Warning - you are at risk!
Your Cyber Security Risk Report is below
To receive this by email use the form at the bottom of the page
Section: Websites
A website is a window on the world, but it could also be an open door into your systems and customer data. Your website will expose you to a number of risks from cyber criminals.
Hacking
Criminals and malicious individuals target websites to make mischief or for financial gain. If you use your website to generate income for your business then you are at risk of losing sales if the content of your site is altered or edited by a hacker. You could lose income whilst the site is being reinstated. Repeated attacks damage your reputation and search engine rankings. This can have a significant impact on your income in the short to medium term.
Cost To Your Business
- Cost of repairing and reinstatement of Website
- Loss of income whilst your web site is out of use
- Loss of income whilst your Search Engine Rankings recover.
Breach of Intellectual Property Rights
Inadvertent breaches of copyright and intellectual property rights can be very costly. Publishing a website is no different to publishing a book, magazine or newspaper. The content that you put on your page is available for the world to see. Rules relating to breach of copyright and intellectual property apply just as much here as they do off line. Images and text that you use should be your own original content or you should have the owner’s permission to use it. Even if you have been told by your web developer that an image is royalty free and it later transpires that it is not, you may have to pay the owner for using their image. Images might be licensed for a short period of time and if you forget to renew the license you can be charged for the ongoing use. This can be many times more than the original cost of using the image in the first place.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Cost of re-writing/updating Website
Misleading Advertising
The Advertising Standards Agency (ASA) is in charge of enforcing advertising standards in the UK. All adverts must be legal, decent, honest and truthful. This applies in equal measure to the advertising statements that you make on your web site. The ASA can refer non-compliant web sites to Trading Standards who have the power to prosecute in a crown or magistrates court. Penalties can include (but are not limited to) Fines, Imprisonment, Confiscation of Financial Assets, which can include confiscation of Directors personal assets as well as the assets of the business.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Cost of re-writing/updating Website
- Personal risk to Directors and Owner of the Business
- Fines and Penalties*
Libel and Slander
Libel and Slander laws apply equally to the web as they do to any other published media. If something appears on your web site that is untrue and this causes reputational damage then you can be sued for damages. This applies equally to anything that is posted by a visitor (whether legitimate or not), even if you do not take steps to remove it when you become aware of its content.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
Unauthorised Access
Criminals also target web sites with a good reputation to use to extract money from others. One scam involves creating fake pages on the victim’s site which are then used as landing pages to collect money from phishing scams. You are unlikely to be aware that criminals have hijacked your site for this purpose until your web rankings drop or you receive a call from the fraud squad. Attacks of this nature damage your reputation and search engine rankings. This can have a significant impact on your income in the short to medium term. If your website has portal access to your client’s data then you could also be exposed to the risk of a hacker obtaining confidential data including your client’s personal details. Criminals or mischief makers may publish these or use them to hold your business to ransom. They may damage or lock down your internal IT systems or use your systems to launch denial of service attacks or virus attacks on others.
Cost To Your Business
- Damages
- Ransom payments
- Legal costs – defence and prosecution
- Cost of repairing and reinstatement of Website
- Loss of income whilst your web site is out of use
- Loss of income whilst your Search Engine Rankings recover.
Cyber Insurance Solution
- Communication Asset Rectification Costs
- Loss of Business Income Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
Section: HR and Payroll
If you hold HR and Payroll records electronically, you will hold personal details about everyone who works for you, including information that would be classified as sensitive information under the Data Protection Act. Your records contain information that is very attractive to criminals and could put your employees at risk of identity theft and fraud. If the data gets into the wrong hands you could also be at risk of being fined or prosecuted by the Information Commissioners Office for failure to handle, manage, store or destroy data correctly. You could also be sued for Breach of Privacy.
Breach of Employee Privacy Rights
Many of the details that you hold on your employees are considered by the Information Commissioners Office as sensitive. This could include race or ethnicity, trade union membership, health and sickness records, sexual preferences and religious beliefs. Cyber criminals are interested in all of these details and can use them to hold the business to ransom, cause reputational damage to your business or cause embarrassment to your employees.
