May 29, 2017

Flashes of Insight

Why losing to Uruguay is not the only possible world cup disaster

Cyber attacks are a persistent threat for any business, but fear always intensifies during major tournaments. According to a recent survey by Osterman Research, March 2014 saw between 70-100 new phishing/malware websites related to the World Cup every day! For companies whose staff are busy browsing the web for football updates and live streaming videos, the threat of an attack multiplies exponentially..

While many companies have stepped up their battle against hackers in recent years, driven largely by a blitz of publicity surrounding cyber crime, many have learnt the hard way that their efforts are too little, too late. In January US retail giant Target revealed up to 70 million customers had payment card and personal data stolen from the company’s database in December 2013. More recently, up to 145 million eBay customers had their names, email addresses and other personal data stolen from eBay. According to cyber security firm Symantec, data breaches rose 63 per cent in 2013, exposing more than 552 million identities worldwideto the rising threat.

Such catastrophic events not only deplete margins and damage business reputation, but in the case of financial companies regulated by the FCA, can lead to hefty fines. New legislation means common platform firms and management companies must now establish, implement and maintain adequate business continuity policies that ensure the timely recovery of data and limits data loss, should systems or processes be interrupted. Other rules are set by the FCA’s Senior Management Arrangements, Systems and Controls Guidelines (SYSC)

While many companies have increased investment in security, with a noticeable increase in spending on information security in small businesses according to a PwC report, many still leave recovery to the hands of fate. Even those with a seemingly well thought-through business continuity plan can find their back-up data can’t be recovered when disaster strikes. Often data recovery is not rigorously tested because the testing process itself can cause disruption to live systems like email

Marcie Terman, CEO of DATAFORT comments, “Frequently we see organisations struggling with testing which is why we use virtual technology that enables a test to be performed without disruption to the business.”

Importantly, whatever precautions you take to avoid an attack, it’s important to remember that no system is entirely safe, however secure the cyber fortress. Having a back-up and a tested ability to recover data is therefore crucial to your business operations and reputation. This in addition to the following precautions will help you enjoy the game and prevent you from falling victim to hackers who are busy taking aim at fans during the World Cup.

Steps to take to avoid a disaster:

Promote the company internet usage policy

Make sure staff are aware of company equipment, network and internet access rules and guidelines – and review and distribute before any major event.

Keep software updated 

Attackers will frequently exploit known vulnerabilities in software, so keep software up to date.

Ensure everyone applies critical security updates

Out of date anti-virus software is a common gateway to infection

Block certain websites

Limiting the sites employees can visit can go a long way to help limit attacks

Test your business data recovery plan and solution

Around half of all businesses experiencing a disaster with no effective plans for recovery fail within the following 12 months  – make sure you have the right solution and ensure it is tested regularly.

Contact us for advice on managing your data. Or download our white paper on FCA Data Compliance.