Fletchers Data Claims

Has your business suffered a cyber attack? Here’s how you can come away unscathed

January 11, 2021

Following an unprecedented cyber attack on sporting giant Manchester United, Data Breach Claims Solicitor, Paul Cahill outlines some key advice for any business wanting to minimise further reputational damage

In November 2020, Manchester United’s inhouse computer systems were hacked.

At that time, the club were reporting they were not aware ‘of any breach of fans’ data’, despite the fact that members of the sporting giant’s staff didn’t have access to email and other online functionality.

In the days that followed, United said they were unaware of the motive behind the attack but they were working alongside the UK’s Cyber Security Agency to minimise any further damage.

With the investigation described as “thorough” and ongoing, one question was still left unanswered; If Manchester United can fall victim to a cyber security breach, can your business?

What steps can a business take to minimise the risk of a cyber attack?

Taking swift and decisive action is key when dealing with a cyber attack.

First of all, it would be wise to locate the systems that have been affected and ensure that these are safely and securely shut down.

Then, it is paramount for the business to identify what data has been compromised so that a list of individuals affected by the breach can be informed.

As a third step, it might be necessary to consider informing the ICO.

Ultimately, what happened to Manchester United, one of the largest global brands, is something that all businesses, big and small, can learn from. 

Whether you’re a new business, or you’ve been in operation for a number of years, it’s important to remember that solid preparation and cyber awareness will enable you to respond appropriately in the face of a cyber attack.  

What can local authorities learn from the Manchester United cyber attack?

In the event of a cyber attack, all local authorities across the UK must implement the correct protocols to follow. For any business, this means understanding the potential and possible risks e.g. allowing local authorities to create a roadmap to reduce the volume of data that can be stolen.

I always look at this from a five-step approach:

1 Understand the risks

2 Plan suitable safety protocols 

3 Isolate your data 

4 Shut down the affected systems

5 Contact individuals affected

Where a business can avoid cyber security pitfalls

From my own experience, many data breaches are down to simple human error.

Longstanding, respected businesses may be great at what they do, but they’re often not yet equipped, in terms of policies and procedures, for securely storing customer data.

Check then check again

By simply checking your email attachments, the source that the email came from and not clicking untrustworthy links could prevent a major data breach.

As well as this, ensure your security policy is up to date and that you have a trusted security software protecting your internal information.

Think of your reputation as a business

Manchester United acted swiftly. Although the incident is not something that the club welcomed, by facing up to it and acting in accordance with the latest guidelines, their team were able to minimise the damage of the data lost, and in turn, their own brand reputation.

Even though your business isn’t Manchester United, you can take inspiration from the way the football club handled the incident and apply the same steps.

Overall, a business operating today must be absolutely transparent with its customers. If a data breach has happened, that must be reported and communicated as such, to regain any trust that may have been lost.

Forward-planning and risk assessment will be your key to coming back from any breach of data, regardless if this happened because of a basic, human error, or sophisticated cyber attack.

Paul Cahill is a Data Breach Claims Solicitor at Fletchers Data Claims

Recent posts