Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Navigating the GDPR minefield: Becoming compliant

by The Gurus
June 6, 2016
in News
Share on FacebookShare on Twitter

The General Data Protection Regulation, or GDPR as it is more commonly known has been dubbed a landmark ‘win’ for data protection policy within European businesses. Replacing fragmented and disparate country-specific rules, the GDPR will set the standard for data protection across all 28 countries within the European Union. As it comes into force on the 25th of May 2018, European companies have less than two years to prepare their internal and external data protection policies accordingly.
What with the looming prospect of a Brexit (the UK’s potential withdrawal from the EU) on the cards too, there are questions being raised about whether UK-centric businesses will have to comply with the GDPR should it come to pass. However it is my view that whatever happens with the referendum vote, it is likely that the UK would still have to follow the GDPR. Should it come to Brexit, the UK may even need to conform as a prerequisite for entry into the European Economic Area (EEA) or a wider trade agreement. Also, the bar could be set higher, rather than lower since the UK would likely want to be able to reassure the EU that its data protection laws are adequate so as to not scare away foreign investment.
Due to many recent high-profile cyber attacks across Europe and beyond, it is no secret that organisations of all shapes and sizes are getting more savvy to cyber security risks, including breaches. One may assume therefore, that the security solutions in place today across the majority of UK organisations will be enough to comply with the GDPR, or equivalent, in 24 months time. Unfortunately, this is quite unlikely.
According to Code42’s 2016 Datastrophe Study, in which over 400 UK IT decision makers (ITDMs) were surveyed, 50% of them acknowledged that the security measures they have in place currently will not be enough to meet GDPR standards. With heavy fines that can be levied against businesses seen not to be doing enough to protect sensitive customer data—€20 million or up to 4 percent of global annual turnover, whichever is greater—it should encourage many businesses to rethink their cyber defence. Otherwise they run the risk of their data being ‘uninsured’ come 2018.
Pre-empt the regulation
Keeping customer and corporate data safe, especially to GDPR standard (or beyond), requires a current and practical InfoSec strategy that can lead to significant investment. Businesses need to have clarity into what effective security in the modern enterprise looks like, all within the context of how today’s employees work. This means not just thinking in compliance terms, but also thinking about securing and encrypting data wherever it resides, in global data-centres, on-premise or on devices themselves.
There are numerous ways in which data can be safeguarded, and many solutions exist in the marketplace which make bold statements promising bulletproof all-round protection from breaches and cyber attacks. However, there are no silver bullets in security. The focus is a “defense-in-depth” approach designed around root problem statements and measurable results. Today, businesses must adopt a whole stack of security solutions—from anti-virus programs, to breach detection solutions, to encryption tools, to modern endpoint backup and real-time recovery solutions. Additionally, teams are looking to optimise their investment’s technical footprint.
Also, focusing efforts on protection exclusively from external threats is incredibly short-sighted, yet is something many businesses are still doing. The insider threat from either disgruntled or unwitting employees is just as pronounced—and educating knowledge workers on the risks of poor data management is also something IT teams and CISOs should be actively pursuing.
The uncomfortable truth
Despite a robust combination of endpoint security tools that give businesses a fighting chance against certain cyber attacks, unfortunately it is still a matter of when, not if, a data breach occurs. It is essential that in such situations, businesses can identify, mitigate, recover, and report the breach quickly. This is especially important as one of the major directives of the GDPR is the need for a business to report any data breaches within 24 hours. The quicker the detection and remediation, the quicker the team can address the attack, and apply the lessons learned from the incident.
It is also imperative to take into account that modern employees treat and access corporate data more flexibly. In fact, according to the 2016 Datastrophe Study, IT decision makers believe that 42 percent of corporate data is now stored outside the confines of the traditional data centre, on employees endpoint devices. Mobile phones, laptops and tablets––they are miniature computers for the workforce keen to be connected anywhere and anytime. Third-party cloud solutions too often play an important part in an employee’s day to day life, but they have their security challenges relative to protecting sensitive corporate data. As a result, the enterprise’s cyber defence strategy needs to evolve to keep up with this shift in mobile computing needs.
The GDPR actually makes provisions for unstructured data, such as that managed by more consumer-grade cloud applications–which are often used by enterprise knowledge workers.  Therefore, any security strategy built needs to be far-reaching and address how and where your employees access corporate information. It has to have data protection at its core to comply with the regulation. But, placing all your trust just in a well-protected data centre is equivalent to burying your head in the sand.
So what should you do? Pre-empt the regulations by implementing the right endpoint security stack, and train your staff accordingly. Create internal policies that promote accessibility and flexibility with approved solutions without locking the enterprise down to the point of stifling productivity. Fail to do this, then the GDPR will soon motivate businesses to get up to speed and build appropriate cyber defence structures—but it may have cost them a hefty fine along the way.

FacebookTweetLinkedIn
Tags: CISOcode42dataData Centreendpoint devicesEUFinegdprhefty fineIT teamProtectionRegulation
ShareTweetShare
Previous Post

Mitsubishi Outlander hybrid security bugs exposed

Next Post

Adopting a User-Centric Approach to Protect Sensitive Data

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information