Massive data breaches have become more and more frequent. Only in the last few weeks HBO became a main target with the leak of their hit TV series Game of Thrones. But even with these headline-grabbing data breach incidents, many organisations still fail to fully understand the importance of GDPR and infrastructure security. Many are severely underestimating the impact this could have, both directly on them and on customers.
So, why do data breaches happen?
It’s simple. More and more security implementations are needed but many companies don’t have the skills or tools to keep up-to-date. A survey taken back in February by The Centre Of Cyber Security And Education shows 66% - yes 66% - of UK companies don’t have enough cyber security tools or personnel to meet their security needs. And it’s impacting economic security.
The UK Government has committed to update and strengthen the General Data Regulation Protection (GDPR) laws. This could resolve the current issues. But if companies fail to meet these new requirements, the financial consequences could be dire, because the fines are large.
Organisations have been warned that if they fail to take measures to protect themselves from cyber-attacks with recommended procedures or tools then they could face fines . These could be up to £17 million or 4% of their global turnover, depending on which is higher. That’s a lot of money to lose for not keeping your infrastructure and networks secure!
Getting ready for GDPR infrastructure security initiatives
Firstly, get the basics covered. Make sure your desktop machines are password-protected and have anti-virus installed. And most importantly, as we saw with the WannaCry incident, make sure they’re up-to-date with the latest Microsoft patches. This includes any application that you may have on your desktops.
For larger solutions, such as servers and networking, I’d recommend again making sure these are up-to-date and configured correctly. There are tools that can also help you prevent a data breach such as IPS (Intrusion Prevention System). Tools like these are clever. They have a database of known attacks and can prevent them before they get to your network. DLP (Data Loss Prevention) software can also detect possible data breaches. And with inbuilt alerts you or a team member can quickly investigate.
It’s worth noting, the GDPR laws don’t only affect machines. They also cover other cyber threats. These include power or hardware failures, as well as, environmental hazards. So, having a facility that can protect you against these too is critical.
It’s likely that the financial penalties will only be used as a last resort. However, it’s the last thing you’ll want to deal with if your company has experienced a significant cyber-attack. Incidentally, companies that are taking proper security measures and assessing their risks but do unfortunately become a victim will not be required to pay these penalties.
GDPR Infrastructure Security: Next Steps
There is still time before this new proposal comes into force in May next year. However, it’s vitally important that the suggested methods above are in place now to help protect and secure yours and your customers’ data.
As the saying goes “It’s better to be safe than sorry”.