Cyber security for museums

Museums are not immune from potential cyber-attacks, but should you suffer one it can cause considerable distress with additional time, resource and specialist advice needing to be deployed to re-enable services and functionality. A cyber-attack is an attempt by hackers to damage or destroy a computer network, which may or may not be accompanied by ransom demands. Ransomware is a malware that prevents users from accessing their data by encrypting it. The criminals that carry out the attack then issue a ransom note demanding payment to release the data.

What are the key areas of access for cyber criminals?

Remote Desktop Protocol – this is the main protocol that enables employees to access their office desktops. If these are not secured it allows the cyber criminals to access devices.
Vulnerable Software or Hardware – unsecure or unpatched (you’re not signed up for automatic software updates that would address known security issues) are often used by attackers to access the networks.
Phishing Mails – emails that encourage users to click on seemingly harmless, but actually malicious, links or opening attached files.

To make their attacks more effective, criminals have also been seen to:

  • Sabotage backup or auditing devices to make recovery more difficult.
  • Encrypt entire virtual servers.
  • Use scripting environments to easily deploy tooling or ransomware.

The National Cyber Security Centre (NCSC) recommends that ‘organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks’. Read more on this here.

The NCSC also suggests that the following questions should be posed of organisations.

  • Do you have a list of the different organisations that provide your IT services?
  • Is it clear who manages and/or coordinates the IT?
  • Have you identified the most critical parts of the digital estate and sought assurance about its security?
  • Do you have a proper backup and restoration plan in place?
  • Do the governance and IT policies reflect the importance of good cyber security?
  • Do you train staff on the common cyber security threats and incidents that could be experienced?
  • Do you know who to contact if you become a victim of a cyber incident?

There are a plethora of cyber insurance policies available, which have evolved to meet the growing need to insure against cyber-attacks and their increased sophistication. It is a strong recommendation this area of risk is discussed with your insurance provider. These policies not only provide invaluable assistance when you are confronted with an attack, but also forms a key part of your resiliency planning.

About the author

If you have any questions regarding the above, please get in touch with our museums specialist, Ben Leah:

07554 455 041 | [email protected]

Back to Feed

Hayes Parsons Insurance Brokers is a trading name of Hayes Parsons Limited which is authorised and regulated by the Financial Conduct Authority (FRN 311881) for general insurance business. Registered in England and Wales Company No. 816448 at Beacon Tower, Colston Street, Bristol BS1 4XE

If you wish to register a complaint, please contact the Compliance and Training Manager on [email protected].  If you are unsatisfied with how your complaint has been dealt with, you may be able to refer your complaint to the Financial Ombudsman Service (FOS). The FOS website is www.financial-ombudsman.org.uk.

Useful Links

Specialisms

Essential SME

Private Client

0117 929 9381 | [email protected] | Beacon Tower, Colston Street, Bristol BS1 4XE 

Part of the Hayes Parsons Group

Facebook-f Twitter Youtube Linkedin-in Instagram