It is important to realise that cyber security is not just an IT risk. Most cybercrime targets people rather than systems. IPReg takes the view that Patent Attorneys and Trade Mark Attorneys should take measures that are proportionate to the risks that they face, given available and published information (see some useful links below). Given the ongoing nature of the obligation, and the rapidly changing environment in terms of both threats faced and controls available, those measures should be reviewed periodically. Steps therefore should include as a minimum:
⇒Ensuring anti-virus systems are up to date
⇒Ensuring software is updated regularly as required by the supplier(s), including browsers, operating systems and firms’ websites
⇒Back up your files on a regular basis
⇒Having clear policies for travel, including home and mobile working, including appropriate protection for mobile devices
⇒Secure storage of data, whether in hard copy or digital format, including considering the risks of transferring documents e.g. between work and home
⇒Maintaining clear policies for access to systems by means of removable media, including mobile devices, memory sticks and external hard drives
⇒Insurance
⇒Staff training and raising awareness of the risks of cyber attacks and common sense preventative measures expected
For larger firms, a good starting point for considering implementing/updating a firm’s policy is “10 Steps to Cyber Security” produced by the National Cyber Security Centre.
For smaller firms and sole traders, the Information Commissioner's Office has a wealth of information and resources on its Small Business Hub.
You might also wish to look at the information provided by: