After Deloitte was hit by a cyber security attack earlier this week, we have to ask, how safe are we?
We at Ferguson Legal care more about health and safety than your average UK citizen. So we need to suggest that IT security be considered under the health and safety banner.
If one of the Big 4 accounting firms is susceptible, then we all are. Kind of frightening, but as we always say, better safe than sorry!
Why is my IT security important?
If all your paperwork is lost, due to a cyber attack, you could be in big trouble.
The sensible thing is to make sure your IT manager has a backup of vital health and safety documents. Store them somewhere safe, fire proofed and preferably somewhere handy.
Does the HSE care about IT security?
The Health and Safety Executive (“HSE”) has published operational guidance on cyber security for their own inspectors.
It puts the emphasis on duty holders at major hazard sites. They have to manage the health and safety risks arising from a breakdown in cyber security.
This is entirely appropriate.
If a computer-controlled operating system in an industry like petroleum was affected by a cyber-attack – can you imagine? Think about the effect on IT controlled pressure valves or temperature systems…
What IT security checks are in place?
The HSE is working with major hazard industry bodies. It is also working with the National Cyber Security Centre (NCSC) to develop this common sense guidance.
On top of this, the HSE’s 2017/18 business plan commits the HSE to draw up a new cyber strategy.
The common principles here are likely be the same. They will include application of good practice; a proper assessment of the hazards and risks posed and the application of appropriate risk reduction measures.
Any failure to apply or uphold these principles will result in enforcement action – and all the consequences for the organisation and the individuals within it.
Technology moves so fast, it can be hard to stay on top of the risks. We applaud the HSE for catching up and we advise all our clients to seriously consider the measures they have in place to guard against a cyber attack. Ignorance won’t be an excuse for much longer…
Give us a call to discuss the risks to your business and how we can help. 01224 900025