A recent £4.4m fine imposed by the ICO in October 2022 reveals its views on the responsibility of the parent company, senior management, and financial investments in organisations’ security standards to prevent cyber attacks.Continue Reading ICO expects large organisations to make financial investments to maintain their security standards

As a result of the COVID-19 pandemic, many more organisations have moved their business operations online.  From a cybersecurity and privacy perspective, this brings hackers and criminals greater opportunities to try to infiltrate the increased amount of devices and even deploy ransomware attacks. This is where malware is installed to block access to the user’s data by locking the computer or encrypting the data until the demanded ransom is paid. In some cases, the attackers also threaten to disclose the stolen data if the ransom is not paid.

Ransom attacks are on the rise, with the ICO reporting an increase from 13 ransomware incidents per month to 42 at its 2021 conference. In the U.S., the recent Kaseya ransomware attack affected nearly 200 companies, while the recent pipeline attack disrupted fuel supplies to the East Coast for several days, leading to fuel shortages.

According to a global survey conducted by Sophos, the average total cost of recovery from a ransomware attack has more than doubled, increasing from $761,106 in 2020 to $1.85 million in 2021. These remediation costs include business downtime, lost orders and operational costs. The average ransom paid is $170,404, yet only 8 per cent of organisations managed to recover all of their data after paying a ransom.

In 2020 and so far this year in 2021, the manufacturing, government, education, services and healthcare industries have been particularly hard hit by ransomware attacks. However, no industry is immune from such attacks and ransomware attacks are featured across all industries, including utilities, technology, logistics, transportation, finance and retail.Continue Reading Ransomware is on the rise – what to do if you are faced with a cyber attack

As the U.S. economy and educational system adapt to work and life at home, it is important to remember that cybersecurity (and related privacy) risks remain and are evolving. Remembering to think through measures that are in place to protect personal information, proprietary information, confidential information, and information needed for ongoing operations can help businesses avoid and mitigate these risks. Appropriate protective measures are specific to changing circumstances, but fortunately, guidance and helpful resources have quickly emerged. We have set forth below some important considerations in assessing administrative, technical, and contractual cybersecurity safeguards in virtual business and educational settings.

New tools bring new vulnerabilities

Many entities whose employees are now working from home for the first time are implementing new, sometimes expensive, tools to help their employees collaborate and maintain business operations. These new tools include videoconferencing, file-sharing, and other communication platforms. Even if the employer does not provide the tools, employees may find and use their own.

There are good reasons for implementing these tools at the business level, including consistent-use practices in the entity’s system, a process for regular software patches and updates, and discounted pricing. When selecting and implementing these tools, or modifying the manner and extent by which these tools will be used, it can be easy to overlook or minimize better practices for use of third-party information technology services: reasonable and appropriate diligence, contractual protections, and ongoing oversight and validation.

In addition, it is important to remember that the cybersecurity posture of many (if not most) online tools can vary widely depending on how the tool is configured, maintained, and used. This means considering whether the right virtual-IT skill set has been engaged and applied, and helping ensure that users have the information they need to make better privacy and data security decisions. Addressing these issues effectively can be especially challenging as work and learning environments change radically.Continue Reading U.S. cybersecurity – points to remember when business is not as usual

This month’s WannaCry ransomware attack is the latest example of how these targeted attacks can cripple operating systems, with the bitcoin payments the price for alleged relief.

In the attack, the WannaCry ransomware computer worm targeted the Microsoft Windows operating system, infecting more than 230,000 computers in 150 countries. The ransomware was allegedly spread through

Ransomware and malware could potentially cripple your company and personal networks. Our previous post, Companies can insure against cyber ransom, states, “Ransomware is a form of malicious software, or ‘malware,’ that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it.” As online hackers become more advanced, your company