Red Mosquito - Blog

Cyber-security flaws lead to £20m fine

22 Oct 2020
Cyber-security flaws lead to £20m fine

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers. This eye watering sum is actually far less than the original fine they faced of £183m. The ICO has reduced the fine saying they are taking the economic impact of Covid into account.  There are lessons to be learned, for businesses of all sizes, from the cyber-security weaknesses which enabled this attack to succeed.

BA was the target of a cyber-attack in 2018 but only became aware of the issue 2 months later when it was identified by an independent 3rd party. The ICO found that BA were processing personal data without having adequate security measures in place. As we all know, GDPR stipulates that organisations must have “appropriate technical and organisational measures in place” to protect data. BA ought to have identified and addressed the cyber security weaknesses. In addition, ICO investigators were seriously concerned that BA was not aware that it had been attacked. Interestingly, the weaknesses identified would most likely have been addressed by certification to the UK’s Cyber Essentials Scheme.

In BAs case some of the actions they could have taken to prevent the attack include:

· Access Control – limiting access to applications, data and tools to only that which are required to fulfil a user’s role

· Penetration Testing – undertaking rigorous testing, in the form of simulating a cyber-attack, on the business’ systems;

· Multi Factor Authentication – protecting employee and third party accounts with multi-factor authentication.

These measures are neither complex nor expensive to implement. In fact, all would be addressed during the process of certification to Cyber Essentials. Our previous blogs give a great overview of the scheme.  Certification ensures the basic cyber-security controls are in place. Implemented corrected these would prevent the vast majority of cyber attacks. We strongly advise all of our IT Support customers in Glasgow and Edinburgh to get Cyber Essentials in place. It will protect your data and help you avoid cyber attacks & the hefty fines which may follow.

As an outsourced IT provider, we support all of our IT Support customers to ensure they have the correct cyber-security measures in place. We always recommend a multi-layered approach to cyber-security. If you would like to speak to one of our IT consultants about your cyber security needs or Cyber Essentials certification – just contact us today.

Recent articles

Maximising Business Communication with Teams Direct Routing

Maximising Business Communication with Teams Direct Routing

Discover how Teams Direct Routing can revolutionise your business communication strategy.

22 Apr 2024
Transitioning to a Managed Security Services Provider

Transitioning to a Managed Security Services Provider

The key steps considered before transitioning to a Managed Security Services Provider.

02 Apr 2024
Choosing the Right Glasgow IT Support Services for Your Business

Choosing the Right Glasgow IT Support Services for Your Business

In this blog post, we will explore the key factors to consider when selecting IT support services for your business.

07 Mar 2024
Boost Your Productivity with Microsoft CoPilot

Boost Your Productivity with Microsoft CoPilot

Discover how Microsoft Copilot can revolutionise your productivity and streamline your work process. From generating code snippets to providing helpful suggestions, Copilot is your ultimate assistant in achieving more in less time.

29 Jan 2024