0370 270 6000

Protecting your business from cyber threats

10 February 2020

Did you know that cyber attackers can use publicly available information about your business and employees to make their attacks more successful? Information is often gleaned from websites and public social media accounts.

To make it more difficult for attackers to target your business, there are a few steps that you can take to prevent your business being so forthcoming with important data to assist a cyber-attack:

  • ‘Meet the team’ pages: useful to add personality to your business but an absolute Pandora’s box for those with malicious intent! If an attacker has details of your employees they can use this to craft targeted phishing emails so limit this information where possible;
  • Social media: LinkedIn and other social media accounts often provide information which attackers can use to find a “way in” to your business. Review the information on these sites and ask yourself if it is really necessary to post details about recent contracts won, suppliers your business uses and partners with your business. Think about the information you are posting and how it may be used against your business;
  • Be aware of what others are saying about you: review what your business partners, clients, contractors and suppliers give away about your business online;
  • Use of employee credentials for 3rd party sites: your business may use corporate email addresses to sign up for 3rd party services, such as employee benefit schemes, cloud storage providers etc. If these services are breached and employees reuse passwords across accounts, then this can be a big threat to your business. Leaked credentials can provide a simple way in for an attacker.

Be aware and if in doubt, err on the side of caution to prevent your business falling victim to the ever increasing cyber threat.

First published by Business Live on the 7th February 2020.

Focus on...

Legal updates

Data reform in the UK

Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.

View

Legal updates

Are Local authority companies subject to the Freedom of Information Act 2000?

In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.

View

Legal updates

Digital Markets Act and Data Platforms - FRANDs for life?

The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.

View

Legal updates

More good news for data controllers: High Court finds local authority not vicariously liable for the actions of social worker who went off on a "frolic of her own"

Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council [2022] EWHC 132 (QB)) has been made that is favourable to data controllers.

View