The idea that the IT department has sole responsibility for protecting the business might be one of the biggest and most dangerous myths around cyber security. And, with data security and protection so high on the regulator’s list of priorities, it’s a subject that businesses will be forced to look at more closely ahead of the GPDR deadline of May 2018.
Every employee is responsible for cyber security
The IT Team in any business will play a key role in keeping personal data secure and protecting against malware or ransomware attacks, but smaller businesses don’t always have dedicated IT departments, and rely on all employees to add extra protection and reduce risk by playing their part.
That means regular training sessions or sharing information that will keep everyone informed on the everyday precautions they need to take to see off potential threats.
Simple things such as updating passwords regularly, knowing how to identify suspicious emails, avoiding high-risk sites and protecting remote devices with encryption or pseudonymisation, can make a big difference.
Some businesses are more at risk than others
It’s fair to say some companies are more attractive to hackers. For example, businesses that run lots of payment transactions or work with high volumes of customer data that could provide an opportunity for fraud, are more likely to attract attention.
For businesses with a responsibility to protect data security, privacy and integrity are key. That could mean adding an additional layer of security, managing data storage off-site and using remote hosting or a cloud-based service that removes the risk of any physical data source.
Remember, each additional security measure is another reason for a hacker to look for an easier target, so the more difficult you make it, the less likely you are to attract the wrong kind of attention or fall victim to a cyber-attack.
A security policy is a must
Cyber security should be a hygiene factor for every business, regardless of its size. Keep it clear, simple, revisit it regularly with IT health checks and security audits, and design it so you get the confidence you need without stifling your business’s creativity or day-to-day functionality.
And, if the skills you need to make it happen don’t exist within the business, work with a professional consulting service to get the expertise you need. A good IT provider will be able to create a simple, effective and affordable plan, to suit any business.
Regular policy reviews will keep you protected
Security threats are getting more sophisticated all the time, so it makes sense to review your security quarterly, stay on top of updates and system patches, and keep abreast of the increasing compliance regulations coming down the track, because they could result in mandatory changes to the way you use data or do business.
There’s no one piece of software, hardware or firewall that will do everything on the cyber security front, unfortunately. It’s more about getting sound advice, building defences with good technology, and being proactive.
Prevention is always better than the cure, so a security policy that focuses on data storage, business continuity planning and machine management, is a solid foundation.
Data - how you use it, store it, protect it, back it up, and destroy it, are all fundamental to the GPDR. Different businesses benefit from different levels of data storage protection, so it’s worth talking to an IT expert about your responsibilities and think about whether an off-site, hosted or cloud-based solution might work best for you.
This will first require data mapping to get a comprehensive overview of what data you have, where it is, who has access to it, and how it flows through your organisation.
Business Continuity Planning
Business Continuity Planning is crucial, because if things go south, a good BCP is your best chance of bouncing back quickly, with as little reputational damage as possible.
We were treated to a master class in global hacking in 2017, when a cyber-attack using tools believed to have been developed by the US National Security Agency, crippled the NHS, challenged FedEx and infected computers in 150 countries across the world.
More than 300,000 devices were infected by the biggest ransomware outbreak in history, using a virus that exploited a Microsoft vulnerability. A patch to fix the known issue was released by Microsoft in March 2017, but hackers targeted companies who hadn’t patched their systems and the attack proved very public, embarrassing and expensive.
The NHS was the worst hit in the UK, with hospitals across England forced to turn patients away. In the event of a disaster like this, a business continuity plan that allows you to manage data recovery in an organised way is worth its weight in gold.
The same attack can be used to illustrate the importance of machine management, proving the value of handing over responsibility to one source for maintaining regular updates and ensuring patches go in on time. Availing of an outsourced IT service can not only allow you to rest easier when it comes to your data security, it can also be a very handy way to reduce your IT costs.
Get started with the right security software
The most cost-efficient measure a business on a budget can do to protect itself is invest in enterprise-grade security software, so the gateway for traffic moving in and out of the business is secure. It’s also worth looking at any protection that’s power-managed, as outage is another commonly used tool of the cyber marksman.
Plan for disaster
‘Hope for the best and plan for the worst’ is the best strategy when it comes to cyber security. Attacks and data breaches don’t do anything for a business’s credibility or consumer confidence, but if you protect your business IT as much as possible and an attack does happen, immediate action that allows you to bounce back quickly and limits any risk to confidential or sensitive customer information is the best way to avoid lasting damage.
As certified GDPR practitioners, the team at pebble.it can be the IT consulting service you need to help put the necessary cyber security measures in place and educate your staff with practical solutions to help avoid any of the fines regulators will be looking to hand out.
Find out how we can help you be compliant with GDPR by downloading our free GDPR-readiness checklist: