Brian Jackson - stock.adobe.com
The Freelance and Contractor Services Association (FCSA) is taking steps to help umbrella companies tighten up their cyber defences in the wake of a series of suspected ransomware attacks that have blighted its members.
The FCSA, whose members include more than 60 umbrella companies, has forged a partnership with cyber security firm Mitigo as part of this effort.
The partnership will see FCSA members offered guidance by Mitigo on how to navigate cyber security incidents, as well as advice on how to avoid them happening in the first place.
The umbrella market has been blighted by a series of suspected ransomware attacks in recent months, involving three firms that are all accredited members of the FCSA – Giant Group, Parasol and Brookson Group.
The attacks on all three firms resulted in them having to proactively disable their web- and customer-facing systems, while the contractors who work for them faced lengthy delays in getting paid.
As reported by Computer Weekly, the fallout from the attacks has seen some of the firms come in for fierce criticism from contractors over their handling of the situation, with many vowing to seek alternative providers as a result.
Speculation about why umbrella companies have found themselves in the crosshairs of the cyber criminal community continues to rage, but the general consensus in the contracting industry seems to be that these payroll processing firms are typically cash-rich businesses, making them an attractive target for ransomware attacks.
In response, the FCSA said it has collaborated with Mitigo to create a cyber threat mitigation programme specifically tailored for umbrella companies.
“For umbrella companies, cyber security is now the biggest threat to their business and operational resilience,” said Mitigo CEO Lindsay Hill.
“Across all industries, we’ve seen ransomware attacks with the potential to cause mayhem and destroy business relationships, and this topic should be right at the top of every business’s risk register.”
Read more about umbrella company regulation
- Cheshire-based contractor payroll service provider Brookson Group has referred itself to the UK National Cyber Security Centre after its networks were targeted by an “extremely aggressive” cyber attack last night.
- A suspected ransomware attack that prevented payroll processing firm Giant Group from paying wages to thousands of contractors across the UK has led to renewed calls for umbrella companies to be statutorily regulated.
- Thousands of contractors across the UK are experiencing delayed payments because of an ongoing systems outage at umbrella company Parasol.
- Umbella company confirms a ‘malicious activity on its network’ as the root cause of a systems outage that has delayed salary payments to thousands of contractors across the UK.
FCSA CEO Chris Bryce said managing and mitigating cyber risks is a “critical” senior management responsibility in any sector, and firms that fail to take protective action could face “catastrophic consequences”.
He added: “An attack can bring a business to a complete standstill, with company and client data and systems being encrypted, resulting in an inability to process any payments, not to mention heavy ransom demands.
“To mitigate risk, we advise members to undertake comprehensive and regular reviews of their system security and safeguarding of personal data and take full advantage of this strategic partnership with Mitigo to help keep themselves safe.”
But on top of this, Bryce said the attacks on umbrella companies also highlight a need for closer collaboration between private and public sector organisations on matters of cyber security.
“To further improve the protections UK industries have in place against emerging cyber threats, we also believe the public and private sectors need to work in closer alignment, and additional engagement and guidance from official cyber sources such as the National Cyber Security Centre and GCHQ would be welcomed by the business community,” he added.
Read more on Hackers and cybercrime prevention
Parasol data breach: Leaked email claims Optionis is denying responsibility for incident
Umbrella company Workwell refutes contractor’s ‘withheld holiday pay’ claim
Log4Shell, Ukraine and umbrella firm cyber attacks – Computer Weekly Downtime Upload podcast
Parasol data breach: Contractors rage as fallout from umbrella cyber attack continues