GDPR – 50 days and counting

Cybercrime prevention with Forcepoint

The General Data Protection Regulation (GDPR) is being dubbed as “the greatest change in data privacy regulation in over 20 years”. It will replace the Data Protection Act 1998 and comes into play on May 25th 2018.

With only a third of businesses said to be currently prepared for GDPR, many organisations are reportedly rushing to hire data protection officers. Whilst companies with more than 250 employees or public authorities are required to appoint a Data Protection Officer; those below the threshold are not obliged to do so.

However, all businesses are required by law to comply.

When the new regulations are enforced, businesses must have recorded consent before they can use personal data or risk severe penalties. A data breach can result in administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.

So how can technology be used in the quest to become GDPR compliant?

Data policies
Look at the way data flows through your business, review your data model and implement an end-to-end data protection strategy to meet GDPR regulations.

Data Classification
Consider the types of data flowing through your business:

• Is it freely available?
• Does it contain personal information?

Data should be protected by the authority in a data classification system.

Encryption
Encryption translates data into code, so that only people with access to a key or password can read it. At present it is one of the most widely used data security methods in the protection of data and its confidentiality across all devices.
By encrypting information, businesses can take control over their data by validating users and ensuring data authenticity when data is used and transferred.

Data Loss Prevention (DLP)
Data loss prevention software uses detection techniques to recognise sensitive data. It enables businesses to determine why and how information is being used and therefore identify any data breaches or misuse. It is highly recommended to protect businesses from insider threats.

Two-factor authentication (2FA)
Most standard online security procedures involve a username and password. With the ever increasing level of cybercrime, an extra layer of security is recommended to ensure data is adequately protected.

Two-factor authentication, also known as 2FA involves the use of a traditional username and password as well as a piece of information that only the user knows, such as a PIN or fingerprint.

Anti-virus/Anti-ransomware
With more than half of UK businesses already being affected by Ransomware, it is said to be a case of not IF, but WHEN an attack occurs. This is a scary prospect for any businesses, regardless of size which is why antivirus & anti-ransomware software are so important. By scanning systems, the software wipes out any identified ransomware attempts.

Device management
Device Management enables IT teams to control the security, monitoring, integration and management of devices such as laptops, mobile phones and tablets in the workplace to ensure the network and its data is fully secure and GPDR compliant on all devices throughout the business.

Access/identity management
Many businesses do not validate employees’ access rights and permissions to use data. To achieve GDPR compliance, businesses will need to take a much more controlled approach to minimise unauthorised access to critical information using stronger and more centralised access and identity management

Backup
With the increase in cybercrime coupled with the new laws, data backup has never been more important than it is now. Backups are vital in the event of information being destroyed, be it accidentally or maliciously.

Exploit prevention
An exploit attack is designed to slow down your computer, cause sudden application failure and/or expose your personal data to hackers.
Exploit prevention protects the applications and files that are prone to these attacks and cleverly mitigates the methods attackers use to exploit software vulnerabilities.

Patch Management
Patch management involves keeping software on computers and network devices up to date and capable of resisting low-level cyber-attacks. With older software versions, companies are far more vulnerable to cybercrime and leave obvious gaps for hackers to intercept.
It sounds basic, but the simplest technological solution in the fight against cybercrime is good patch management. By keeping software up to date and capable of resisting low-level threats, businesses are far less vulnerable to cybercrime.

For further details on GDPR I recommend visiting eSpida’s dedicated GDPR page where you can find information on preparing your business for GDPR, useful links as well as our ‘Preparing for GDPR’ whitepaper.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *