What a Cyber Attack looks like- Prevention and Tips
Published: May 17, 2017
Author: admin

The recent global cyber-attack wreaked havoc at dozens of NHS trusts and hit thousands of computers in over 150 countries.The NHS trusts that were affected have been criticised for not adding the patch despite warnings from NHS Digital a month ago that they were vulnerable to a possible attack. Security experts say that computers were vulnerable to the bug and IT experts have advised that unless IT departments patch the virus and back up their files they too could be hit by the attacks.What is clear from this attack is that cyber attacks are on the rise and no one can escape the risk.business-startups-15UK businesses are reportedly being forced to shut down after being held hostage by ransomware. One report from computer security firm Malwarebytes confirms that nearly 40% of all businesses experienced an attack in the last year , according to research.Small businesses are targets because SMEs tend to be less careful about cyber security. Small businesses tend to underestimate their risk level and think their servers are not worth stealing. Therefore it is important for SMEs to know the importance of cyber security. Prevention is better than finding the solution after a cyber-attack. Cyber security solutions are cheaper compared to the recovery process after the attack. It is important or business owners to assume that they can be a victim of a breach, and that’s why they need to be preparing all the time.Key things we advise clients would be1. Clear email, download and monitoring policies in place. Once your staff have downloaded something it’s too late. These are usually contained in the staff handbook and make it clear on what they should not do; and when to report an issue2. In staff or contractors contracts you may want to include authority for you to monitor their emails or internet use to permit you to undertaken spot checks or IT checks on what they are downloading to prevent personal use causing you costs if this led to a virus or cypher attack3. Confidential of client’s names – you can use titles on your IT systems that anonymize the person but you note in a secure place their real identity . In any event you need to make sure your data protection policy is up to date to cover these issues4. Does your insurance adequately cover you for the IT rectifications , losses and reputational damage and limitation5. Have you protected yourself against failure to deliver , for example, with adequate force major terms in all your contracts and termsWhat is a ransomware attack and how does it look like?The attack usually infects a host computer and encrypts files that it can locate on the hard drive. Some attacks can also scan the local network for files in other locations that they will then encrypt.The most common way a cyberattack affects an organisation is through an attachment to an email. This email may request the recipient to act quickly and pay a sum of money by opening an attachment. Once the attachment is opened, this will expose any vulnerability in the operating systems and software. This may start the encryption process. Some variants also scan the local network for files in other locations that they will then encrypt. A ransom demand is issued to be paid in in the digital currency Bitcoin. The sum must be paid to gain access to the “decryption” key to enable access to the information stored on the attacked files. There is no guarantee that they key will be released on payment.

What about data protection?

The Data Protection Act requires all data controllers to take appropriate technical and security measures to keep personal data secure against loss or destruction.The Information Commissioner’s Office (ICO) is the UK’s independent body to uphold information rights (www.ico.org.uk).If the personal data which you are responsible for has been encrypted as a result of a cyberattack and you are unable to restore that data then there is a risk that the ICO could take the view that you have not taken appropriate measures to keep that data secure and have breached the Data Protection Act . If there is a back-up from which you can restore a working copy of the data, then a permanent loss of data would not be considered to have happened. However, the ICO would usually still consider the circumstances of the case to determine whether or not there were appropriate measures in place that could have prevented the attack from succeeding.How do I prevent an attack?

  • Always have basic technical cyber protection against malware. Make sure it is up to date
  • Have security patches on all devices
  • Protect back- ups from encryption – online and off site backup
  • Give regular training sessions to your staff so that they can recognise a cyber attack if it gets past your anti malware protection.
  • Separate and segment your network so that the damage can be limited if you are attacked
  • Remove unnecessary user accounts and restrict privileges to only what is necessary
  • Disable or remove software to reduce the number of access routes of entry for an attacker.

How do I recover data?

  • Ensure there is an effective back-up policy and process in place and that this is functional. Take advice from IT professionals to ensure the back-up will not be encrypted in the event of an attack.
  • Test your back-ups regularly and make sure you can recover from a ransomware attack.
  • Once you have removed the ransomware, ensure that you carry out a full security scan of your systems and network – if attackers can get the ransomware onto your systems, they may have gained other access that you have not detected.

