GDPR Countdown by Jezz Gobran
The last few weeks have seen some significant events, the most horrific and one I won’t touch on has been the events in Manchester, the other two are the NHS ransomware attack and the 12 month GDPR countdown.
So, the WannaCry ransomware attack, 200, 000 businesses affected globally, £230K was the ransom, at last count £51k had been raised by the criminal through this attack, not a vast sum of money given that the top 5 ransomware providers of 2015 raised over $1Billion for their efforts, not a bad return though especially when businesses could have kept it in their coffers.
So What did we Learn?
There’s the obvious, patching should be done, patch management should be in place so it isn’t missed, education and awareness throughout the business would have helped, have great backups in place, robust and practiced disaster recovery is vital, IT and security partners you can rely on, investment in security is vital to avoid these types of things happening.
The other points it highlighted was lack of control, process and policy that either wasn’t in place or wasn’t adhered to, lack of real understanding of the risks, why and where an investment should be made and what the risk tolerance of stakeholders is, not to mention the reputational damage done when it could have been easily be avoided.
This leads me on to the next significant event.
At the time of writing this there are 259 working days left until the GDPR comes into force. That’s not a lot of time, think about your own internal processes, your documentation with those whose data you have, remember it’s their data, not yours and so should be treated how you would want your own personal data treated.
If you have 5 minutes to spare a short clip (below) from Elizabeth Denham, the Information Commissioner is well worth watching, which may answer a few questions.
As always, if i-Secured can help you become more secure and compliant please don’t hesitate to get in touch.