Cost To Your Business
- Damages
- Ransom payments
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your Payroll data
Failure to handle, manage, store or destroy data properly
You will also hold information that is very useful to thieves. Date of birth, Home addresses, details of holidays that have been booked, banking details, previous names and partners details to name but a few. All of these could be used to target your employees directly, to steal their identity or commit other types of crime. This type of data is particularly useful to criminals who are carrying out Banking Fraud.
Cost To Your Business
- Damages
- Ransom payments
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your Payroll data
- Fines and Penalties*
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
Section: Third Party Data
If you hold third party data during your day to day activities you are responsible for its safekeeping whilst it is in your possession you must also make sure that it is securely destroyed.
Failure to handle, manage, store or destroy data properly
Third Party Data can be particularly vulnerable because it is typically sent and received between different data handlers. You may be prosecuted if the data gets into the wrong hands and have to pay compensation. Transferring information comes with its own risks and there are many opportunities for criminals to steal the information – from the disc left on a train, to using file sharing sites with poor security. If you are prosecuted you will have to pay your own defence costs, whether you are found guilty or not. If you are found guilty then you may also have to pay the prosecutions costs as well as the cost of publicising your conviction. Importing data from others also comes with the risk of importing viruses and other malware onto your own systems, particularly if your own staff do not follow sensible security procedures or your virus checker software is out of date.
Cost To Your Business
- Damages
- Ransom payments
- Legal costs – defence and prosecution
- Fines and Penalties*
Breach of Intellectual Property Rights
Depending on the type of third party data that you hold you may be vulnerable to loss of clients material which could leave you open for a claim in respect of breach of intellectual property rights. If you receive copies of designs, drawings, specifications, ideas, bespoke processes and procedures, critical business data or other trade secrets or information, and you store this electronically, you are vulnerable to a hacking attack or loss by something as simple as a laptop or tablet being stolen from a locked car. If thieves steal the intellectual property of your customers of supplier’s form you and either publish it or sell it to a competitor you may have to pay your customer damages for its loss. They could also hold you to ransom for its safe return or in exchange for not publishing the information on the web or revealing the data to your customer’s competitors.
Cost To Your Business
- Damages
- Ransom payments
- Legal costs – defence and prosecution
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
Section: Storage of Sensitive Data on Accessible Web Servers
Sensitive Personal Data is a special category of data where data controllers are required to take additional care. Sensitive personal data includes personal data consisting of information relating to racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, trade union membership, physical or mental health or condition, sexual preferences, criminal offences, or proceedings for any offence committed or alleged to have been committed.
Libel and Slander
The very nature of this type of data leads you vulnerable to actions being brought for libel and slander. The damages awarded in this type of case can be significant as can the cost of defending such actions.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
Breach of Confidentiality
This type of data is very interesting to thieves, particularly if you have information on high profile individuals or confidential or classified information. Even data for ordinary citizens can present a risk if the context that it is held could compromise an individual – for example a dating web site that holds information may cause huge embarrassment or loss to members if the data is released for public consumption.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
Hacker and Extortion Threats
Hackers and thieves are very interested in this type of data because it provides them with a rich seam of information that is likely to cause at least one person embarrassment or distress if it is released to the general public. It is therefore a good target for Hacking and Extortion attacks.
Cost To Your Business
Breach of Data Protection Act
You must be very careful how you store, transfer and process this type of data. You may be prosecuted if the data gets into the wrong hands and have to pay compensation. If you are prosecuted you will have to pay your own defence costs, whether you are found guilty or not. If you are found guilty then you may also have to pay the prosecutions costs as well as the cost of publicising your conviction.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Fines and Penalties*
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
- Communication Asset Rectification Costs
- Information and Communication Rectification Breach Cover
Section: Third Party Network Access
Opening up your networks to authorised third parties exposes you to attack from criminals and mischief makers who are interested in causing disruption to your internal systems, stealing your data, using your equipment to launch attacks on others and to extort money from you. All of which can be very costly indeed. Damage to your systems due to virus or hacking attack Once you grant access to your system to users from outside of your business, or allow remote access by your staff, customers or suppliers to your systems it is much easier for a hacker to break into the code that your IT system uses and find weaknesses and holes in your security. Hackers can cause wilful damage or implant viruses which cause damage to your systems or self-generate and infect your customers and suppliers systems too. Reconstituting data, rebuilding your system and rekeying data can all be very costly. Often a hacker will be in your system for months before you are aware of their presence, so you may well have to roll back your systems many months (if your back up ups go back this far) or start again from scratch. Not only will this take many hours, and be hugely expensive, you will also need to think about finding the holes in your security where the attackers got in and then redesigning your systems so that they stay out. Whilst this work is being done, you may well lose sales, both from existing customers and new ones.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your programs and data
- Loss of Profits
Hacker and Extortion Threats
If hackers get into your system then one of the things that they might do is prevent legitimate users from accessing the system, including you. This type of system lock down can be used either to disrupt your business or to extort money from you. Ransom demands can range for the small to the large. As a hacker will normally have been in your system for a number of weeks or months before they launch the attack, even back-ups that you have done in the past may be corrupt. Getting your systems back up and running may take many days – during which you may lose business – old and new.
