British diplomats have been refused entry to a vital meeting about cyber-security, and we haven't even left the EU yet. The nation's 'poor' cyber security practices are putting businesses at risk even though plenty are investing in cyber security products and services. And the country's property agents risk falling foul of a data breach.
At the same time the government is claiming that big businesses like Google and Microsoft are backing the UK in a bid to become a world leader in tackling the worst digital security threats. On one hand we're failing miserably as a nation. On the other hand we're making great progress. It doesn't make sense. Who's right? It's probably sensible to trust what businesses have to say rather than believe what the government says. Bearing that in mind, here's the news.
The UK is shut out of crucial cyber security meetings – But we haven't left the EU yet
As Brexit rumbles on, the Financial Times reports on the UK's Brussels diplomats being shut out of a vital meeting to discuss cyber security, even though we haven't yet left the EU.
Our head diplomat in Brussels, Tim Barrow, has written to the EU Council’s top civil servant in protest at the dis-invitation from an EU28 meeting on cyber standards on 25th June. Discussions included ways to protect Europe’s 5G networks following worries about security risks posed by the Chinese telecom firm Huawei, important for Britain since we're still a full member of the EU. A spokesman said they weren't clear about why we were excluded, and they'll be 'seeking reassurance that this is an isolated case and that good process will be followed in future'.
When all the goodies, gadgets and software in the world won't keep you secure
A new survey has revealed how British firms investing in the latest cyber security products and services are being undermined by poor employee security practices. It looks like the country's businesses are failing to understand the most basic cyber security precautions, even though an impressive 40% of the 1253 workers polled by Probrand claimed their company had invested in new cyber security products and services during the past year.
67% of those quizzed admitted their passwords are basic, easy to guess or hack. 63% claimed they don't bother changing their password regularly. Just under 50% said they hadn't changed their password at all. It looks like 37% of UK workers use insecure network connections like public Wi-Fi or mobile tethering when they're working away from the office. No wonder another item of research by the same people revealed 43% of UK businesses suffered a cyber attack over the past 12 months.
These failures are down to employees. It's your employees' job to take a series of basic steps to protect their company’s networks and data. When they don't bother, or don't know how, it completely undermines any investments you make in security tech and training.
When was the last time you checked or monitored your cyber security practices, including the bare basics you're assuming people are simply just getting on with? Do you carry out regular training and re-training? Have you included cyber security protocols in your company handbook and in your employee contracts? If not, it's time you tightened things up before a disaster happens.
Every organisation should ensure their employees are meeting basic security requirements before investing in an advanced security system or solution. If your people are still struggling with the bare-bones basics like two-factor authentication, you need to make that a priority and delay buying sophisticated gadgetry like AI-based anomaly detection boxes. The thing is, cyber-attackers often output relatively basic threats using simple techniques and well known malware. Because these attacks can usually only exploit weaknesses in outdated software, all the security in the world won't protect you. You need to address weak basic cyber security first and foremost.
Big business back the UK's bid to become a cyber-security leader
Against a landscape where even the most basic digital security measures are not being taken, the government says big businesses like Google and Microsoft are backing the UK to become a world leader in tackling the most damaging cyber security threats. It looks like almost £190 million worth of industry and government Industrial Strategy co-investment is being spent to design out some of the worst cyber security threats we face in this country. The theory is that new investment from tech giants like Microsoft and Google will improve the security that's baked in to digital devices and services. The plans are predicted to ensure Britain leads the global cyber security market, a market the experts say will be worth around £40 billion in a decade's time.
What do we have to say about it? It's obviously great to see this level of investment on the cards. But please make sure everyone understands how to avoid the most simple, basic cyber risks before spending fortunes improving systems and buying new tools. People first, tech second.
Estate agent? You should take great care not to breach data security
Property Industry Eye says estate agents who breach data security could face far bigger penalties than the landmark £80,000 fine levied against the agent Life at Parliament View Limited (LAPV), based in London. They were penalised by the Information Commissioner’s Office after they transferred data to an outsourced letting transaction service company without access restrictions, so anyone could take a look at the personal data of more than 18000 customers. Worse still, the breach existed for two years.
The data included people's bank statement data, salaries, copies of their passports, dates of birth, plus the addresses of both landlords and tenants. Luckily for LAPV the data breach took place before the 2018 GDPR came into force, with its much tougher penalties.
LAPV joins British Airways and Marriott Hotels in being fined by the Information Commissioner's Office, fines of £183.39m and £99.2m respectively. These days GDPR can issue a penalty notice for as much as 4% of a company's annual global turnover or €20m, whichever is the most. Before GDPR there was a limit of £500,000 on fines. Unless you have funds on a par with BA and Marriott Hotels, we recommend you steer clear of data breaches!
The best way to stay safe? The Cyber Essentials Qualification
We hear about snazzy new ways to beef up cyber security all the time. But as we've mentioned in this article, when your people don't know their digital ass from their elbow, you won't stay secure for long. Walk this way for a great way to inform your employees about the cyber threats faced every day. We can also provide top class security audits and cyber security advice.