It is important to realise that cyber security is not just an IT risk. Most cybercrime targets people rather than systems. IPReg takes the view that Patent Attorneys and Trade Mark Attorneys should take measures that are proportionate to the risks that they face, given available and published information (see some useful links below). Given the ongoing nature of the obligation, and the rapidly changing environment in terms of both threats faced and controls available, those measures should be reviewed periodically. Steps therefore should include as a minimum:
⇒Ensuring anti-virus systems are up to date
⇒Ensuring software is updated regularly as required by the supplier(s), including browsers, operating systems and firms’ websites
⇒Back up your files on a regular basis
⇒Having clear policies for travel, including home and mobile working, including appropriate protection for mobile devices
⇒Secure storage of data, whether in hard copy or digital format, including considering the risks of transferring documents e.g. between work and home
⇒Maintaining clear policies for access to systems by means of removable media, including mobile devices, memory sticks and external hard drives
⇒Insurance
⇒Staff training and raising awareness of the risks of cyber attacks and common sense preventative measures expected
A good starting point for considering implementing/updating a firm’s policy is “10 Steps to Cyber Security” produced by the National Cyber Security Centre.
We have posted links to the other useful sites below:
National Crime Agency:
Information Commissioners Office:
Security Outcomes for Organisations
Responding to a Cyber Security Incident