In recent years technology has advanced massively. We use the Internet for everything from banking to switching on your kettle.
Whilst technology has progressed, so have genius and not so genius hackers. A “not so genius” you might ask? As we know, Hackers target basic vulnerabilities such as weak passwords as they know a huge amount of businesses don’t take appropriate care of their IT Systems whether it’s down to cost, ignorance or “it won’t happen to us” and, for those reasons, I believe GDPR is a welcome and overdue move.
It’s time for accountability.
Organisations will face a number of penalties for data loss including financial and reputational. Identity thefts through data loss has a huge impact on someone and this is where GDPR will give the victim some recourse.
New security requirement
The new security measures mandated under GDPR are both from a technical level and an organisational level and are classed as needed to be “appropriate to the risk”.
All organisations should as a minimum, implement the following measures.
Technical measures that you need to consider:
- A robust Firewall which is configured for your business and software updated regularly.
- User access across your organisation controlled.
- Policies enforcing the use of strong and complex passwords with regular expiry
- Regular software updates across your organisation’s estate.
- Real-time protection against viruses, malware and spyware
- Encryption of all devices including portable devices
- Implementation of intrusion detection and prevention systems
- Implement User Behaviour Analytics
- Backup up your data – religiously and often
- Ensure physical security on premises from locking your comms cabinet and providing access to ensuring you have a strong Clean Desk Policy.
- Vet, train and monitor behaviour trends of your employees – a disgruntled or untrained employee can and will be damaging.
- Restrict employee access to your important data on a “need to know basis”
The list could go on. Prior to implementing any measures, you should undertake a full review and audit to highlight vulnerabilities and the steps you should take.
Kube & GDPR
Whilst we have been busy here, ensuring our organisation’s compliance to GDPR our team have been working closely with our customers around GDPR requirements (please read our blogs) and advising on how we can help towards their compliance.
Reviewing network infrastructure and importantly current security provisions through audit and assessment by performing vulnerability and penetration testing has been a crucial part which has highlighted the journey we all need to complete.
Supporting our customers on the GDPR journey is key to a successful partnership and sharing experiences has been a great exercise
The deployment of security measures built round your organisation is crucial to mitigating threats that will only increase.
Our Managed Hosted Firewall has been well received by our SME and enterprise customers alike, offering protection against viruses, malware and spyware as well as intrusion detection and prevention systems at the core.
Securing your connectivity is a step towards securing your business and demonstrates that you have taken appropriate steps to protect YOUR organisation.
Lora Barclay is KubeNET’s Service delivery manager and a GDPR practitioner.
Please contact us to arrange a consultation and an assessment to see how we can help. Email us on firstname.lastname@example.org or call 0344 873 4488.