07 June 2017
Blogs by author: Guus van Es, GM Security Consulting Worldwide, BT.
It’s easy to talk about improving data protection and complying with the GDPR, but you can’t achieve this without knowing the cyber threats you face.
The General Data Protection Regulation (GDPR) is the new European benchmark for privacy, introducing a zero-tolerance approach to data breaches — regardless of whether these are malicious or accidental.
The regulation comes into force in May 2018, so it’s important that organisations are prepared. We’ve plenty more information on the new rules in our introduction blog , but the focus of this article is on the most common causes of data breaches.
All of these breaches will leave organisations liable under the new rules. But more than that, today’s customers will also regard a data breach as completely unacceptable, and they’re likely to head elsewhere if they believe that your organisation isn’t taking sufficient care of their important information.
The three greatest data-security challenges
Accidental data leaks
This is one of the most frequent sources of a security breach. All it takes is for an employee to send an email to the wrong address or leave their smartphone unattended.
It’s almost too easy to lose data this way, which is why all organisations need a strong security policy to deal with customers’ personal data. It’s important to make sure that all employees understand what’s at stake and why it’s so important to remain vigilant. The GDPR imposes significant fines, even for a leak of this nature, not to mention the irreparable damage it could do to your reputation.
It’s not always possible to avoid disgruntled employees, but it is possible to prevent them from taking advantage of weaknesses in internal data controls. While many organisations experience employees seeking revenge against their former employer, solid data-access and data-classification policies and tools can minimise the damage rogue employees can cause. It’s another reason why it’s so important for your organisation to place a strong focus on cyber-intelligence tools and defence strategies.
This is one of the more difficult threats for organisations to combat, largely because of the skill and determination cyber criminals apply to their ‘work’. Targeted malware and other tools are regularly used to steal personal information, something that’s lucrative for criminals.
An end-to-end approach to security is the best way for an organisation to protect themselves against this type of activity, and our white paper goes into detail about exactly what this entails.
Keeping data safe
Preventing data from falling into the wrong hands (whether by fair means or foul), is one of the ways your organisation can maintain compliance with the strict rules of the GDPR, and avoid the fines a breach could lead to.
To achieve this, you need to make sure that your networks have effective cyber-security processes in place. And it’s vital to guard against both malicious and accidental data breaches.