Dealing with a cyber-attack

Welcome to our latest monthly newswire. We hope you enjoy reading this newsletter and find it useful. Please contact us if you wish to discuss any issues further.

Dealing with a cyber-attack

Most businesses have exposure to cyber risk.

Almost every modern business relies on computer networks for day-to-day operations, and this means that most firms are exposed to cyber risk. A cyber-attack is any attempt to steal data, damage or disrupt a computer system.

In the event of a cyber-attack, it’s important to manage the incident appropriately and mitigate risks.

It’s best to focus on critical assets and functions to minimise the impact of the breach. As soon as a cyber-attack is detected, it’s important to isolate the affected systems or networks, to prevent further damage. This may involve physically disconnecting any compromised devices from the internet and shutting down any affected servers.

Next, you should assess the damage. Conduct a thorough assessment of the attack to understand its scope and impact. Identify compromised data, systems, and assets to determine the extent of the breach. At this stage, it may be worth engaging the services of cyber security experts who have experience of incident response.

They can provide guidance on containment, recovery and help your business to get back on its feet quickly. Depending on the nature of the attack and applicable regulations, notify relevant parties such as customers, employees, and regulatory authorities about the breach. Transparency is crucial in building trust and managing any potential reputational damage.

Once the damage has been assessed, the focus can shift to restoring affected systems using data from your backups. Any updates or security patches should be deployed in order to fix whatever vulnerabilities allowed the cyber-attack to occur in the first place. Passwords and login details should be changed in order to prevent any further unauthorized access.

Once your systems are back up and running, they should be monitored for any signs of further suspicious activity. Once everything has been sorted out, take the opportunity to review and learn from the situation to prevent any future cyber-attacks from occurring.

Empathetic listening

As a manager, how can you become a more empathetic listener?

Effective leadership in business requires more than just giving orders or making decisions. It involves understanding and connecting with employees on a deeper level, which is where empathetic listening comes into play. As a manager, developing empathetic listening skills is essential for fostering a positive work environment, building trust, and driving employee engagement.

Empathetic listening involves actively tuning into the thoughts, feelings, and perspectives of others without judgement or interruption. It goes beyond simply hearing what someone is saying; it involves truly understanding their emotions and experiences. By practising empathetic listening, managers can create a supportive and inclusive workplace culture where employees feel valued and respected.

A way managers can enhance their empathetic listening skills is by practising active listening techniques. This includes maintaining eye contact, nodding, and providing verbal cues to show engagement and understanding during conversations. Additionally, asking open-ended questions and paraphrasing what has been said can help clarify and validate employees' thoughts and feelings.

Showing genuine interest and empathy towards employees' experiences is another crucial aspect of empathetic listening. Managers should demonstrate empathy by acknowledging and validating employees' emotions, even if they may not agree with their perspective. Creating a safe and non-judgmental space where employees feel comfortable expressing themselves openly is essential for building trust and rapport.

Practising empathy outside of work can also help managers hone their empathetic listening skills. Engaging in active listening with friends, family, and acquaintances can provide valuable opportunities to develop empathy and understanding in interpersonal relationships.

Square payment processing

Payment processing for small and medium sized businesses.

Square Point of Sale (POS) systems have become incredibly popular since they launched in 2017. The ubiquitous little square card reader now appears everywhere from busy restaurants to coffee carts outside train stations and even in taxis. Square’s card reader is a little square gadget that connects wirelessly to your mobile phone or tablet. When paired with Square’s software, it offers a sophisticated payment solution that is particularly well suited to small and medium-sized businesses.

One of the standout features of Square POS is its user-friendly interface, which makes it accessible to businesses of all sizes, including those with limited technical expertise. The intuitive design streamlines the checkout process, allowing merchants to accept payments swiftly and efficiently. Additionally, Square POS supports a variety of payment methods, including credit cards, debit cards, and mobile payments, catering to the diverse preferences of customers.

Another notable aspect of Square POS is its robust inventory management capabilities. Merchants can easily track stock levels, manage product variations, and set up custom categories to organise their inventory effectively. This functionality is particularly beneficial for businesses with complex product offerings or multiple locations, enabling seamless inventory management across the board.

Square POS also offers a range of advanced features to enhance business operations, such as real-time sales analytics, employee management tools, and integrated customer relationship management (CRM) functionalities. These features allow merchants to make data-driven decisions, streamline workforce management, and nurture customer relationships, ultimately driving growth and profitability.

Pricing for a Square contactless card reader starts from just £19 +VAT with in-person transaction fees starting from 1.75%. Hardware / software packages can be custom built to suit the needs of any particular business.

Navigating GDPR

The General Data Protection Regulation impacts business worldwide.

GDPR mandates stringent requirements governing the processing of personal data, emphasising transparency, accountability, and individuals' rights. Businesses must grasp the fundamental principles and obligations outlined by GDPR to align their practices accordingly.

Conducting a Data Audit

A critical first step for businesses is conducting a comprehensive data audit to assess their data processing activities. This involves identifying the types of personal data collected, sources of data, and purposes for processing. By conducting a thorough audit, businesses can pinpoint areas of non-compliance and develop tailored strategies to address them.

Implement Data Protection Policies

Developing and implementing robust data protection policies is essential for ensuring GDPR compliance. These policies should outline procedures for data handling, including data minimisation, security measures, and mechanisms for obtaining and recording consent. By establishing clear guidelines, businesses can promote a culture of data privacy throughout their operations.

Obtaining Consent Properly

GDPR mandates that businesses obtain valid consent from individuals before processing their personal data.

This requires ensuring that consent is freely given, specific, informed, and unambiguous. Implementing effective consent mechanisms and providing individuals with the ability to withdraw consent easily are crucial aspects of compliance. For example, having an “opt-out” or “unsubscribe” option at the bottom of your marketing emails provides individuals with the ability to withdraw consent.

Enhancing Data Security Measures

Data security is a cornerstone of GDPR compliance, requiring businesses to implement appropriate technical and organisational measures to safeguard personal data. Encryption, access controls, and employee training on data security best practices are essential components of an effective data security strategy.

Facilitating Data Subject Rights

Businesses must enable individuals to exercise their rights under GDPR, including the right to access, rectify, erase, and restrict the processing of their personal data. Establishing procedures for handling data subject requests promptly and transparently is essential for maintaining compliance.

There are fines and penalties of up to 4% of annual turnover or up to 20 million Euros for non-compliance with the GDPR regulations. As such, if your business is trying to review and update its policies and procedures in order to comply with GDPR, it may be a good idea to seek the assistance of a specialist consultant in order to ensure that everything is set up in a compliant manner.

Contact us for more help and support

Home | Contact us | Site map | Accessibility | Disclaimer | Privacy | Help |

© 2024 Michael Harwood & Co. Chartered Accountants. All rights reserved.

“Michael Harwood & Co” is a trading name of Greville House Services Limited, a Limited Company registered in England & Wales (company number 04119622). Registered office address:

Michael Harwood & Co. Chartered Accountants, Greville House, 10 Jury Street, Warwick, Warwickshire CV34 4EW

A list of directors is available for inspection at the registered office. Any reference to a ‘partner’ in relation to Michael Harwood & Co means a Director of Greville House Services Limited.
Michael Harwood & Co is registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales’. Details about our audit registration can be viewed at under our firm reference number C003802656.

We use cookies on this website, you can find more information about cookies here.