Non-compliance regulations are tightening. Are your people and technology prepared to pay the cost?
As the recent Amazon Cloud ‘outage’ shows, it doesn’t require cyber criminals, or malware to take down a company. A human typo will also do the trick.
The same is true of data protection, with human error being the number one cause of data breaches, according to the Information Commissioner’s Office (ICO).
What Does this Regulation Change Mean for Business?
Fines already exist for breaches of General Data Protection Regulation (GDPR), but changes to this and European law will see stiffer sanctions from May 2018, meaning your organisation could be faced with fines of up to €20 million, or 4% of global turnover for the preceding financial year, albeit any fine will be made in proportion to the efforts made in implementing sound data, network security defenses and incident response.
If you want to deal seriously with the threat of GDPR breaches, it is critical that any plan covers not just technical cyber security, but training of your staff.
Limiting Human Error
Under Principle 7 of the Data Protection Act, creating the right physical and technical security will need to be backed up by robust policies from the top down. Staff must be well-trained and informed, if you are to prevent the personal data you hold being accidentally or deliberately compromised, be it via human error or for criminal gain.
Training needs to raise awareness and cover the responsibility staff have to handle and store data correctly, as well as clear guidance on how to respond effectively to any security breach.
Communication is key – it is no good having strong security measures and procedures if nobody is aware of them, or knows what action to take!
Data Security and Training
With the rise of remote access, staff also need education about the risks of phishing and ransomware (malware that can hold your data hostage, or threaten to publish it if a ransom is not paid). Staff need to understand risky user behaviour can unwittingly transfer data that could compromise your security, via use of their mobiles, tablets, or any wearable device.
Stop risky user behaviour at the source.
Our cyber security user education software company can help you to deliver both scheduled and "real time" security awareness messages, in response to detected risky behaviour.
We are delighted to announce the latest updates to our security training library of over 24 topics with the addition of our highly enjoyable and interactive "golden nugget" GDPR, POPI Act, HIPAA and UK data protection modules.
If you would like to try a free trial of our training content or run a phishing simulation using our industry leading Phish Maestro, request a trial here.