Exposure to business interruption caused by cyber risks has grown for a number of reasons recently including an increasing reliance on electronic systems to conduct business, the automation of business functions which are reliant on electronic systems and the interconnectivity of those electronic systems, to internal and external networks.

Common security vulnerabilities can be counteracted:

1.Software Security Updates

Attackers search for unpatched, outdated or otherwise vulnerable software to attack. You should have a software update policy in place for all hardware, including laptops and other mobile devices. You should only use software for which updates are still being provided.

2.SQL Injection

“Structured Query Language” is a type of programming language designed for database driven software. A SQL injection is a hacking technique which exploits flaws in the programming code. You should consider periodic independent security testing to identify programming issues, including SQL injection flaws.

3.Unnecessary Services

You should only run network services that are absolutely necessary and ensure that services intended for use on local networks only are not made available to the internet. This will reduce the number of ways an attacker might compromise systems on the network.

4.Decommissioning of Software or Services

When old or temporary hardware, software or networked services (e.g a website/file server) are no longer needed, you must decommission them and thoroughly check that the decommissioning procedure has actually succeeded.

5.Password Storage

“Hashing” and “Salting” techniques which increase the security of stored passwords. Users should also be advised to choose strong passwords (long passwords using a wide range of characters).

6.Configuration of SSL or TLS

Ensure that personal data (and sensitive information generally) is transferred using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) which are encryption schemes used for ensuring secure communications across the internet.

7.Inappropriate locations for processing data

Make sure you have policies for all your IT infrastructure for how, when and where personal data will be processed and stored. Apply specific access restrictions where necessary. Ensure that your network has regular back-up and business continuity functions in place.

8.Default credentials

Change any default credentials provided by hardware and software suppliers, such as standard usernames and passwords, as soon as possible.

To find out more about Cyber Liability insurance please contact Gary Philip at GPS Insurance Brokers on on 020 8207 7385.


Source: Information Commissioner’s Office Report.