Can Data Security Risks Increase Under GDPR?

With high-profile casualties including NHS, FedEx, Nissan and Hitachi, 2017 was dubbed ‘year of the cyber-attack’. If one good thing came of the attacks, it was the increased importance of security in the light of upcoming General Data Protection Regulation (GDPR)…

Why will GDPR make cyber-security a BIG problem?

With more than 3 billion records breached in 2016, cybercrime is on the rise. Unfortunately, the arrival of GDPR, is likely to increase the threat. Why? Because hackers may use the regulation as leverage to receive ransom, with companies preferring a payoff instead of GDPR fines.

The Uber hack is a good example of this. In this case, cyber criminals blackmailed Uber to pay over £750,000 to keep the data breach of 57million records a secret. Had this have occurred post May 25, Uber would have had to pay twice. Once for the attack itself and again for the cover-up. And you wouldn’t want to imagine how many £’s that would add up to!

The key lesson learned here is that paying the ransom doesn’t guarantee that your files will be returned undamaged. In fact, only 45% of UK businesses who’ve paid have successfully gained access to their files.  But more importantly, GDPR fines will be unavoidable. – Uber’s secret came to light anyway.

How to keep your business safe from security risks

When it comes to breaches, the Information Commissioner’s Office (ICO) requires you to put adequate measures in place to prevent a breach. FYI, this is great starting point if you haven’t already started reviewing your processes and data management ahead of GDPR. Of course, there’s always the possibility of an unwanted attack, but if you’re already taking steps to prevent this (such as robust security solutions), then that’s half the battle!

Ransomware prevention tools to win the fight

To protect your business against ransomware, you should invest in backups and data encryption. Doing so limits the effectiveness of an attack, as sensitive data is not available to hackers and files can be easily restored. For more tips on how to avoid ransomware visit our blog post here >

Swim away from phishing nets

Hackers can now skilfully replicate emails that appear to be from your bank, insurance provider, supervisor or co-worker. With those tips it might be easier to eliminate the threat:

• Cybercriminals are not known for their grammar and spelling skills so if you notice mistakes in an email, it might be a scam. If you’re not sure, ALWAYS check with your IT support.
• If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message
• Have you ever received a threat that your account would be closed if you didn’t respond to an email message? Think before taking any actions – is it a genuine email?
• In a nutshell, if you’re not expecting it, just delete it and check with the sender via phone whether it’s legitimate.

As prevention is usually better than the cure, using spam filters will also reduce the amount of spam and phishing emails. Find out more about some proactive security solutions here >

Fill those operating system holes

Despite the known risks of software vulnerabilities, most companies have unpatched security flaws in their infrastructure, including servers, desktops and laptops. As an example, the patch that could have prevented the WannaCry attack was released 59 days before the outbreak occurred. As a results, companies like NHS were affected, with a significant disruption to services.

Applying software patches automatically closes that open window before a hacker can use it to access your network. Find out more about patch management tools here >

Mitigate human error

People still represent the biggest security risk and according to research 95% of cyber security breaches are due to human error. From misaddressed emails to stolen devices and clicking on phishing emails, mistakes can be very costly.

Fortunately, there is a way to prevent most of those nasty attacks. Cybersecurity awareness training ought to be an ongoing exercise – one-and-done won’t suffice. People have short memories so repetition is the key when it comes to cyber security. Find out more on the importance of employee security training here >

This blog post should not be relied upon as legal advice on how to comply with GDPR. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.