Skip to content

Five GDPR-Related Cybersecurity Mistakes Business Owners Make in the UK

Table of Contents

As a business owner, you must implement strong cybersecurity procedures to prevent data theft. Cyber attacks on businesses in the UK are increasing. Often, cybercriminals seek the valuable information companies hold, especially where home working during COVID-19 facilitated an easier method to launch attacks. This article will explore five common mistakes organisations make to ensure your business can avoid unintentional breaches of the General Data Protection Regulation (GDPR).

Why Are Cyberattacks on the Increase?

Cybercriminals are targeting companies in the UK because they hold valuable information. The government has helped create the National Cyber Security Centre (NCSC) in response to the increasing threat. The NCSC website is a handy reference point for ways to test and strengthen your company’s cyber security. Currently, there are two primary forms of cyber attack, ransomware and data breach.

Ransomware

During a ransomware attack, the hacker attempts to lock the business out of its IT system. The business may regain access to its system after paying the specified ransom. In addition to the ransom, the financial toll also includes any business loss during the lock-out period.  

Data Breach

A data breach aims to steal valuable information to use illegally. Some examples would be the theft of customer card details to steal funds or obtaining the personal information of staff members to attempt identity theft.

How Does Cybersecurity Relate to the GDPR? 

The GDPR requires your business to keep personal and sensitive data safe. Failure to do this allows the Information Commissioner’s Office (ICO) to issue your company a fine (of up to £17.5m). Naturally, a financial penalty from the ICO for a breach of the GDPR when recovering from a cyber attack can be highly detrimental to your business. 

So, with the risks in mind, we will explore the five most common cybersecurity mistakes businesses make that put them at risk of breaching the GDPR.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

1. Believing Cybercriminals Will Not Target You

Many people incorrectly believe cybercriminals only target large businesses. However, nearly 50% of cyberattacks in the UK target smaller businesses. This is partly intentional as some cybercriminals believe that small business owners will implement weaker cybersecurity measures. Furthermore, many cyber attackers also believe that smaller companies are more likely to pay a ransom because they cannot sustain the loss of access to their system for too long.

2. Reviewing Cybersecurity Annually

Running a business involves prioritising tasks and having good time management. It is, therefore, very tempting to review continuous tasks annually. However, this is a risky strategy for cyber security. Annual reviews may leave your organisation vulnerable to newer and innovative attack methods. Furthermore, you should regularly backup important data in case you lose access to your main IT system.

3. Failing to Update Software

Similarly, as burglars tend to target less well-protected properties, many cyber criminals will target old computer software versions. While software updates can be cumbersome, they mainly arise due to a vulnerability in the earlier software version that hackers can exploit. The longer it takes to update the software, the more time cybercriminals can launch a successful cyber attack against your business. 

4. Not Training Staff in Cybersecurity

Nearly every business uses electronic systems. Each electronic system and server is susceptible to attack. Unfortunately, some companies do not train staff on cyber security. Without adequate training, your employees cannot sensibly use your system or identify potential threats. To address this, many business owners engage experts to run cybersecurity training for staff. Although such training is an expense, this may be worth avoiding a potential cyber attack.

5. Avoid Weak Passwords 

Using a strong password is a basic security measure. However, many people still use weak and predictable passwords. Modern software can help cybercriminals crack accounts by entering thousands of common passwords for user accounts (known as a ‘brute force attack’).

To address this issue, you may choose to employ the following two methods:

  • use a unique, complex password containing symbols and numbers such as ‘!tH1s1smyp@ssword!’; and
  • enable two-factor authentication, which will request permission from a linked device, usually a smartphone.

Key Takeaways

As cyberattacks become more sophisticated and commonplace, your business should use more active cybersecurity measures to defend itself against them. Many business owners believe they are unlikely targets or fail to regularly update software or cybersecurity procedures. Unfortunately, such beliefs may expose your business to cyber-attacks or breaching the GDPR rules. By rectifying these mistakes and implementing basic measures such as staff training and using strong passwords, you can protect your business.

If you need help with data protection security and guarding against data breaches, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

Why does the GDPR cover the consequences of cyber-attacks?

The main reason is that most cyberattacks involve the theft of personal information, which could lead to potential harm to the relevant individuals. Because of this, companies storing personal data have a responsibility to do everything possible to protect it. If they fail, the ICO will have little hesitation in fining companies as a future deterrent.

How do I try and guard against the risk of significant financial harm to my company?

It is becoming increasingly common for businesses in the UK to add cyber insurance coverage within their business insurance policies. This seeks to protect companies from unavoidable financial harm they may suffer during a cyberattack. However, many insurers put stringent wording in place to ensure that they only pay if the organisation was proactive in defending against security breaches.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards