GDPR and cyber security: is your data protected?17th February 2018
In as little as 3 months, the EU General Data Protection Regulation (GDPR) will come into effect, overtly changing the way organisations handle, store and protect their data.
Seen as one of the most significant changes in global privacy laws in 20 years, this law isn’t just about how you use data but also how it is stored. With a 134% rise in cyber-attacks in 2017 and the UK being seen as the most targeted region in the world for cyber threats, it is vital that all organisations have the appropriate measures in place to ensure that all company data is secure and well protected.
Sadly, every organisation is a potential victim to a cyber-attack and without sufficient procedures and protocols in place, you leave yourself open to a cyber breach and your data at risk. Here are the 10 steps issued by the National Cyber Security Centre to provide guidance in protecting your organisation from cyber threats:
- Access the risks – Cyber risks should be treated the same way as legal, regulatory, financial or operational risks. To do this, you need to establish an effective information risk management regime and produce risk management policies.
- Secure your network – Make sure that secure configuration of all ICT systems is maintained and patch management is sufficient to prevent attacks from software bugs.
- Network security – Connecting to untrusted networks can leave your organisation exposed so it is important that you manage network perimeters, and filter out unauthorised access and malicious content.
- Manage user privileges – Not everyone needs access to everything on your system. By keeping access to a minimum, you reduce the risk of data being exposed. Establish account management processes and limit user privileges.
- Educate – The best way to prevent a cyber breach is with adequate training, so you need to ensure that you produce user security policies, establish an efficient staff training programme and maintain employee awareness of cyber risks.
- Incident management – No matter what measures you put in place, mistakes can happen. That is why it is important that you have a disaster recovery plan in place that can help you minimise any damage, downtime and data loss. Remember that criminal incidents need to be reported to law enforcement.
- Malware prevention – You need to establish policies that directly addresses business processes and ensure that anti-malware defences are in place to protect your IT systems and devices.
- Monitoring – It is vital that all IT systems and networks are monitored, and that a strategy is in place to ensure that any unusual activity is flagged that could be a malicious attack.
- Removable media – External devices can be a source of malware so your organisation needs to establish a policy to control all access to removable media and ensure that all media is scanned before being imported to your system.
- Remote working – If you have staff that work remotely, you need to develop a mobile working policy and ensure that all staff adhere to it. It is vital that data is protected in transit and at rest.
The protection of customer and employee data should be taken very seriously.
At Griffin House Consultancy, we are here to provide you with all the training and knowledge your company needs to comply with GDPR, and future-proof you against forthcoming changes. If you would like more information on how to protect your business please contact us on 01673 885533 or email [email protected].