Cost To Your Business
- Ransom payments
- Increased cost of working
- Loss of Profits
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
- Communication Asset Rectification Costs
- Information and Communication Rectification Breach Cover
- Loss of Profits Cover
Section: Internet Email and Social Media
Most businesses provide their employees with access to the internet and email. In some cases this might be via mobile devices, such as tablets or smart phones. The security risk to your data and your business has never been higher.
Libel and Slander
Unfortunately electronic communication is an instant medium where people send first and think later. Communications or jokes which people think are private, can be easily replicated and sent on to others. It’s not difficult to send a message to the wrong person or the wrong message by mistake. It takes only a few unfortunate words for something to go viral, but the reputational damage can be huge. If your employee says something that is untrue or unjustified about a customer, supplier, colleague or member of the public the damages awarded against you can be significant as can the cost of defending such actions.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Reputational Damage
- Loss of Profits
Virus, Hacking and Extortion
One of the easiest ways for a virus to enter your system is through email. The inadvertent downloading of an attachment from an email that looks genuine, can wreak havoc. This is also the easiest way for viruses to spread to your clients and suppliers which could cause damage to their systems and equipment. Once a virus has been installed in your computer systems it can do untold damage. It might create a hole in your security for Hackers to get into your system and steal data. A key logger might send information about passwords or user names to people outside your organisation. This might allow them to access your bank accounts, records or other sensitive data. Programs such as crypto-locker can often get into a system using email as a point of entry. This can result on your programs being locked down, your data encrypted and a ransom being required to release your data. You might be unable to restore your data form back up as this type of virus is designed to lie dormant on your systems for a number of weeks before activating. You will lose time restoring your data, rekeying work, finding and fixing the problem. This could have a knock on effect on new and existing business which will be reflected on your profits.
Cost To Your Business
- Ransom payments
- Damages
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your programs and data
- Increased cost of working
- Loss of Profits
Employees Hacking Your Network or Stealing your Data
A rouge employee with a good system access or a bit of IT knowledge can cause significant damage. From stealing client data, publishing sensitive information, maliciously installing or sending viruses or Trojans, opening up holes in your security, letting others in, or locking or destroying your data or programs. Computers can be programmed to send offensive material to others, or fail. The simplest method by which a virus maliciously entered a computer system was caused by an employee putting a USB drive that he had found labelled “holiday photos” into the drive of his computer.
Cost To Your Business
- Ransom payments
- Damages
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your programs and data
- Increased cost of working
- Loss of Profits
Breach of Data Protection Act
People forget that what they publish on line or put in an email may not be confidential. Even worse because we carry so much information on mobile devices it is not difficult for your data to get into the hands of criminals if a mobile phone or tablet that contains data , emails or other information is lost or stolen. Breaches of the Data Protection act can be very serious and can result in your business being investigated, required to pay compensation and fined. You may even have to pay the cost of publishing the breach. If the information Commissioners Office decides to prosecute you will have to go to court to defend yourself and this will mean that you will also have to pay the prosecution costs, as well as your defence costs, if you are found guilty.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Fines and Penalties*
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
- Communication Asset Rectification Costs
- Information and Communication Rectification Breach Cover
- Data recovery and Loss of Profits Cover
Section: Email and Website Transactions and Communications
If you rely on email or internet portals to transact business and the systems that you rely on are hacked or damaged by a virus this can result in lost revenue and loss of reputation.
