Court finds local authority not vicariously liable for the actions of social worker who went off on a "frolic of her own"

Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council [2022] EWHC 132 (QB)) has been made that is favourable to data controllers.

View

Published articles

Five top tips for strong data compliance in 2022

This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.

View

Legal updates

Stemming the tide of data breach claims: good news for data controllers

The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.

View

Press releases

Reaction: Supreme Court rules in favour of Google

The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.

View