In October 2022 the UK Information Commissioner warned companies that they are leaving themselves open to cyber-attack by ignoring crucial measures such as updating software and training staff. The warning followed a fine of £4.4 million to a company that failed keep personal data secure and breached UK data protection law.

The Information Commissioner found that the company had been hacked and compromised personal information of its employees by failing to put security measures in place.

John Edwards the UK Information Commissioner warned:

“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.”

“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to staff, as it left them vulnerable to the possibility of identity theft and financial fraud.”

Unfortunately, stories of companies losing data or being held to ransom are too common these days. Easthams take the risk very seriously and have held Cyber Essentials certification for a number of years now.

The criteria to achieve Cyber Essentials becomes more stringent each year. The move by many businesses to offer staff the opportunity to work remotely means the most significant changes to this year’s Cyber Essentials assessment has been around the security of mobile devices such as laptops and mobile phones.

The use of multi-factor authentication was another significant change, with the assessors wanting to ensure MFA is used to access any cloud services.

Having obtained our Cyber Essentials certification we took our security to the next level.

Cyber Essentials Plus includes additional requirements to the normal certification but importantly also includes the need to have our security independently tested against a range of cyber-attacks.

Our certification shows that Easthams are taking all the necessary steps to protect us, our data and our clients against cyber-attack and we remain one of the few solicitors on the Fylde coast to hold Cyber Essentials Plus certification.