Organisations must protect themselves from hacking

There is growing importance for organisations to protect against hacking. In light of a number of infamous hacks that have occurred in recent years, it’s clear that we’re all at risk of third-party actors hacking into our servers and systems.

We have seen millions of documents and files being hacked from a number of organisations worldwide. Malicious actors can get in with simple vulnerabilities, like an organisation’s failure to update their Outlook webmail system. One simple error like this could lead to the whole organisation’s data servers being accessed!

Simple things like not updating systems can leave them insecure and vulnerable to hacking. The more out-of-date they are, the more vulnerable they can be; allowing for easy entry points for cyber-hackers. It could be as easy as installing malware onto a firms’ servers so a hacker can access emails, and then gain access to portals or website accounts by resetting passwords.

The damage can be limitless

Trade secrets, business process and financial information are among the sorts of sensitive data that some organisations fail to protect. Many may have impressive policies, but in reality, they’re not always properly enforced.

The other issue is that, currently, there are no laws that properly enforce organisations notifying of data breaches. This can mean breaches go undetected for a long period of time, leaving victims vulnerable to damage.

The EU does have a breach notification law; the Directive on Privacy and Electronic Communications Regulations.

It places am obligation on companies to notify the Information Commissioners Office (ICO) in the event of a data breach. If such breach is well-founded, the ICO has the power to impose a penalty.

However, not all breaches are reported, and the consequences for failing to report a breach, at the moment, may be small.

That being said, EU rules are set to be much more stringent once the General Data Protection Regulation is enforced in May this year.