BUSINESS OWNERS WARNED TO STAY ON THE RIGHT SIDE OF THE LAW WHEN IT COMES TO CYBER SECURITY
29th April 2020
Following the recent move to homeworking for a majority of the workforce, it is important to consider cybersecurity risks and the possibility of hackers taking advantage of high numbers of staff now working at home.
If you’re a business owner, not only can cyber criminals pose a risk to your company’s hardware and finances, there can also be serious legal repercussions for businesses who fall foul of hackers if this results in confidential information being leaked.
You may face a fine or legal action from any individuals who have been affected by a data breach, potentially making you liable for significant sums of money or penalties.
These are our three top tips for business owners to help ensure they stay on the right side of the law whilst working from home.
1. Cultivate an open and communicative culture
With the sudden shift towards home working which many people are not used to, there is an increased risk for your business’s cyber security. This can be down to a multitude of reasons, but it’s possible those working from home may click on a link or open an email they’d usually think twice about. If you’re sitting in your office amongst your colleagues and you receive an email that sounds a bit suspicious, you’re more likely to show it to someone else and ask what they think, or even go and speak to your IT department. However, with many of us now working in complete solitude, it can be harder for people to ask for a second opinion on these sorts of things.
Scammers are sure to take advantage of this, and will be targeting more and more people with password-stealing messages and malicious software.
That’s why, as a business owner, it’s important to create a culture where staff feel they can still ask questions and regularly consult with their colleagues on matters, even while working remotely. Set up a structure that facilitates this kind of communication.
2. Stick to ‘safe’ means of communication
With so many of us now working from home, people may find themselves reverting to less secure means of communication, and using these for business purposes rather than the traditional routes. For example, some may email work documents to their own personal email account and then work on them using their own personal laptop. From a security point of view, there’s a greater chance of your personal email account being hacked and the information falling into the wrong hands than if you stick to secure systems.
The same goes for sharing information over text or an instant messaging service which, again, may be at a greater risk of being hacked or leaked.
As a business owner, if one of your employees falls victim to this kind of fraud, and you are hit with a data breach, you may face a fine or legal action from any individuals who have been affected. That’s why it’s vital to seek the advice of an IT professional and stick to their recommendations when it comes to secure online platforms for your employees to use.
3. Provide adequate training for staff
Finally, I’d encourage all business owners who haven’t already done so, to provide adequate training and guidance on working from home for all staff members.
There’s a multitude of training courses available online which will allow your team to brush up on the dos and don’ts of homeworking and alert them to the type of things they should be suspicious of.
From a GDPR point of view, data controllers have an obligation to ensure they have put proper measures in place to comply with GDPR regulations. When working from home, it may be tempting to relax the rules somewhat. While the Information Commissioner’s Office has said they will act sensibly given the current situation, that isn’t carte blanche to act however you like.
GDPR training will ensure your staff know what steps they should be taking to protect the company’s data as well as that of any customers or clients.
The information contained in this newsletter is for general guidance only and represents our understanding of relevant law and practice as at April 2020. Wright, Johnston & Mackenzie LLP cannot be held responsible for any action taken or not taken in reliance upon the contents. Specific advice should be taken on any individual matter. Transmissions to or from our email system and calls to or from our offices may be monitored and/or recorded for regulatory purposes. Authorised and regulated by the Financial Conduct Authority. Registered office: 302 St Vincent Street, Glasgow, G2 5RZ. A limited liability partnership registered in Scotland, number SO 300336.