I’m not surprised to read that JPMorgan are spending billions to combat a rise in cyber attacks, as my office’s stats also show that a growing number of cyber incidents are being reported by the financial sector (“JPMorgan says cyber crooks are becoming ‘smarter’ and ‘more devious’”, Report, January 18).
As the data protection regulator, we always welcome comments from large organisations about their investment in cyber security.
But while technical measures are an absolute priority, my experience is that many organisations need to take some of the more basic steps to protect people’s information. I want to remind smaller organisations that bolstering your online security and keeping your systems secure does not have to cost billions. Many of the cyber attacks we see come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as up-to-date staff training are essential to spot and report phishing attempts.
People need to be confident that organisations will keep their personal data secure. Otherwise, organisations risk losing their trust and business.
Both my office and the National Cyber Security Centre provide a wealth of guidance and advice in this area, such as our guide to data security on the ICO website.
John Edwards
UK Information Commissioner
Wilmslow, Cheshire, UK
