Uber, Sage, Tesco Bank, Experian, this isn’t a who’s who of global brand names and successful companies, but just a few of the companies hacked in 2017.
Data breaches are becoming commonplace and when these happen, the effects on customer confidence and the brand can be damaging. Even with these high-profile breaches and the constant stream of news about cyber threats, many businesses are still failing to apply the right levels of security and more worrying, is that businesses still do not fully understand how the new General Data Protection Regulations (GDPR) will impact the business.
For many SME’s the challenge is greater, many do not understand the technology needed to make changes to systems or working practices to firm up security, and others don’t have the appetite due to heavy workloads or apathy (It won’t affect us Syndrome).
Research by The Centre of Cyber Security and Education last year concluded that 66% of UK companies did not have enough security tools or staff/expertise to meet the security needs.
In addition, we have just months until the first global Data Laws come into force in the shape of GDPR (The General Data Protection Regulations). This further reinforces the need for businesses to ensure adequate provisions are made to tackle the threats from Cyber Security. A failure to do so may result in noncompliance which will see significant penalties for companies unable to demonstrate a commitment to securing data. The fines now rise from £500k to £17m or 4% of global turnover.
To put this into perspective, if the recent Uber breach was to happen after May 25th this year, the fine awarded could be up to £26m.
We urge all organisations to start to take steps to ensure that they have adequate protection, tools, and procedures to meet the compliance needs.
Basic Steps Can You Take to get Ready for GDPR.
A good first step is to make sure all your computers and devices are password protected, and at a minimum, you are using anti-virus (please use a paid version – free versions do not always provide the right protection).
It is also important that these computers/devices are running a supported version of Windows operating system (or IOS) unsupported and unpatched operating systems are a huge risk and will be frowned upon by the Information Commissioners Office (ICO) who are responsible for policing GDPR. For example, any machine running XP is a massive threat for being exploited. It is also imperative that software is also updated, as these can often be the conduit for viruses and other forms of attack.
This same approach applies to your servers, these need to be up-to-date with the latest updates and security patches, and you must run Antivirus and Malware protection. A failure to do so, may leave holes in your security that attackers will be aware of and will use if they can. There are also tools that can be used such as Intrusion Prevention and firewalls, to add an additional layer of security to your network and data. These also scan known addresses and databases to identify potential attacks, preventing disaster before it strikes.
These are just some elements of the areas you need to be considering to get ready for GDPR and more work is needed to ensure staff and systems are in place to prevent any data loss.
Whilst fining companies will be the last resort if you cannot demonstrate that you have taken reasonable steps to mitigate risks the chance are that the ICO will be left no choice but to levy a fine.
For more information about GDPR why not download our guide >>Download Here