Data Breach Fines ‘Wake-Up Call’ for Businesses to Prioritise Cyber Security, says Bureau Veritas

Since the introduction of GDPR in 2018, information security has been brought to the forefront for many duty holders, outlining what is acceptable and the responsibilities the business has when it comes to protecting data. This comes as a number of recent high profile businesses in the leisure sector have received fines in excess of £1million for failing to keep its customer’s data secure.

Bureau Veritas highlights these recent fines as a ‘wake-up call’ and that it is no longer acceptable to simply pay the fine and move on, but rather prove that the business has assessed its systematic vulnerabilities and taken steps to address them.

Basilio Vieira, Lead Auditor at Bureau Veritas, said: “GDPR was the enforcement stick which brought data protection into focus and after its inception the number of cyber-attacks reported grew exponentially, as voluntary reporting of data breaches was introduced. With this came stricter penalties for businesses which failed to protect its data. The fines imposed upon firms are now so significantly higher, businesses can nil-afford to simply pay the fine and ignore the problem. Proactive steps must be taken to firstly, mitigate the risk of a data breach, and secondly if an information leak does occur, assess how it was attacked and work to resolve the problem quickly.”

Another risk to data protection is the swift move to working from home as a result of the coronavirus pandemic. The majority of offices or work buildings will function off a central, protected network, whereby there are systems in place to detect viruses and possible cyber-attacks. However, with many now working from private home networks, this adds an increased risk of attack.

Basilio continues: “When the coronavirus pandemic struck, we were forced overnight to switch to a routine of home working – with many businesses simply sending employees home with a laptop and told to continue working. However, this attitude of wishful thinking is risky, with statistics showing a rise in the reporting of cyber-attacks since March, as personal networks are much easier to hack than protected business systems.

“What’s more, while many may think cyber-attackers are getting smarter in their techniques, this is simply not the case. The tactics they use are age-old – such as spam emails, computer viruses and chat bot hacking, but they have certainly become more efficient and are making the most of the working from home scenario. Thus it is the responsibility of a business to ensure employees working remotely are well-equipped with the knowledge and infrastructure to mitigate potential attacks.

“The good news for businesses is Bureau Veritas can help to assess your systems for vulnerabilities and recommend steps to make your information security systems tighter. While compliance to ISO 27001 is a voluntary certification, it can no longer just be seen as a ‘nice to have’ but rather central to demonstrating best practice and could be looked upon favourably were an attack to occur.”