Do I need to report the data breach? Under the Data Protection Act (DPA), although there is no legal obligation on data controllers to report breaches of security, the ICO takes the view that all serious breaches should be reported to the ICO. It is good practice to train staff and report any breaches of the DPA promptly. You can access details of how to report here https://ico.org.uk/for-organisations/report-a-breach/However, if you are a telecom or internet provider that allows members of the public to send electronic messages there is a strict requirement to report the breach to the ICO under the Privacy and Electronic Communications Regulations (PECR). Register with the ICO The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt. Failure to do so is a criminal offence. This covers most organisations in the UK. Once registered, you are able to confirm that you are registered with the ICO on your website. Have Cyber and IT policies in place internally It is crucial to train staff regularly and have policies in place guiding staff on what a cyber attack looks like and how to handle one. We can assist you in drafting these.Have a Data Protection Policy in place This is essential where your organisation handles personal data. A policy informing customers or users of how their data is handled, where it is stored and what happens if the company suffers a cyber attack ought to be available. We can assist you in drafting this policy.If you need any further advice please contact our commercial team on 02074260382 or alia@acitylawfirm.com

” ”

Karen Holden

Founder and MD


Karen is the visionary founder of A City Law Firm, recognised globally and ranked by Chambers & Partners. She has years of legal expertise s in advising founders and businesses in all sectors , but particularly in cutting-edge sectors such as AI, blockchain, fintech, and autonomous technology.

Her firm stands at the forefront of innovation, providing bespoke legal solutions for businesses preparing for investment, navigating international expansions, and protecting intellectual property in rapidly evolving industries. Her idea to offer fixed fees and packages are born with her vision to offer accessible but bespoke legal services to everyone.

Director & Head of Commercial Team

Founder and MD


Jacqueline heads up our Corporate and Commercial Team, is a Director of the Firm and sits on the Management Team. She is a confident and skilled negotiator, achieves favourable results for her clients and is a seasoned innovator.

Jacqueline head up a specialist team of lawyers best placed to advise on new innovation. Whilst she oversees all work undertaken by her team, she also runs the more complex investment rounds and enjoys working with those looking to disrupt their marketplace or using new and innovative technologies. She has specialist experience in crypto-currency and block chain, where she runs a steering panel of experts in this field as well as giving expert commentary and talks. She has a passion and understanding of machine learning and AI and works closely with our clients in developing their IP, business and securing investment. She has an array of clients across a multitude of sectors and disciplines, each at varying stages of funding, expansion and exits.

PRESS, AWARDS, TESTIMONIALS, ARTICLES

Silenced by Fear: A Guide to Addressing Sexual Harassment from Those in Power

Introduction Sexual harassment can occur in many contexts, not just in the workplace. When the harasser is in a position of power—be it a manager, investor, joint venture partner, or any influential figure—it can create a climate of fear that discourages victims from...

From partners to rivals | Protecting your company using restrictive covenants

If a founder or shareholders or senior managers relationship sours, things can go wrong very quickly causing the company distraction and financial losses. This is compounded if on exit the departing individual seeks to poach clients or staff seeks to work with a...

Navigating Fashion’s Legal Landscape: Essential Guidance for Designers and Entrepreneurs

Introduction: Fashion Week is more than just runways and glamorous designs it's also a pivotal time for designers, entrepreneurs, and brands to reassess their legal strategies. As the fashion industry faces unique challenges heading into 2025, including new...

From Partners to Rivals: Protecting Your Company through restrictive covenants

Today, we’re tackling an issue that can make or break your business—restrictive covenants and their role in protecting your company during shareholder, director or staff disputes. We will touch on their importance, how these should be incorporated into your documents...

Protecting AI Innovations: Strategies and Guidelines – Part 2

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

The Life of a Disruptive Lawyer: Innovating Legal Practice in Emerging Technologies ran by a Mum & Female Founder

In the staid and often stolid world of law, disruption is not a term often associated with the legal profession. Yet, at A City Law Firm , disruption is our modus operandi. From pioneering payment plans to engaging with cutting-edge technology, we have redefined what...

Protecting AI Innovations: Strategies and Guidelines – Part 1

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

Tackling workplace toxicity

In today’s interconnected work environment, whether through face-to-face interactions, virtual meetings on Teams, or other communication platforms, issues such as derogatory comments, bad-mouthing employers and management, bullying and discrimination are prevalent....

Navigating the metaverse | Potential challenges for employers and employees in the UK

With the rapid advancement of technology, the concept of the metaverse is no longer confined to the realm of science fiction it is here. As virtual reality, augmented reality, and other immersive technologies converge, the metaverse is becoming increasingly tangible....

IP Licenses: When do you need one and what are the essential terms it must have?

As technology lawyers working in emerging technology, our biggest value is protecting and commercialising the founders IP The why ? In the fast-paced world of intellectual property (IP), safeguarding your creations is paramount. Whether you’re an inventor, artist, or...