Managing safety, corruption and business integrity risk:Protecting your data abroad
What you’ll learn
- the types of online attack you may face
- how you could be vulnerable to online attacks
- ways to protect your business from data theft
What are the risks?
As an exporter you need to be aware of your online vulnerabilities abroad and take steps to protect yourself. If you don’t, the effects can include:
- loss of intellectual property and sensitive data
- service and employment disruptions
- damage to your brand and reputation
- penalties and compensation payments to customers
- costs for countermeasures, insurance and cyber attack recovery
- loss of trade and competitiveness
Employ a cyber security expert
If you don’t understand how to protect your data and your customers get professional help, so you know what to do. Experts help with:
- checking for weaknesses in your systems
- rules and regulations
- disaster recovery policy
- General Data Protection Regulation [GDPR] compliance
- policies you should adopt
Own your IT processes
Have someone at the company who knows your cyber security processes, and make sure their knowledge is up to date.
Sign up to the National Cyber Security Centre’s Cyber Essentials scheme, which helps you guard against cyber attacks.
Aim to get the ISO/IEC 270001 certification standard, which helps you manage information security.
Take a cyber security awareness course, for which you may get a government grant.
Train your staff
The weakest part of any network is the user, and it’s the company’s responsibility to protect its staff.
Create a user policy so staff know what they can and can’t do online; it makes their work a lot easier. Staff working overseas can drastically reduce their risk of being hacked if they:
- encrypt their data – the most effective thing they can do
- don’t have Bluetooth on
- don’t auto-connect to networks
- don’t work in internet cafes
- use a virtual private network (VPN) to connect to the company’s network
- use 2-factor authentication (2FA)
- don’t store information on their laptop – use an encrypted USB stick
Reduce data exposure
Connect as little as possible, and when you do connect, do it securely. A VPN or 2FA will reduce your risk, but they’re not impenetrable.
Don’t leave computers on if you’re not using them – remember to shut them down before going to bed.
Scan laptops and phones for malware.
If you’re working from a satellite office overseas, have a secure connection to the main office’s server. Don’t neglect physical (office and home) security: you have your own servers in the UK, but your gateway will still be in the country you’re in.
Try not to take technical information with you. If your usual laptop has valuable data on it, take a different one.
Be prepared when you travel
Make sure everything is up to date. Have a patch management system, so when you connect to the company network, it updates your laptop.
Know what the regulations are in the country you visit, and the level of threat you’re likely to face.
Consider that you might need a licence just for the items on your laptop that could be classed as dual use – for example, technical drawings.
Log and report data breaches
You must keep an internal log of every breach – it doesn't matter how minor. You may be asked for your Data Breach Log if you ever have a major breach.
Under GDPR, if you have a server containing customers’ personal details and it’s compromised, you must report it. If you’re found not to have taken proper steps to secure data in the first place, you can be fined a percentage of your turnover.
Next in this topic
Explore the topic
Prepare to sell into a new countryLearn more with free training
Thank you for submitting your rating
Thank you for helping us to improve this service
There is a problem
To help us improve our service, we'd like to know more about your booking experience today. It will only take a minute to complete.