Ensure your business is GDPR compliance.
To meet GDPR compliance regulations you have to ensure you look at breach notification. This will become a legal requirement of all businesses from May 25th 2018. Which means, that within 72 hours of detecting a data breach, you must inform the supervisory authority.
What exactly does this mean?
Under GDPR breach notification, a personal data breach is defined as – a security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A very long-winded explanation! But in simple terms, if your business has a data breach then includes any personal data such as name, address, bank details, employee number, national insurance number. Then it must be reported to the Information Commissioners office (ICO).
There are certain caveats. You only have to report the breach if it is likely to result in the risk to the rights and freedoms of individual. If your data breach is in detriment to individuals. i.e. that may result in discrimination. Damage to reputation, financial loss, loss of confidentiality, or other economic or social disadvantage.
Now we know what the new regulation state, how do you stop your data from being breached? From a cybersecurity perspective, you need to deploy multiple levels of security to protect your business. Depending on the size of business and the type of data you hold will determine how secure you need to be. As a minimum, you must have desktop antivirus and a hardware/software firewall. This will stop 90% of the nasty stuff. However, and we have said this many times, the cyber criminals never stand still and are continually looking at ways to breach your networks.
We know that most data breaches now originate from inside your network. This could be through a virus, or malicious email or a disgruntled employee. This means, ensuring you are fully protected will help your business to maintain its reputation and keep you free of fines if you fall under the GDPR umbrella. In all cases, Unleashed, believe that by deploying a data loss prevention solution will save you the embarrassment of telling your customers you have been breached.
What is Data Loss Prevention (DLP)?
DLP is a software solution that employs a set of custom templates, designed to meet certain criteria. If that criteria is not adhered to then the file you are trying to send will be blocked from the action you are trying to complete.
For example:
- For GDPR compliance, if you try to send a list of customer details by email to your personal Hotmail account, DLP will not allow you to send the list. You will be informed and so will your IT administrator.
- Should you get infected by a virus and it tries to send your data to a command and control centre – it will be blocked and you will be informed.
- A user tries to copy data to a USB stick and it contains data that fall under the DLP criteria – it will not allow that file to be copied.
- If you try to print a customer list – DLP will block it.
In the event you do leak data, you will have an audit trail of what happened. This will then satisfy the ICO (information Commissioners Office) and you won’t get a large GDPR fine.
Does your business have GDPR Compliance?
GDPR states you must know where all your data is stored. In a large organisation this is a nightmare. DLP has a data discovery tool. This means we can search for data based on the set criteria. The tool will then tell you where all this data resides and you can then manually move it.
Benefits
- Protect your data against the insider threat
- Quickly deploy and manage your data to meet compliance
- Works with Office365 to completely protect your business against data theft
- Identify data within images – this can include scanned documents and screenshots
- Unify your cybersecurity defences and share intelligence with the business.
If you would like to more about DLP then please give us a call on 0333 240 0565 or visit our website.