Data Protection, Electronic and Privacy Law Blog

Keeping you up to date with plain language explanations of your obligations and liabilities under data protection law, electronic law and privacy law. With a touch of cybersecurity and trends like blockchain and quantum computing.

With cyber security, breaches, hacks and attacks being headline news daily, Cath Jenkin takes us through some basic elements of cyber risks and how to figure out the risk your business faces.

What is Cyber Risk?

And just how at risk is your business?

08 August 2019
Posted in: ICT and Cybersecurity

Risky business
While everyone seems to be talking about cyber security measures and mechanisms, just how much risk is at play? While it may hit the headlines on a regular basis, complacency around cyber security seems just as popular. But it's not just the IT Department's problem: cyber risk exists at every level of your organisation. Don't panic just yet though - there are robust and reliable ways to navigate and secure your company's data and assets.

Cyber risk
As our world becomes more and more dependent on digital communications and our online personas, understanding cyber risk is important. But, the higher priority must, of course, be: what to do about it. By definition, cyber risk means the risk your business takes in terms of potential financial loss, brand damage, operational disruption, or data loss.

Risk level
Your company's level of cyber risk is linked to three important levels of access. These can be summarised by answering three questions, which will help you to isolate what cyber risk level your company operates at. These questions are:

  • How dependent are your daily operations on your IT infrastructure?
  • How involved are your employees, colleagues, and external contractors, in maintaining their appropriate level of physical and digital security?
  • How easy is it to access company data, network resources, or physical assets?
Operating a business in 2019 means your answers probably look something like this:
  • Our business is highly dependent upon our IT infrastructure.
  • Our employees do their best to secure their computers, laptops, and data.
  • It's not easy to access our company information and you'll need to sign in at reception before you can enter our offices.
  • If your responses look something like this, you may feel relatively confident that you're doing okay in the realm of cyber security. Apologies for the disappointment: your cyber risk level is still high.

    It's not just you
    But, you can have the best network infrastructure, that offers top level security even the CIA would be proud of...and your business would still be at high risk. Implementing robust cyber security measures doesn't end with your operations; it must be reflected in the systems and businesses your company relies upon too. We'll use the example of a well-known low-level online design programme, Canva, here. Canva is a popular platform for creating beautiful images to be used for social media, online media, and even print.

    The Canva example
    In 2019, Canva was hacked, with usernames and passwords exposed. This meant that anyone who had that data could log in to a particular user's account, use their images, or access payment information. While the majority of Canva's users are casual, many of the remainder are involved in creating images for clients that include or refer to a company's intellectual property. Moreover, users' payment information could be accessed. If a Canva user was involved in creating imagery for a top-secret campaign for a business, that was embargoed until a certain date, all that information and imagery could now be accessed and used by anyone who had the user details. As a result, confidential information, stored on an external service provider's platform, put a business at risk - and it wasn't even their platform to begin with, never mind their hack.

    Protect yourself
    Assessing and acting upon your company's level of cyber risk is the most important part of your cyber security programme. That overwhelmed feeling should not lead you towards complacency. Instead, use it as a motivator to assess your company's level of cyber risk, and act on it. ProPrivacy can help.



    Castletownroche, Co. Cork
    Mon-Thu: 10h00-14h30

    Contact Philipa

    Phone: +353 (21) 234 8890
    Mobile: +353 (83) 827 4889

    Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Farley is an Irish Computer Society Member Philipa Farley is a Business Analysts Association of Ireland Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

    Philipa Jane Farley GPG Key - Fingerprint: 2D8E FAA6 B2C6 0754 D13B 2E7D 6A46 D9E6 F2F8 E7DE
    ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
    © Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved