UK's ICO: Businesses Ignoring Cybersecurity Basics
Despite more than 7 million cybercrimes in the U.K. over the past year, "many" companies continue to ignore the basics of cybersecurity, a senior official in the Information Commissioner's Office (ICO) said Wednesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
"We find that many organisations are still neglecting the very foundations of cybersecurity," Ian Hulme, ICO executive director for regulatory supervision, said.
As such, Hulme urged cyber must be a priority for any business collecting data and working digitally, including small businesses.
When people share their personal information with companies, "they need to feel confident that you'll do as much as possible to keep that information secure," Hulme said.
Practical tips for boosting data security and resilience include regularly backing up data and using strong passwords and multifactor authentication. Companies should be wary of suspicious emails and be aware of what they say and what documents are open on a screen when people are around.
The watchdog urged organizations to install antivirus software and malware protection and to keep them updated. Other recommendations were to protect devices when they're unattended, make sure Wi-Fi access is secure and limit access to information to those who need it.
Companies should also be careful about screen-sharing in virtual meetings, the ICO said. They shouldn't keep data longer than needed and should dispose of outdated IT equipment securely.
A data breach arising from a cyberattack should be reported to the ICO within 72 hours of a business becoming aware of it, the regulator added.