The universal presence of the internet, and consequently the always-connected individual, has brought about a sea of opportunities for businesses.
However, these haven't come without threats from increasingly sophisticated hackers, software bugs, and viruses, which provide a seemingly never-ending stream of security risks.
It's upsetting enough when an individual is faced with a cyber attack, but for a business, which often has more to lose and more people to protect, the results can be devastating if not dealt with correctly.
The case of Ashley Madison served as a stark warning of what can happen if a business is targeted.
Unfortunately, these types of attack are no longer isolated, and are on the up. Eight in 10 of Britain's biggest companies have suffered a serious cyber attack, costing the UK economy an estimated tens of millions of pounds annually.
And, unlike with traditional crimes, when you're dealing with a virtual attacker, it's not as easy as the police simply visiting the scene of the crime and taking fingerprints, or physically tracking someone down; these criminals are much more difficult to convict.
How can a business protect itself?
Following a number of simple steps, such as setting strong passwords, not giving passwords away to any third parties, deleting suspicious emails, and downloading software updates, will, of course, slim down the chances of falling victim to a cyber attack.
In addition, appointing an experienced web team, and IT professionals, is always advisable if budget allows.
The increasing popularity of employees working from their own device on a business network is also leaving them susceptible to attack. Businesses which allow this way of working should ensure that anti-malware is installed onto these devices as your network is only as secure as the weakest access point.
It's also worth noting that confidential information doesn't need to be shared with all departments. For example, those in the sales function won't necessarily need access to all of the information that the IT department does, and vice versa.
The more people with access to your information, the more likely it is to be compromised. Perhaps most importantly, businesses simply shouldn't put any data they wouldn't want in the public domain onto their digital footprint.
When precaution isn't enough
If all of the necessary precautions have been applied, and businesses are still finding themselves facing security threats, the points below should be addressed as calmly, but as swiftly, as possible; the best weapon in a company's armoury is a quick response.
- The origins: it can be difficult, but try to determine whether it was an internal or external attack. Disgruntled employees could be at fault, or someone with inside knowledge of the company, or equally the attack could have come completely from an external perpetrator. Unfortunately a cyber attack isn't like a normal crime. Nine times out of 10 it's unlikely you'll find out who was the culprit; hackers are usually very technologically competent.
- Assess the damage: it's wise to stay calm and collected, and figure out exactly what data has been taken. Contact your IT consultants immediately and ask them to assess the damage so you know where you're at and how severe the situation is. In some cases, it might not be as bad as you first think, and a solution may be able to be implemented pretty quickly.
- Contact any third parties: if information has been shared on a social media site such as Facebook or Twitter, on a forum such as Reddit, or even on a random website, you're well within your rights to contact the outlet and request they take the content down. It's within your civil rights.
- Call a specialist: following all of this, if your situation still looks severe, you'll need to speak to your insurers, and maybe enlist the help of a legal professional, to ensure you're going to be fully compensated for your losses. In some cases, depending on the nature of the crime, it may be difficult to make a claim, especially if you have knowingly given your passwords or provided details to someone in the business, for example, and they're responsible for the crime.
- Be ready: depending on the severity of the situation, you may need to inform the authorities of what has happened. The Information Commissioner's Office is responsible for the enforcement of the Data Protection Act 1998, so it'll be the first port of call if the attack isn't down to negligence on your or the company's part.
- Respond appropriately: it's easy for the business to feel like the victim, but it's often its customers who face the most damage. How the aftermath of a mistake is handled is crucial for protecting the reputation of your brand, as one of the main problems facing a business that has been compromised is maintaining customer confidence. You'll have a limited amount of time to make decisions, so plans must be formulated and executed calmly and quickly.
- Stay vigilant: once the attack has been resolved (as best it can), many businesses will choose to fully audit their security policies and procedures to avoid the same thing happening again. An audit will identify any holes in your current security practices, assess whether procedures were robust enough and being correctly followed, as well as suggesting any areas for improvement to help stay ahead of any threats.
Unlike just a few years back, cyber crimes are now being reported increasingly in the press following a series of high-profile attacks. Awareness is undoubtedly growing, which can only be a good thing.
The aftermath of an attack can be a whirlwind and extremely daunting for those who have not been victim to an attack before.
However, if the above steps are followed, and a calm and collected head is kept, the consequences can be kept to a minimum.
Stephen Attree is managing partner at commercial and private client law firm MLP Law.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal