‘Biggest cyber risk is complacency, not hackers’ – ICO message

Developing,Network,Security,System.,Internet,Data,Security,Concept.,Businessman,Using

The ICO’s message comes after the ICO issued a £4.4m fine to a Berkshire based construction company, after an employee forwarded a phishing email (that was not quarantined or blocked by the IT system) to another employee who opened it and downloaded its content, resulting in installation of malware onto the employee’s workstation.

Whilst the firm’s anti-virus software quarantined the malware and sent an alert, the firm failed to thoroughly investigate the suspicious activity meaning the attacker still had access to the company’s systems. As a result, personal data of up to 113,000 individuals was encrypted by the hacker.

Lessons learned from this case include:

  • The importance of following up on alerts of suspicious activity.
  • Ensuring software systems and protocols are regularly updated.
  • Providing regular staff training.
  • The use of secure passwords and multi-factor authentication.

The increase in the cost of living is likely to result in an increase in phishing attempts, so firms and advisers should remain vigilant. Click here to read the National Cyber Security Centre guidance on how to defend your organisation against phishing attacks.