First of all, what is GDPR?
The EU General Data Protection Regulation (GDPR) will be enforced from 25th May 2018. It affects all organisations that hold “personal data” on EU citizens, regardless of where the organisation is based in the world. To find out more about what “personal data” is, please click here >
The basis of GDPR is that it requires you to take measures to keep personal data secure. This includes “organisational measures” such as limiting the number of people who can access personal data and “technical measures” such as computer disk encryption.
What are the security risks?
There are many types of security risks to consider:
- physical intrusion
- rogue employee
- accidental loss
- online hackers
Building risk management plans and taking risk mitigation steps such as password protection, audit logs, and encryption can help to ensure compliance with GDPR. Sophos have reported that 57% of data breaches are due to hackers or malware and 23% of data breaches are caused by unintended disclosure (i.e. human error).
How can I reduce the risk?
There is no single product that will provide a complete guarantee of security for your business. The recommended approach is to use a set of security controls that complement each other but will require ongoing support in order to maintain an appropriate level of security.
Having an enhanced multi-layered security setup that can stop attacks at every level of your network is essential. Typically this could include:
- A firewall to stop external attacks at the perimeter before they get to your devices.
- An internet gateway can prevent internal users from accessing website or other online services that present a threat or that you do not trust.
- Email security and anti-spam so suspect emails are stopped before reaching your users’ inboxes.
- Anti-virus protection to detect and prevent and remove viruses should they occur in your system.
- Anti-malware (enhanced anti-virus) to prevent and remove malicious software on IT systems.
- Anti-ransomware to work alongside your anti-virus as another layer of protection against ransomware.
- Network access control to restrict access to your system to users and sources you trust.
- Keep up-to-date with patch management and software updates to ensure programs continue to run smoothly and fix any security vulnerabilities.
- Make sure you backup and apply the 3-2-1 rule – you should keep 3 copies of your data, on 2 different types of media, with at least 1 copy of the backup stored off-site.
- Since it renders data unintelligible, encryption is widely accepted as an adequate means of addressing the GDPR requirements on all devices including smartphones. If encrypted data becomes lost or stolen, it is essentially worthless. No one can access the actual data.
We would advise that you complete an audit of your data and how you use it (you can find out more about this here) and the cyber security processes your company currently maintains.
Please get in touch with our Sales Team on 01706 239000 option 2 to find out more about any of the above security measures.
DISCLAIMER: This content is provided for informational purposes only and should not be relied upon as legal advice. Please seek your own advice from legal representatives regarding GDPR compliance for your individual business.