DCI Andrew Gould Metropolitan Police Service FALCON (Fraud and Linked Crime Online) takes time to speak to RedLaw about how businesses can protect themselves from Cyber Crime. He also talks about how to plan ahead for the new GDPR Regulation which comes into force in May next year bringing with it fines of up to 5% of a business’ global turnover.
Please tell us a little about your role and what you do
I am the head of the Met Police FALCON (Fraud & Linked Crime Online) Cyber Crime Unit and Taskforce so I run teams that target cyber Organised Crime Groups and investigate larger scale or impact cyber crime targeted at business. I also spend a lot of my time advising businesses how to better protect themselves and their customers from the effects of cyber crime and how to recover from an attack.
What new law is coming into force and how will it affect cyber crime?
The EU General Data Protection Regulation (GDPR) comes into force in May 2018. Irrespective of Brexit the government has said it will still apply. This applies tougher rules regarding the management and protection of data, mandatory reporting and much tougher penalties for companies who suffer a data breach. For example, just one breach can cost a fine of up to 5% global turnover or 20m euros and individuals whose data is lost can also claim individual compensation. The liabilities involved could potentially be huge and I wouldn’t be surprised to see some companies go under as a result.
What key steps should lawyers be advising their clients to take in preparation for the new law?
Start preparing now if they haven’t started preparing already. The first step for companies is to understand what data they hold, where they hold it and if they really need to keep it. Then they can start to assess the risk of losing it and mitigate this as they see fit as well as complying with the regulation itself.
What impact will this have on your department?
I suspect this will have a significant impact on our department. We are already getting more and more requests for advice from legal firms and companies starting to report more when they are a victim of cyber crime. We are also getting requests to assist businesses to develop their incident response plans. As businesses increasingly have reporting to police as part of their response plans we are getting more crimes referred into us to investigate, which is a good thing.
As a cyber crime expert have you got an tips for individuals too to protect ourselves?
A lot of the basic tips are the same for individuals as well as businesses. Strong passwords, regularly changed, are an important start, especially for administrator passwords which give you the keys to the kingdom on a network. Also, make sure you run those software updates, or patches, as these are almost always security upgrades to protect against bugs already being exploited by criminals. Finally, be aware of what you post on social media about yourself or your company. This information is often used by criminals for social engineering to develop more credible email or other approaches to trick you or your staff into giving them money or access to your systems unwittingly. Although there is a lot of cyber crime out there the vast majority of it is easily prevented with a bit of organisation and awareness.
What does the future look like for cyber crime?
At the moment we see it getting easier and easier for criminals to commit this kind of crime. You’d be surprised how easy it is even for the relatively unskilled given the number of easy to use criminal tools out there that are relatively easy to find. And of course given the global nature of networks and the internet a criminal in one country can easily attack someone in another at the click of a mouse. Given the industrial scale of offending it would be easy to get disheartened. But I’m optimistic. If people take the basic steps I’ve outlined the vast majority of these attacks will fail. On the positive side, we also see increasing levels of international cooperation and success in tackling global cyber crime. Here in the UK, the police have substantially improved their commitment and capability to investigate this type of crime. The work to defend the UK is only going from strength to strength with the launch of the government’s refreshed National Cyber Security Strategy and new National Cyber Security Centre. With greater enforcement and prevention work alongside an increased public awareness of how to protect themselves the future for cyber crime will look less and less rosy for the criminals.