Recent and ongoing bad press for the island means that we can no longer have a blinkered approach to IT or data security. Events in Panama April 2016, when corporate services provider Mossack Fonseca suffered an email hack (known thereafter as the Panama Papers hack) and subsequent data leak of 11.5 million confidential documents, highlight potential cyber security threats to Jersey businesses that have any form of online presence.

Data (after the employee!) is a company’s most valuable asset, and appropriate measures should be taken to protect that data from exposure to unauthorised individuals or organisations which otherwise would very likely result in a loss of company reputation and business.

The fact that the Jersey Financial Services Commission wrote to all finance businesses in February regarding cyber security further strengthens this argument. Guidance was given on how to address potential vulnerabilities, based on tried and tested best practices and cyber security standards.

We believe, however, that this advice should be extended to all businesses, as water around the Island is no longer either a deterrent or a barrier from attack.

The UK government’s ’10 Steps to Cyber Security’ risk management regime should be heeded by ALL internet connected businesses, not just finance. The areas that this regime covers are Network Security, Malware Protection, Monitoring, Incident Management, User Education and Awareness, Home and Mobile Working, Secure Configuration, Removable Media Controls and Managing User Privileges.

Nobody would want a ‘Jersey Papers’. However, as time passes the inevitability of an incident increases by an order of magnitude. By taking the time now to properly understand your current security posture, you can be best placed to improve and mature the organisation. It’s not only about the technology – user awareness vigilance and education play a major part in mitigating risk and, as such, appropriate investment may well prevent an incident from occurring.