A property CEO gets back on track after a series of phishing attacks using our Cyber Security Audit
The CEO of a growing property business with a turnover of approximately £15-20m contacted Hamlins’ Cyber Security team as the company had been subjected to a growing number of phishing attacks within a spate of 3 months. It was estimated that up to 100 man hours had been lost; including the time of senior management and executives, the Customer Relations team, IT support and software developers. Various aspects of the software licensed via a web exchange had to be removed and replaced, which meant a limited/reduced customer experience for a period of a few weeks.
Crucially, time had to be invested following the attacks to retain customers and reassure their customers the new software systems were robust. The CEO was concerned about the likelihood of future attacks occurring and wanted to adopt appropriate cyber security strategies, policies and contracts.
How Hamlins helped
We undertook a comprehensive Cyber Security Audit which reviewed different areas of the business such as technology, business strategy, internal communications, contractual risk management, staffing, training and regulatory compliance. We also designed and developed a tailored crisis management strategy so the firm was fully prepared should a cyber breach ever occur again. Given the budgetary constraints of this small business, our team focused on the business critical risk areas of the business to ensure these were suitably robust and would not impact on the future operation and revenues of the business.
Our Audit revealed the firm was not fully compliant with the current and future requirements of Data Protection regulations and was at risk of hefty fines and/or third party claims should another attack ever occur. Other contracts and policies were also open to interpretation or worse, not in place. Our team drafted and amended all necessary legal documents to resolve the issues.
Following the completion of the Audit and the implementation of the new cyber strategy, the business has not fallen victim to any further cyber attacks. The cyber security strategy is now not only understood but championed throughout the business – minimising the likelihood of any future cyber breaches.