Rebecca Buchan talks to three experts about some worse-case scenarios and what this means for consumers and businesses alike.
It is incredible how life has changed and continues to do so purely and simply off the back of technological advances.
Over the past 15 years, data, and how we use it, has completely transformed.
The most sought-after phone on the market is no longer the smallest one that fits in your pocket and has the game of snake. It is now a portable computer which carries everything you need to live your life.
Bank cards, boarding passes, holiday photos, calenders, diaries, weather updates, stockmarkets, e-mails, games, fitness trackers and music players to name only a few.
Recently I discovered diabetics can now download an app which allows them to use their smartphones to record their blood glucose levels.
And if you get stuck in an airport lounge for a few hours and want to watch your favourite TV show then all you need is an internet connection and a subscription to Netflix.
Health insurance firms have even started tracking how active you are through your Apple watch or iPhone and rewarding those who are keeping healthy. And every time you search something on Google your data is being manipulated in order to help companies engage with their target markets.
But with all this data floating about in cyberspace somewhere it is making it harder to control, which is becoming a problem for both consumers and businesses.
Hacks are becoming a frequent occurrence and people are becoming more interested in how companies are storing and using their personal information.
It is also becoming more valuable. Where once before a business would have had enough of a paper trail to carry on if their computers crashed, more and more data is being stored on servers which can be at times invaluable.
In order to talk about increasing challenges in the digital world I sat down for lunch with three north-east experts in the field.
David Tawse, managing director at IT support provider Nimbus Blue; Graeme Gordon, chief executive at communications and data centre provider IFB, and Ross McKenzie, newly-appointed partner at Addleshaw Goddard all battled the snow to meet me at the Chester Hotel on Queens Road.
Last year the Wannacry ransomware attack affected at least 300,000 computers in 150 countries and caused mayhem throughout the NHS across the UK.
Money was the motive for that attack and according to research, a company is hit by ransomware every 40 seconds. But Mr Tawse said the worst thing you can do is to pay a hacker.
He said: “There are very little statistics on how many business are having to pay, because they wrap it up.
“It is challenging. If you are a large company and you are asked for £10,000 as a random it’s a small pay off isn’t it?
“But there is a moral issue there. And the problem then arises if you pay and the hackers know that you are an easy target and strike again.”
Mr Gordon added: “The rule of thumb is don’t pay. If you have no other option then I understand why people pay but if you have a clean set of data you can just start afresh and that’s part of the business continuity.
“We are advising clients, and we have been for a while, if you are compromised and you can’t use that data, when was the last version that you could have used?
“Roll it back and use the data that doesn’t have a bug in it. It is challenging.
“We know of a very, very large Scottish charity that was compromised and the decision was made that the chief executive was sitting there saying you need to pay this ransom.
“We were insistent that they shouldn’t pay and luckily they listened to us which was heartening because we said if you pay we have no idea that isn’t the start of it.”
One of the main issues the men said they were coming up against was clients who felt they could save money by not updating their security systems.
They said people didn’t realise the value of cyber security until they were faced with a breach.
Mr Gordon added: “Businesses have progressed because of the technological revolution but people don’t think about what would happen if it all disappeared.
“If I lost seven years of HMRC records I would be in trouble. We are all the same. Just because you have digitised it people think it’s on a file on a server and that it’s OK.
Mr McKenzie said lawyers are on a “huge drive at the moment to go paperless”.
He said: “ For many lawyers paper-free is like an alien concept but there’s continuity. Paper is just not practice now. If I have a client that wants some information and I am at home or at a train station we live in a society now that expects immediate response. That information should be at our fingertips.”
And one of the problems that causes is ensuring that companies are transparent in terms of disclosing what they are doing with client’s data and how long they are holding it for.
In May all firms are going to be expected to adhere to the General Data Protection Regulation (GDPR) which is aimed at making companies more accountable for the data they hold.
Mr McKenzie added: “GDPR is not making substantial changes to how we handle data. Firms will now just have to follow a few simple steps to show they are treating it properly.
“Firstly they have to show accountability, for example they may be required to show they have undergone training to ensure they have mitigated the risks that come with handling data. They need to be transparent which means they have to tell people more about what they are doing with their data and they have to give people more control over the data the company holds about them.”
Mr Gordon added: “You are going to see more and more private individuals who will ask how secure a company’s data policy is. For the likes of your large supermarket chains, for example, who hold data on how many people are in your family and if you like chocolate pudding or not, that will be really, really interesting. You will see individuals asking for that more.
“If you are not paying for a service you are classed as a product online because what you are signing up for is basically like saying ‘please click on these terms and conditions and I can use your data’.
“Most people of our generation, they know exactly what they are doing with their data.
“Their privacy settings are all locked down, they all use six digit pass codes in their phones etc etc. They are in a different space. But those who are not aware are at risk of falling into a trap. They should be concerned about what they are doing with their data. People need to be aware that once something is digitised you have lost control of it. No matter what you think.”
The problem then arises if you pay and the hackers know that you are an easy target
