Unlicensed software increases risk of cyber attacks and could open business to financial penalties from the Information Commissioner
24 Oct, 2012
The UK department for Business Innovation and Skills (BIS) has issued guidance for companies on how to address cyber risks. The guidance comes following the Government’s own strategic risk assessment and initiatives coming from the European Commission likely to be detailed before the end of the year. /span>
The BIS guidance aims to help UK companies develop information security strategies.
Julian Heathcote Hobbins, General Counsel at the Federation Against Software Theft (FAST), welcomes the news, citing the guidance as timely yet warns that organisations could increase their risk of attack and be further penalised if they have illicit copies of software installed:
“It is the duty of the data controller to ensure appropriate security measures are implemented in compliance with the Data Protection Act 1998. Falling foul of a cyber attack may not only result in a security risk to the organisation but also lead to sanctions by the Information Commissioner if it is deemed that a material data breach occurred and that the organisation was in contravention of the Act. Adequate measures and precautions must be in place,” he added.
James Castro-Edwards, Solicitor at Speechly Bircham LLP states: “The BIS guidance aims to help organisations protect themselves against one type of data security breach and may be used as part of a wider data protection program. The proposed EU Data Protection Regulation, which could become law in as little as 18 months, introduces fines of up to 2% of an organisation’s worldwide annual turnover. To address this risk, organisations should have in place robust data protection compliance programs. Doing nothing is no longer an option.”
“The use of unlicensed software can open the pathway for cyber attacks as highlighted in a report issued by the Business Software Alliance (BSA) in 2008. Now more than ever it is imperative for businesses to not cut corners and ensure that data security and software compliance remain firmly on the agenda. Failure to do so could lead to rolling in the mud with the regulator plus dealing with reactive software compliance measures which pressurises the organisation,” Julian Heathcote Hobbins concludes.