It is your responsibility to report a data security breach to the Information Commissioners Office (ICO), based on the guidance provided by the Information Commissioner. Impact Computing does not provide guidance on whether a breach should be reported.
Fraud, Cyber Crime and Phishing Attempts
Where you have been the victim or fraud, cyber-crime or a phishing attempt, you can report it to the police using the following site: Action Fraud UK Police Report. We advise with any security incident that you also inform your bank.
Theft or loss of equipment
In the event you are the victim of theft or loss of equipment, please keep the following things in mind:
What you need to do:
- Keep in mind that an unauthorised 3rd party has possibly had access to all your confidential data, including e-mails and attachments, contacts, files, and financial information, though this is not an exhaustive list. Consider the risks and what the unauthorised party could do with this information. If the Laptop or PC is encrypted this should not be a concern as long as the account on the PC/Laptop has a suitably secure password.
- Ensure that staff are not storing the unlock/encryption keys and logon passwords with the laptop/PC itself as this nullifies the security on the machine.
- Let us know as soon as possible if you have any equipment stolen so we can mark it as stolen in our records and ensure it is locked out of all relevant services.
- Report the theft to the police and your insurance company. You are responsible for doing this. We are happy to provide any details (make/model/serial number etc) that you require.
- Any none supported account related to the stolen items should have their passwords reset (Sage/Iris/ACT/any online service). Please ensure you follow our best practice guidelines for setting passwords.
- In instances where confidential client data may have been accessed, we recommend contacting a solicitor to assess the your responsibilities, especially in relation to GDPR. Impact Computing cannot advise you on your legal obligations.
- We recommend contacting your bank to discuss the possible impact of the stolen equipment, especially if that user/equipment was used for any kind of financial activity.
What we will do:
- We will reset the password of any account that we support.
- We will lockout any equipment identified from accessing company services.
- We will mark any stolen equipment as stolen in our database and at your request quote you for a replacement machine.
What you should be aware of:
- We recommend the encryption of all laptops and PCs. Many older machines can be encrypted. There is a chance that if your machine is relatively new we encrypted it by default, but if in doubt please call us to ask.