Insight: Protecting your business from a cyber attack

Once upon a time, every business – small or large – held its electronic data on its own computer servers in a corner of the office; until that is, cloud computing came along. Now, for many businesses, much of that data has been entrusted to third parties who safeguard everything from confidential client records to employee information. Which is all fine, until something happens to that data. 

Storm in the cloud

Hiscox – a specialist in small business and cyber insurance – recently received a call from one of its clients; a provider of outsourced IT services such as cloud computing. Arriving for work, an employee at the IT firm tried to access the company’s network and realised instantly that they had been hacked; all their data was encrypted meaning the business couldn’t access any of their servers or networks and neither could their customers access their cloud service. That meant over 100 businesses were also compromised and potentially out of action.

The IT firm’s entire business had been shutdown overnight and would remain so unless they paid a ransom in cryptocurrency demanded by the hackers. “For any business, this is one of the worst-case scenarios following a hack. Being unable to operate business as usual while also having their own customers’ information compromised could lead to lost revenue at best and, at worst, reputational damage, legal action and a threat to the future viability of the business,” says Stephen Ridley, Cyber Underwriting Manager at Hiscox UK. “How a business responds in the first moments after discovering a hack is critical.”

Here comes the cavalry

In this case, the first thing the business did was to contact Hiscox who immediately sent IT specialists to help the company restore access to some of its files as well as deploying cyber security experts who could negotiate with the hackers. In addition, lawyers and PR specialists were provided to help the business deal with the regulatory requirements and notification of its customers.

The General Data Protection Regulation (GDPR) requires businesses to notify the Information Commissioner’s Office (ICO) within 72 hours if confidential client data has been compromised. Expert legal advice will help a business know if, and when, it needs to notify the ICO and how it handles communication to its impacted clients. Failure to meet GDPR requirements can lead to substantial fines while a business could also face legal problems from disgruntled customers.

“As an insurer, our priority is to get the affected business up and running as soon as possible to minimise any damage; helping them to manage both the technical challenge of restoring systems as well as their legal, regulatory and customer responsibilities,” says Ridley.

Covering the financial cost

In this case, Hiscox was able to quickly help the business get into some of its files while also providing a cyber security consultant to handle the negotiation with the hacker to get hold of an encryption key to unlock the rest of the system. The legal and PR assistance helped to limit any longer-term reputational damage. In addition, Hiscox covered the financial cost ofbusiness lost as a result of the attack.

“Whatever sector your business is in – whether it’s in IT or the legal world – it is critical to ask yourself what you would do in the event that you came into work one morning and found yourself locked out of your systems as a result of a hack,” says Ridley. “Quickly getting to grips with the problem is essential as is having access to the right skills and expertise to enable your business to safely navigate a way out than not only minimises any immediate damage but ensures there is no long-term harm done to the business.”

“This case showed that not only does outsourcing data management to a cloud provider not make a business immune to a possible hack, but that every business must put cyber security and planning for what they would do in the event of a hack at the top of their crisis management plans,” adds Ridley. 

As a member of The Law Society, you save 5% for the lifetime of your cyber insurance policy with Hiscox. Call 0800 840 2781 or visit www.hiscox.co.uk/ lawsociety to find out more.