The Freelance and Contractor Services Association (FCSA) is taking steps to help umbrella companies tighten up their cyber defences in the wake of a series of suspected ransomware attacks that have blighted its members.
The FCSA, whose members include more than 60 umbrella companies, has forged a partnership with cyber security firm Mitigo as part of this effort.
The partnership will see FCSA members offered guidance by Mitigo on how to navigate cyber security incidents, as well as advice on how to avoid them happening in the first place.
The umbrella market has been blighted by a series of suspected ransomware attacks in recent months, involving three firms that are all accredited members of the FCSA – Giant Group, Parasol and Brookson Group.
The attacks on all three firms resulted in them having to proactively disable their web- and customer-facing systems, while the contractors who work for them faced lengthy delays in getting paid.
As reported by Computer Weekly, the fallout from the attacks has seen some of the firms come in for fierce criticism from contractors over their handling of the situation, with many vowing to seek alternative providers as a result.
Speculation about why umbrella companies have found themselves in the crosshairs of the cyber criminal community continues to rage, but the general consensus in the contracting industry seems to be that these payroll processing firms are typically cash-rich businesses, making them an attractive target for ransomware attacks.
In response, the FCSA said it has collaborated with Mitigo to create a cyber threat mitigation programme specifically tailored for umbrella companies.
“For umbrella companies, cyber security is now the biggest threat to their business and operational resilience,” said Mitigo CEO Lindsay Hill.
“Across all industries, we’ve seen ransomware attacks with the potential to cause mayhem and destroy business relationships, and this topic should be right at the top of every business’s risk register.”
FCSA CEO Chris Bryce said managing and mitigating cyber risks is a “critical” senior management responsibility in any sector, and firms that fail to take protective action could face “catastrophic consequences”.
He added: “An attack can bring a business to a complete standstill, with company and client data and systems being encrypted, resulting in an inability to process any payments, not to mention heavy ransom demands.
“To mitigate risk, we advise members to undertake comprehensive and regular reviews of their system security and safeguarding of personal data and take full advantage of this strategic partnership with Mitigo to help keep themselves safe.”
But on top of this, Bryce said the attacks on umbrella companies also highlight a need for closer collaboration between private and public sector organisations on matters of cyber security.
“To further improve the protections UK industries have in place against emerging cyber threats, we also believe the public and private sectors need to work in closer alignment, and additional engagement and guidance from official cyber sources such as the National Cyber Security Centre and GCHQ would be welcomed by the business community,” he added.