Last year, Royal & Sun Alliance Insurance was fined £150,000 for not keeping their client’s information safe. Royal & Sun Insurance experienced a data breach on one of their hard drives containing 60,000 customers data. The information included names, addresses and even bank details including account numbers and sort codes. In this article, we will talk about how Security plays into GDPR.
As you can see, not only is Security important, but it plays a prominent role in GDPR. After all, GDPR does stand for the General Data Protection Regulation and regards how we process and protect data.
Other consequences of poor security include a damaged reputation, lack of trust and vulnerability to cyber-attacks on your own business.
Measures you can take to ensure your security is compliant with GDPR.
Encrypt your Data
Data encryption involves changing data into another form, so that only people with a decryption key can read it. It is to ensure digital data confidentiality.
Educate you staff with Cyber Security
We explain the importance of this step in much more detail in this article. If your staff are Cyber Security aware, they are much more likely to identify cyber-attacks and avoid them. Your staff are your biggest vulnerability when it comes to Cyber Security. This is because they will be attacked the most.
Do you have firewalls between your organisation's internal network and the internet? A firewall helps screen out hackers, viruses and worms that try to reach your PC over the internet.
Enforce a Password Policy
Never use the same password for different accounts. Furthermore, this rule should apply to everyone in your organisation. If a website you have an account with experiences a cyber breach, your password may have been stolen. As a result, cyber criminals can use that password on other accounts that you have associated with your email address. As a result, if one is the same that they use for your business, they can gain access to your business.
LastPass is a password management system that creates complex random passwords for you. It also securely saves them so you don’t even have to remember each password for different accounts!
Mobile Device Management (MDM)
With an ever-growing numbers of staff downloading e-mails to smartphones and tablets, you need a way to control this, and more importantly, send a remote wipe command should that phone be lost or stolen. By implementing MDM, you have the ability to force security, like a phone PIN lock, and if the device is lost or stolen you can remotely remove all company data.
These are just some of the ways you can ensure your Security is GDPR compliant. To find out some more IT processes that are free, click here.
Become Cyber Essentials PLUS Certified
Cyber Essentials is a government scheme that encourages organisations to adopt good practice and procedures in their cyber security measures. Having the Cyber Essentials Plus Accreditation is a good foundation to GDPR because it shows you have reviewed your company’s network and put in place a standard set of Security measures. To read more about Cyber Essentials, Click here.
Cyber Security is important to GDPR compliance. Furthermore, You are required to let your clients know if you experienced a cyber breach within 72 hours. Let’s make sure it doesn’t come to that!
If you would like to find out more about Security and GDPR, or would like to get the Cyber Essentials Plus Accreditation, please call us on 01273 806211, or email me, James, at [email protected].