The world has been awake to the threat of cyber crime – hacking, theft, ransomware, ID theft etc – for some years now. And governments are playing their part, with most countries now taking a more aggressive approach not only to detection and enforcement, but also by mandating the organisations protect themselves in the right ways.
The UK government took another step in this effort at the end of 2021 when it introduced the Telecommunications (Security) Act which aims to tighten up governance of data handling, particularly in the telecoms sector. The new Act puts “Much stronger legal duties on public telecoms providers to defend their networks from cyber threats which could cause network failure or the theft of sensitive data.”
Under the new law, telecoms will be required to:
- protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed;
- protect tools which monitor and analyse their networks and services against access from hostile state actors;
- monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and
- take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.
As part of the drive to improve cyber security, the government has also launched a public consultation on draft regulations, which outline the measures telecoms providers would need to take to fulfil their duties under the act. It will also lead to the development of a draft code of practice, which focuses on how providers can comply with the regulations.
What does this mean for ordinary businesses? Principally it should mean a significant reduction in the risk around cyber theft across digital communication channels. Indeed, as Digital Infrastructure Minister Julia Lopez says, “Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals. Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.”
Cyber security is a serious issue for businesses of all sizes, so it’s encouraging to see more action being taken to shore up some of the obvious vulnerabilities that currently exist.
There are some basic steps that companies can take to protect themselves.
1. Check your permissions: Make sure you have rules in place on your system to ensure you’ve got the right levels of permission in place for your employees. For instance, don’t just give junior staff the ability to change bank details without a second authorization.
It’s not unusual in smaller business for a system where ‘everyone can do everything’; and that’s where a junior employee can end up changing things on the system without the financial controller even being aware of it..
2. Get social: Scammers are increasingly turning to social media to glean information about companies and their staff. Get a name and job title and it’s a short step to getting a phone number and calling up with a vishing scam.
You should ask staff to be circumspect in terms of the information they make public on their profiles, while it might also help to make key staff aware they’re more likely to be a target, particularly if they work in finance.
3. Put a name to the face: Try to make sure you have a named contact at every supplier – not just the company name. So when dealing with a supplier, make sure you know who handles accounts: that way you can form a personal relationship. Any call about an invoice or a change in bank details should therefore be from your named contact
Protecting yourself doesn’t have to cost thousands. Good housekeeping and effective systems require buy in from everyone and – where necessary – getting the right external help. We’re right here for all your needs, and you can contact us for help and support in a number of areas, from tax and payroll to accounting and banking.