This article highlights the enhanced risks of cybercrime during the Covid pandemic. Cybersecurity resources are become increasingly stretched with employees working from home and the growing threat from malicious articles.

We recently published a checklist of steps to take if you discover a data breach or cyber attack, but here is a brief summary: 

1. Co-ordinate your internal response team  - you'll need a back-up plan in place to be able to do this if your IT systems are unavailable.

2. Instruct external specialists as required - If your IT system is down, the immediate priority will be verifying the extent of the breach and understanding what options are available to you. This may require specialist expertise so it is critical to know who can advise and undertake any necessary investigation.

3. Obtain legal advice - Legal risks arising from a cyber-incident can be both extensive and time-critical. In-house legal should be involved from the outset with external advisors engaged as necessary. 

4. Think about your communications - Managing communications is an important activity of any incident response and can have a big impact on the on the longer term effects of an attack. You should consider how decisions will be taken regarding communications and who will produce, review and distribute information throughout an incident response.

5. Report to regulators - Loss of data, even where there is only temporary loss of availability, can be reportable to regulators including the ICO. It will be important to report accurately and promptly since failure to do so can affect any penalties that are subsequently issued.

6. Inform the police - Cyber-criminals are likely to have committed various criminal offences, particularly where ransom demands are made, so the police should be made aware. Action Fraud is the UK’s national reporting centre for fraud and internet crime. 

7. Check your insurance - Most businesses carry insurance that provides coverage from some of the losses and liabilities that arise from cyber and data breach events. These policies will likely require prompt notification to the insurer as a pre-condition of cover.

8. Third party notifications - counterparties, lenders and other stakeholders will want to be made aware of incidents of cybercrime so that they can both assist your response and protect themselves from risks arising from the incident. 

At Burges Salmon we can assist you with your urgent response to a cyber-incident and any other data protection related queries. For more information, please contact David Varney in our Technology and Data Protection team.