The UKRI revealed last week it had been subject to a ransomware attack which impacted two of its services, the latest in a string of attacks on public bodies and businesses in and around London.
The public body, which is backed by Britain’s Department for Business, Energy and Industrial Strategy said that its extranet was affected along with a portal used by the UK Research Office.
Following a string of high profile ransomware attacks in the past several years targeting the public and private sectors, there have been mounting concerns in the business community on data security risks, and how to effectively mitigate attacks.
With stricter data laws around the world, and in the UK, businesses and the public sector are facing a difficult balancing act of protecting user data with encryption and the latest security protocols.
Companies which also rely on third party encryption are having to re-think their data protection policies when it comes to a breach related to a third party tool or software being used.
Speaking with London Issue about the data security risks, David Tucker, President of Verity Systems, a manufacturer of data security tools said, “It’s increasingly important for businesses to have strong data protection standards. Risks can also be mitigated through the secure erasure and destruction of legacy hard drives through the use of degaussing. Businesses are especially vulnerable during corporate restructures and technology upgrades where new staff members may not be aware of the data security protocols in place.”
Cybersecurity experts have also been raising the alarm about the risks posed by home working and companies needing to urgently review their data policies with remote staff.
One network manager who spoke to the BBC said, “Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords…we see workers being tricked into downloading viruses from hackers demanding ransoms.”
As firms continue to adapt to emerging data security risks, there is a renewed sense of urgency for companies to think about their internal as well as external workforce, how to mitigate data theft, and in the event of restructures or staff relocations, the processes that should be in place to securely erase data that is no longer in use.