Skip to content

Three Good Cybersecurity Measures to Help Your Business Comply With the GDPR

Table of Contents

Most business transactions and personal information management occur on digital systems. Consequently, computer system usage is subject to the ever-increasing threat of cyber attacks. Accordingly, your business must implement robust cybersecurity measures to protect this information. This article will explore three reasonable cybersecurity measures to help your business comply with the General Data Protection Regulation (GDPR). This is important given that cybercriminals are now explicitly targeting businesses due to the personal information and trade secrets in their possession. 

Most Common Cyber Threats

At present, there are two main types of cyber attacks, namely, data breaches and ransomware attacks.

Data Breaches 

The primary purpose of a data breach is to steal personal information for unlawful purposes (such as identity theft). Cybercriminals usually try to obtain information relating to an individual’s: 

  • date of birth; 
  • home address; and 
  • credit card details.

Ransomware Attacks 

As the name suggests, this involves cybercriminals locking a company out of its computer network and offering to ‘unlock’ it in exchange for a ransom payment.

The UK Government and associated bodies have warned UK businesses that the risk of cyber attacks is ever-increasing. Many larger firms fight off daily attempts to infiltrate their networks. However, there is also a trend towards targeting small businesses with lesser security measures.

What Does the GDPR Say About Cybersecurity?

The GDPR clarifies that UK organisations must proactively protect sensitive data. Accordingly, this involves taking reasonable cybersecurity measures to hinder attempts to gain unauthorised access to your computer systems (or cloud-based data). 

The Information Commissioner’s Office (ICO) is an independent body set up by the UK Government to investigate and punish GDPR breaches. The ICO will likely launch a formal investigation into any cyber attack against your organisation, leading to personal data loss.

The ICO can fine UK businesses up to £17.5m for GDPR breaches. So any cyber attack you could have prevented with appropriate data security measures can result in a hefty financial penalty. This is in addition to the reputational, financial and practical difficulties of recovering from a network security attack.

In this light, it is essential to put cybersecurity measures in place to defend your business against cyber intrusion. Let us consider three basic cybersecurity defences below.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

1. Strong Passwords and Two-Factor Authentication

Setting strong passwords is fundamental advice. Nevertheless, many individuals continually fail to implement it in practice. Recent studies show that many individuals still use passwords like ‘password’ or ‘1234’. Naturally, your business is at risk if an individual with access to personal data uses such a simple password.

However, in recent years, many UK businesses have faced cybercriminals using brute force attacks. This is where hackers use software that can enter thousands of common password combinations within minutes.

Regardless, there are two simple defences to give your company the best protection against such attacks:

  • set difficult-to-guess, unique passwords, such as ‘!y0Ucann07gue55mYp@55w0rd!’; and
  • use two-factor authentication, which will need confirmation from a linked device, such as a mobile phone or electronic device on the premises, to allow access after a correct password.

Two-factor authentication has been revolutionary for many UK businesses as a remote cybercriminal will not have access to the second device needed to get into the account. All business owners should use two-factor authentication for vital business accounts, including online banking and sensitive information.

2. Updating Software and Operating Systems 

Updating your software is equivalent to updating the lock on your front door. In the same way as a burglar will target a house with weak external locks, cybercriminals are on the lookout for organisations using old, unprotected operating systems. A good example is many NHS trusts suffering ransomware attacks as they operate on computers using Windows XP and 95.

Older operating systems do not receive official security updates. Unfortunately, this means that any vulnerability is exposed, and cybercriminals quickly seek to take advantage.

In contrast, modern operating systems and software packages receive regular security updates and patches. It is essential that your business installs these patches immediately as, otherwise, you grant an ever-increasing window for cybercriminals to get into your computer system.

3. Provide Staff With Cybersecurity Training

The most significant vulnerability within most businesses is their employees. Often, this is because individuals tend to act humanly and are susceptible to psychological tactics.

Consequently, this is why many cyber attacks begin with a ‘phishing’ email. These are emails designed to look trustworthy and from a reliable source (for example, from ‘Microsoft’ or ‘Royal Mail’). Many individuals fall for an email containing a copied logo and a similar email address, for example, coming from ‘admin@micr0soft’).

Your business can address this by running courses and e-learning for your staff on cybersecurity.

Key Takeaways

Implementing effective cybersecurity solutions has never been more critical for your organisation. Whilst it is impractical to produce a comprehensive list of cybersecurity measures (which would be lengthy), it is helpful to start with the above actions. In addition, many business owners seek assistance from expert lawyers concerning cyber risks, documentation and training.

If you need help putting effective cybersecurity measures in place, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.   

Frequently Asked Questions

Does my company have to inform customers of any data theft?

Yes, UK law requires UK organisations to promptly inform individuals of any circumstances of unauthorised access regarding their data.

Why do numerous phishing attacks target my company?

Phishing attacks have a high level of success against businesses across the globe. Often, this is because they usually pose as organisations with high customer trust, so unsuspecting individuals click on malicious links.

Register for our free webinars

Preparing Your Business For Success in 2025

Online
Ensure your business gets off to a successful start in 2025. Register for our free webinar.
Register Now

2025 Employment Law Changes: What Businesses Should Know

Online
Ensure your business stays ahead of 2025 employment law changes. Register for our free webinar today.
Register Now

Buying a Tech or Online Business: What You Should Know

Online
Learn how to get the best deal when buying a tech or online business. Register for our free webinar.
Register Now

How the New Digital and Consumer Laws Impact Your Business

Online
Understand how the new digital and consumer laws affect your business. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards