“Cybersecurity risks are growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace.”
That’s one of the key findings of a recent survey published by the World Economic Forum (WEF). According to the report, more than 4 billion data records were reported stolen from businesses in 2016 alone; more than during the previous 2 years combined.
In response to the growing problem of data breach incidents, governments around the world are seeking to better regulate corporate data storage.
The EU GDPR
Starting on May 25, the EU (European Union) will introduce their new General Data Protection Rule (GDPR), under which any company doing business in the EU or selling goods or services to EU citizens will be subject to substantial fines if data they are holding is exposed by a breach.
The GDPR regime provides for harsh financial penalties calculated according to the number of files exposed in a data breach. Fines levied under the GDPR will be €20 million (approximately AU$32 million) or 4% of global annual revenue; whichever is the higher amount.
What’s the GDPR definition of a data breach?
When people transact with your company online, they share a lot of information; identification data; credit card details; and even personal documentation. All this data is a tempting prize for cybercriminals, and they are constantly at work trying to get hold of it so they can rip off your company and your customers.
When valuable information held by an organisation is compromised or exposed, this is known as a data breach.
In a recent interview GDPR lawyer Sue Foster said:
“The definition of personal data under the GDPR is very, very broad. So, effectively, anything that I am saying that a device picks up is my personal data, as well as data about me. So, if you think about a device that knows my shopping habits that I can speak to and I can order things, everything that the device hears is effectively my personal data under the European rules.”
Basic preparation for the GDPR can be summarised in 3 steps:
- Data audit
- Risk assessment
- Security implementation
The first step toward cybersecurity risk management is knowing what data your company is collecting and how it is stored. A comprehensive data audit is fundamental because you’ll need to discover what information your company handles that could create liability under the GDPR. The GDPR is very inclusive in its scope, so a data audit should look at all platforms, device types and departments.
Identify what data you already have. Look at all kinds of assets stored in all formats, across every kind of software and media. List your data assets in categories to make it easier to assess.
- CRM platforms
- POS purchase information
- online shopping records
- marketing lists
- social media contacts
- company data held by contractors and other third parties
Once you’ve done a data audit to establish a clear picture of how your company’s data management works, you’ll be in a position to make a risk assessment:
- What cyber-threats could your company face?
- Where are the security weak-points in your technology infrastructure?
- Do you have effective cybersecurity measures in place?
- What threats does your security software protect you from?
- Do you have education programs in place to counteract human security vulnerabilities?
- How would you know if your data storage was compromised?
- What is your responsibility to third parties whose data you handle?
- Who is responsible for your company’s cybersecurity management?
Cybersecurity is seen as an IT issue; a lot of CEOs imagine that their IT department will take care of it but it just isn’t that simple anymore. Good cybersecurity policy requires the involvement of all levels of management and a commitment to educating every member of the team.
Make your organisation more secure:
- Use strong passwords and 2-factor authentication
- Provide cybersecurity education to your staff
- Get professional advice on how to strengthen your company’s security
- Make sure you have solid data backup and recovery procedures in place
- Implement local and cloud-based cybersecurity protection
Initiating greater accountability and transparency in data management is only half of the formula for GDPR preparation. If a company suffers a ‘serious data breach,’ their exposure to fines under the GDPR will only be one of their problems.
Businesses are losing millions of dollars to cyber-attacks that could have been prevented. Cybersecurity is seen as an IT issue; a lot of CEOs imagine that their IT department will take care of it but it just isn’t that simple anymore. Good cybersecurity policy requires the involvement of all levels of management and a commitment to educating every member of a team.
MailGuard: your cybersecurity partner
Every day, MailGuard intercepts new cyber-attacks designed to capture the valuable data held by our customers.
As a leader in cybersecurity and data protection, MailGuard applauds the introduction of the GDPR Scheme as an essential contribution to global cybersecurity.
With mounting pressure on governments globally to do more to close the gaps in cybersecurity, we will be seeing much higher standards for compliance everywhere. Forward-thinking business owners and CxO’s who move now to implement better strategies will come out ahead of the curve.
MailGuard is committed to supporting our customers in achieving compliance with the GDPR and we’re proud to be working with you to create a more secure internet.
Learn more about the EU GDPR regime:
- New GDPR Regulations: Billions at Stake for Unprepared Companies
- 2018: Can we Avoid a Cybercrime Storm?
For detailed information about the incoming GDPR regulations and their ramifications for corporate cybersecurity, visit the EU’s Justice website.
To get ahead of the curve on GDPR compliance, get in touch with MailGuard for an obligation-free consultation with one of our cybersecurity experts:
1300 30 44 30