Cyber Security, GDPR and e-Privacy
In the new GDPR compliant world we live in we are beginning to see the first organisations receiving fines for non-compliance with these regulations. The fines we have seen so far have been due to breaches in security and the loss of customers personal information. Many organisations have not invested in their infrastructure to ensure that the personal information of their customers and their organisation is held in a secure environment.
Many organisations have not considered that the investment in to Cyber Security as a business priority and have yet to grasp fully the ramifications of being breached and losing customer information even on a small scale. We believe that organisations will have to have a major rethink around Cyber Security and its role in any IT strategy. Infrastructure and processes around data management are still not being fit-for-purpose with 65% of business saying that they still did not believe they were GDPR complaint with a further 35% say they will never be GDPR complaint.
The age old adage of “I didn’t know about it” will provide no level of protection in today’s modern world. Directors and Officers of companies are now legally responsible for compliance issues just as they can now be held to account for Corporate Manslaughter and other negligence charges.
Our view is that cyber security is the foundation upon which all IT infrastructure should be based and is one of the cornerstones of implementing a robust GDPR and e-security processes.
Unfortunately, many organisations are now playing a game of catch up. Organisations have legacy systems where Cyber Security was not considered and…the internet was never designed with security in mind and as a result of this, we are now witnessing data breaches on almost a daily basis and the regulator is acting on those breaches.
We live in a connected world so it is more important than ever to take steps that can prevent your customers or client personal information being breached and then being used illegally. Devices are being accessed remotely, either by sophisticated and well organised criminals or simply by something as simple as not configuring Cloud Services correctly.
The latter is certainly more and more relevant as almost every day, an organisation moves an internal service to the Cloud. On many occasions this is driven by the organisations desire to save cost, outsource the risk from the Board, retire aging infrastructure and streamline internal processes but there are countless stories in the media where the teams responsible for migrating these services simply have not had the budget committed to the project to educate and train the teams to ensure that security has been a primary driver in the roadmap to Cloud migration. With GDPR, Directors can now be held personally liable, for the payment of fines and with the minimum fine starting at £50,0000 and being a maximum of 4% of global revenues then Boards of Directors should consider closely their activities in this area.
Enigma’s Modernisation Strategy
Our strategy is as much about education as it is to implement and modernize the existing infrastructure as well as developing long term strategies to help organisations work their way through these regulatory changes. Working with our clients to ensure they understand ‘why they need to implement these changes’ and what the true cost to the organisation would be for falling short of the required standards.
We start with a full review of all current Cyber Security protocols, this baseline audit will enable us to create a risk profile and enable us then to build a Modernisation Strategy, this will include an analysis of the training required internally from the Executive Team down.
As part of the review we assess multiple areas – how you manage user privileges (inc. home and mobile working), incident management, your incident management procedures, user education and awareness, overall network security (inc. Malware prevention), and how you monitor systems and networks.
Our Modernisation Strategy will help you establish effective management processes to ensure all employees, contractors, and suppliers are aware of and adhere to your Cyber Security principles.
For me we need to beef up the last two paragraphs and quite considerably.