Cyber Risks and Liabilities Newsletter – July 2021

NCSC Releases New Guidance for Connected Places

AS the world continues to become more dependent on technology, many individuals, organisations and even places may now exist in a state of being consistently connected with each other. As such, the National Cyber Security Centre (NCSC) has released new cyber-security guidance for connected places.

Connected places—often referred to as smart cities—may offer a variety of different conveniences related to technology. The primary goal of a connected place is to improve and enhance daily quality of life for its associated citizens. Technology may be able to optimise the following operations in a connected place:

  • Traffic light management
  • Closed-circuit television services
  • Street light management
  • Parking management
  • Transport services
  • Waste management

However, it’s important to understand that with technology becoming more involved in everyday life, there may also be additional cyber-exposures.

The NCSC guidance is of particular relevance for risk owners, chief information security officers, cyber-security architects, engineers and other personnel who may be responsible for the day-to-day operations of the infrastructure in connected places.

While having consistent connections between all corners of a smart city may offer convenience and expedite certain tasks, this also means that some systems will be tempting targets for cyber-criminals. In the event that a connected place’s systems are compromised, it could affect not only public infrastructure, but also the private and sensitive data of employers or ordinary citizens. In particular, local authorities could be at risk of having information stolen and experiencing reputational damage.

The NCSC has set its focus on educating local authorities about how the systems and technology of a connected place must be managed. Three of the NCSC’s highest priorities are:

  1. Using thorough analysis and management of any potential threats or vulnerabilities to assure citizens in connected places that their data will be kept safe
  2. Protecting the services of connected places by enhancing cyber-resilience
  3. Securing connected places by working with the Centre for the Protection of National Infrastructure and other partners to support national, local and regional authorities

For more details on the NCSC’s connected places guidance, click here.

cyber insurance broker

Understanding Asset Management

hen considering optimal cyber-security practices, it’s important for organisations to have a complete understanding of what they are protecting. Having detailed information on every organisational asset is key for being able to properly assess cyber-security needs and potential cyber-risks.

An asset can be defined as anything that produces value for an organisation. This may include intellectual property and customer data. Managing these assets properly can help employers in various aspects of organisational cyber-security. For example, risk management cannot be conducted accurately if the assessment does not include certain cyber-related assets.

When approaching asset management for cyber-security purposes, organisations should consider the following steps:

  • Check assets regularly. Continuously assess and account for assets to maintain an accurate inventory and detect potentially unauthorised changes.
  • Stay on the same page. Make asset-related records available to all stakeholders and necessary personnel, and ensure that all parties agree upon the findings.
  • Keep detailed records. As information related to assets is regularly collected, make sure that timestamps or confidence scores are used to demonstrate if the records may be outdated or uncertain.
  • Consider confidentiality. Limit access to all assets. Consider which assets are relevant or necessary for certain employees to access and consider blocking others.
  • Categorise assets accordingly. Sorting assets into various levels based on importance can help with assessing risk levels and cyber-security measures.

Poor asset management can create major weaknesses in cyber-security. For more information on this subject, click here.

Guidance for Events and Conferences

Large conferences can become tempting targets for cyber-criminals. These events are often held in public, with their dates and times being widely known. With this in mind, it’s important for organisers to be aware of the potential for disruption and cyber-attacks.

That being said, event organisers should consider the following cyber-security precautions:

  • Identify presenters. Because of the public nature of many conferences, it’s possible that someone may attempt to disrupt a presentation by resorting to impersonation. Make sure to verify someone’s identity before providing them with sensitive information, such as passwords to key networks or devices.
  • Consider denial-of-service (DoS) attacks. Protect networks and services from DoS attacks. Do not bundle important services—such as the conference’s website or livestream—on the same network bandwidth.
  • Look inward. Be sure that all personnel responsible for technological infrastructure and conference management are credible and trustworthy.
  • Collect minimal data. If people attending a conference are required to provide personal information, it may make the event an even more tempting target for cyber-criminals.

Contact us today for more cyber-security tips.

A fully accredited service delivered by professional brokers

For more information on firmware attacks and cyber-security, call us on 01273 789 979

Email us at hello@businessinsuranceservice.co.uk

Use our Get In Touch form to request a call-back.

For a quick, no-obligation and free quote, use our Online Quote & Buy service for instant cover.

Business Insurance Service. The business specialists.

Risk Management Portal

Our HR & Legal Portal, is a customised website that can become your first stop for time-saving business resources whenever you need them.

Find what you need when you need it with a simple search that takes your preferences into account and instantly brings up the most relevant resources, please contact us for your free unlimited access.

Get in touch

    This web from is protected by Google reCAPTCHA and the Google Privacy Policy and Terms of Service apply.