Aston Lark discusses the threats posed to the industry
As the metals recycling industry becomes more and more reliant on computers and many spend thousands of pounds on bespoke systems to buy and sell metal, and store customer details, it is important to protect yourself from cyber threats.
In this industry, the threat and repercussions of a cyber-attack aren’t properly considered. What would happen to your business if you couldn’t use your system for a number of days?
What is a cyber-threat?
Cyber threat is a convenient label applied to the multitude of risks to data, information and the systems which store and process it. These risks could be precipitated by events or actions as varied as external hacking, social engineering, a compromised third party supplier or an employee leaking information. These are diverse activities that are likely to require a very different response to remediation and ongoing management.
Should I really be concerned?
Yes, no matter the size of your business, cyber criminals are opportunists and will always be on the lookout for easy targets. Unlike larger organisations, smaller businesses don’t have the security resources to detect a cyber-attack before it escalates.
Understand the risk.
Even the best technology and tools can be undermined by weaknesses in basic security practices or a flawed culture.
Today’s cyber criminals are adopting approaches which step away from being technical and look to exploit weaknesses in the way organisations manage, control and interact with their information.
The foundations of good information and security governance include:
- User access management
- Clear policies on management e.g. acceptable system and social media use
- Staff security training and awareness
- Oversight of third party suppliers
- Timely application of software security updates
Fundamentally, to address a cyber threat, you need to understand your organisation’s information (where it is and how it’s used). This information can include accounts, human resource, customer names, addresses and bank details. The storage of this information will need to comply with GDPR and, particularly customer information, is a requirement of the Scrap Metal Dealers Act 2013 and the Air Weapons Licensing Act 2015 (Scotland).
You also need to identify risks to your information assets and ensuring that the right measures are adopted to mitigate risks within acceptable levels (balancing cost vs. risk). That is why the investment in people, skills and robust policies and processes is crucial. Staying vigilant to a cyber-threat is for the entire business and not just the IT team.
We have created an online cyber risk checklist where you can assess the risk to your business. Click here to start begin the checklist.
For more information on the dangers of cyber-attacks and how Cyber Risk Protection Insurance can protect your business please contact Steve Walker at Aston Lark on 01384 375555.