Bolstering online security is timely advice as my office has seen a 19 per cent rise in reports of cyber security incidents involving people’s personal data protector over the past two years (“Cybersecurity: pa55words”, Lex, March 3).
But while technical measures are an absolute priority, my experience is that many organizations need to take some of the basic steps to protect people’s information.
My office’s stats show that a growing number of cyber attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi-factor authentication help here, but up to date staff training is essential to spot and report phishing attempts.
This is an important area. People need to be confident their personal data will be treated with respect. If organizations do not keep data secure, they will lose both people’s confidence and business.
There is a wealth of guidance and advice available in this area, both from ourselves and the National Cyber Security Center’s Cyber Essentials campaign.
People can take positive action here too: stronger passwords, not repeating passwords, and taking the opportunity for two-factor authentication all have important roles to play.
John Edwards
UK Information Commissioner
Wilmslow, Cheshire, UK
