GDPR Security Tips

By: Joe Morrissey, Digital & Social Media Executive

GDPR (General Data Protection Regulation) is going to replace the DPA (Data Protection Act 1998) on May 25^th 2018. (Yes, that’s next month!) It will affect any company that holds personal information about not only its clients, but its employees too. It will introduce measures that ensure the protection of this information.

We live in a world where businesses hold large amounts of personal data about their clients and employees, so GDPR is an important part of ensuring that this information is kept safe.
(To find out what ‘Personal Data’ is defined as click here).

GDPR is part of a much broader push towards ensuring businesses treat the data they hold seriously. In this blog we’re going to outline some of the ways in which businesses can adopt processes to become more robust, and to mitigate the risk of security breaches and cyber attacks.

As more and more businesses are holding valuable information both on premise and in the cloud, criminals are trying their hardest to obtain this information. Therefore, it’s vital that businesses are aware of the changes that occur in the GDPR and Cyber-Security world.

As well as understanding the changes that occur, it’s also important to implement certain measures to protect sensitive information. So, we’ve put together four helpful security tips that will help go some way to achieve this.

Be vigilant

The best thing a business can do when it comes to protecting against security breaches is to keep up to date on the various forms that cybercrime can take.

This means having a knowledge of the various tactics that are used by criminals to trick a business into giving access to sensitive information.

Malware, ransomware, viruses, and phishing attacks are just a few examples of the ways in which cyber criminals operate.

We’d recommend any business starts their cyber security journey by contacting us and speaking to our Commercial Manager Reuben who can advise on various cyber security aspects and how cyber security fits into GDPR.

The best thing a business can do when it comes to protecting against security breaches is to keep up to date on the various forms that cybercrime can take.

Back up your data regularly

Another very simple thing a business can do is to be secure is back up its data. This should be done at least daily.

Ransomware attacks are becoming increasingly prevalent. Backing up data regularly is an easy way to make any business more resilient.

Ransomware is malicious software, which when installed on a device encrypts the files. Once the encryption is complete, to retrieve and access the encrypted data a ransom must be paid to obtain a special passcode (or key), to un-encrypt the files. There’s no guarantee if the ransom is paid that access will be granted.

Regularly backing up data will mean that important information is secure and accessible in the event of a data loss or Ransomware attack.

Using a service such as that offered by Datto can protect against Ransomware. PCS offer consultancy, installation and ongoing support to businesses looking to adopt this service. From a GDPR point of view this service ticks one of the boxes in Article 32.

Be wary when using public Wifi hotspots

One of the benefits of modern technology is that it’s much easier to take work out of the office. It’s common for employees to work from home or even in cafes and restaurants. Places like McDonalds or Starbucks have free public Wifi and, though this is very convenient for those on the go, it comes with security risks.

The best defence against this is to raise awareness amongst employees and discourage the use of work devices on public internet connections. A more secure way of working is to use the hotspot internet connection from a smart phone instead.

Review your security policies regularly

As well as keeping up-to-date with cyber-security developments, it’s important to also regularly review company policies and procedures that are in place.

As an ISO27001 certified organisation, PCS can help with this by providing sample policies and procedures where necessary.

This is an important part of keeping up to speed with GDPR. In addition to maintaining security policies employees should also be made aware of their responsibilities when it comes to sensitive information or data.

These tips will go some way to making any business more secure, but extra methods and services will likely be required. Especially when preparing a business for GDPR. GDPR will affect all businesses no matter how big or small, so it’s important to start implementing responsible practices now. Practices which will help avoid data loss and successful cyber-attacks.

Meet The Author