1 minute read
Protect your business from cyberattack
Scare stories
I have two horror stories of businesses making it easy for them to be attacked. The first was while sitting in my car outside a garage. Looking at the available wireless networks, one was named p64ndf86gJD3tG9 and, you guessed it, this was also the password! If I could figure it out, it wouldn’t take a criminal very long.
The second story was when I was looking at a wireless router in a workshop, I noticed a Post-It note with the login details in plain view for all customers: ‘User = admin Password = pa55word’. D’oh.
The moral of these stories is to take cybersecurity seriously. In most cases, the steps you need to take are simple but very effective. And it’s not just for the benefit of you and your business that you keep on top of it, but also for your customers’.
Why should I care about GDPR and the Data Protection Act?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) , which controls how personal information is used by organisations, businesses and the government. Everyone responsible for using personal data has to follow strict rules called ‘Data Protection Principles’, which ensure that the information is:
• Used fairly, lawfully and transparently
• Used for specified, explicit purposes
• Used in a way that is adequate, relevant and limited to only what is necessary
• Accurate and, where necessary, kept up to date
• Kept for no longer than is necessary
• Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Put simply, if you’re holding customer data in any shape or form then you need to comply with GDPR, and part of that is protecting that data from malicious attacks.
What will increased cybersecurity requirements mean for those at the sharp end?
Manufacturers may require us to be qualified or licensed to practice in the area of connectivity and cybersecurity with respect to our business and the vehicles we work on. In time, there will be short courses presented by the IMI’s network of authorised centres, together with associated qualifications, as well as the introduction of a ‘Code of Practice’. The IMI team and a Sector Advisory Group are already starting the process of creating a Connected and Cybersecurity option for IMI TechSafe®, in the same way as for EVs and ADAS.
Find out more about IMI TechSafe® and make sure your skills are up to date