Virus, Hacking and Extortion
Viruses love email traffic and web site transactions. You or your staff only have to download one file that has a dangerous attachment for damage to occur. These can spread to your clients and suppliers which could cause damage to their systems and equipment. Viruses and Hackers can enter your system through vulnerabilities created in your security as a result of you accessing a system that is flawed or receiving an email that has a dangerous attachment that is not picked up by your security software. This can lead to damage to your system, damage to others or systems lockdowns which allow criminals to demand ransom payments to release your information. You might be unable to restore your data form back up as this type of virus is designed to lie dormant on your systems for a number of weeks before activating. This will result in a cost to your business as you spend time restoring and rekeying data as well as finding and fixing the damage to your networks. This could well affect new and existing business and result in reduced profits.
Cost To Your Business
- Ransom payments
- Damages
- Legal costs – defence and prosecution
- Cost of repairing and reinstating your programs and data
- Increased cost of working
- Loss of Profits
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Multimedia – Defence Costs, Expenses and Damages Cover
- Communication Asset Rectification Costs
- Information and Communication Rectification Breach Cover
- Data recovery and Loss of Profits Cover
Section: Customers Card and Personal Details stored on Networks
It’s not just a case of having PCI compliant systems and procedures, if you transact live payments on your network or hold card payment or personal details on your systems you could be vulnerable.
Breach of Data Protection Act
Every business that holds this type of data should be Payment Card Industry (PCI) Compliant. This means that you must not hold card details in any durable form, record details in telephone calls, receive data by email, text or other electronic message. It goes without saying that this type of data is very attractive to thieves and breaches of the Data Protection act in respect of this type of data are very serious and can result in your business being investigated, required to pay compensation and fined. If the information Commissioners Office decides to prosecute you will have to go to court to defend yourself and this will mean that you will also have to pay the prosecution costs, as well as your defence costs, if you are found guilty.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Fines and Penalties*
Theft by Hackers and Extorition
This type of data is a gold mine for criminals either for use to commit credit card fraud, commit identity theft, or to extort money from your business. You need to be very careful to follow PCI procedures and ensure that any information that could be used to take money from a card is securely destroyed.
Cost To Your Business
- Damages
- Legal costs – defence and prosecution
- Ransom Demands
- Identification and Rectification of system failures
Cyber Insurance Solution
- Data Security and Privacy Cover
- Data Breach Costs Cover
- Data Extortion Cover
- Information and Communication Rectification Cover
Recomendations
The content of the report has been compiled using the very basic details you have provided. The risks identified are an indication only of just some of the areas where your business could be at risk and is not in any way an exhaustive list of the perils that your business faces from cyber criminals. It should be used as a starting point for you to start thinking about how cyber criminals could damage your business, your reputation, your IT systems and infrastructure and how criminals might use attempt to obtain the data that you hold or use your systems to target or steal from your customers and suppliers.
- We would recommend that you immediately consider asking an IT security professional to carry out a full IT Security Audit of your systems and then implement any recommendations or requirements that are suggested. This type of audit should be updated regularly and should be carried out at least once a year.
- You should make sure that you take regular back-ups of your data and store these in a secure environment away from your business premises.
- You should test your business continuity plan at least once a year to test the quality of the back-ups that you are taking and to ensure that you can complete a full restore from back up easily.
- It is often the case that Hackers will enter systems for a period of months before they are detected. Many viruses and ransomware programs can lie dormant on your system for a period of time before you become aware of them. The period of time between entry and detection is used to deeply imbed damaging software and the tools that criminals will need to attack your data and systems. It is therefore worth ensuring that you retain backups of your data and systems going back a number of months so you can restore your systems and data back to a point prior to the infection entering your system.
- Make sure all of your data security software is up to date and that your computer programs are regularly updated with vulnerability patches. Do not use obsolete or unsupported software or operating systems.
- Implement and maintain a secure password security policy and apply this to all staff including the managing director.
- Incrypt all data when it leaves your site – including on portable media devices, smart phones, tablets and by email.
- Securely destroy old data and old hardware.
This field is for validation purposes and should be left unchanged.