But you cannot walk away from your responsibilities entirely.
If you are lax in your approach to cyber security, then you could find yourself in hot water with both the Information Commissioner’s Office and the FCA should the worst happen.
So, there are a few things to bear in mind when it comes to cyber security:
• Make sure your staff understand the importance of password protecting their screens, and the systems you have them working on. Make changing the password a regular habit – yes, it can be hard to do that, but it is a sensible way to ensure the only people accessing your systems are the people who should be.
• If your staff work on external wifi to access your systems, then ensure they are using a secure wifi that is password protected. Using public systems on the train, in a coffee shop or in a restaurant is not a great idea. Even using a smartphone’s 4G system with password protection is better than this, so make sure your staff are well drilled in how they should and should not access your systems from outside the building.
• Keep your relevant staff updated on the latest GDPR requirements. If you have a data controller listed for your business with the ICO, they need to know what their responsibilities are under GDPR and comply with them. Anyone who controls data in your business should be GDPR aware and trained. It may not seem overly important, but it really will be if you have a breach and the ICO starts to ask questions about how it happened.
If you are unsure about whether you have a cyber security weakness, it would be worth speaking to an expert to have a thorough review undertaken to check.
Any problems highlighted should be considered carefully and addressed as soon as possible, because the damage a breach can do to your business, both financially and reputationally, is likely to be much more costly than the measures you could have taken to prevent it.
Alison Steed is a freelance journalist