While technology offers a multitude of opportunities to businesses it is essential that risks are considered when digital processes are adopted. Digital risks can be posed to a business in many forms and it is important that companies understand the possible threats and how to mitigate them.
In a recent report, government workers in Alaska had to resort to using typewriters after their computer systems failed due to a ransomware incident. Ransomware is a form of malware that is used in cyber-attacks to encrypt computer systems, effectively holding data hostage until a ransom is paid.
The attack left the borough of Matanuska-Susitna without its email and disaster recovery servers, as well as its telephone and door entry systems. While the organisation is now in the process of rebuilding its IT infrastructure, nearly all of its 500 desktop computers were affected and email was left completely unrecoverable.
What are the main digital risks for businesses?
Cyber-attacks are just one of the digital risks that have the potential to bring businesses and their operations to a standstill. Companies need to consider their organisation as a whole and be able to identify where risk could occur and put processes in place to mitigate it. The main areas of consideration are set out below.
As proven in the case of the government workers in Alaska, cyber-attacks have the potential to have a major impact on the operations of a business. The failure of computer systems can bring a complete halt to the activity of an organisation and cause sizeable disruption. The loss of data alone can cause months of work to disappear causing a significant cost to the business. Without access to IT, invoices cannot be sent, orders cannot be taken and in some cases clients are left without a service.
Every business will hold some form of sensitive or valuable data that needs to be protected. While the actual loss of data can cause issues for businesses by affecting their operations, it can also have repercussions externally as well. Personal data, such as employee or customer information, is protected under the General Data Protection Regulation. If data is breached a business can be fined up to 4% of their annual global turnover or €20 million.
Aside from the financial implications of a data breach, the damage to a business’ reputation could also be significant. In our report ‘Digital risk – ready or not?’ it was identified that for British businesses reputational damage was more concerning than financial penalties. If a client no longer trusts a supplier there is the potential for them to look elsewhere.
Employees that lack sufficient training can pose digital risks to their employers. A business’ workforce will often have access to sensitive information that should not be made publicly available. Data can be exposed by employees in several different ways such as losing IT equipment, making information available on the Internet or revealing confidential details to a third party.
Employees can also cause risks to a business by not following appropriate processes or being negligent with cyber security, e.g. opening attachments in suspicious emails.
Due to the nature of the Internet, identity theft has become more common. Websites can easily be duplicated to capture customer or personal information. According to our research in ‘Digital Risk – ready or not?’ three quarters of businesses view corporate identity theft as a high risk area.
Protecting your business from digital risk
Businesses cannot afford to ignore digital risks and must be prepared to take action to mitigate them for the sake of their operations, finances and reputation. It is essential that organisations take the time to understand where potential issues may arise and review existing processes to devise the most effective approach to avoid digital risk.
Our digital risk calculator is recommended to help businesses ascertain where their biggest concerns may lie based on their location, size and sector. Every business will have different concerns, use our digital risk calculator to begin to understand the actions your business may need to consider.
About the author(s)
Gowling WLG is an international law firm operating across an array of different sectors and services. Our LoupedIn blog aims to give readers industry insight, technical knowledge and thoughtful observations on the legal landscape and beyond.