Data breaches on the rise. Are you protected?
Hardly a week goes by without another massive data breach reported by a major company.
Recently, it was Uber’s turn to admit that they had been the victim of a data theft affecting 57 million users and drivers. To make matters worse, Uber tried to cover up the loss of data by paying a $100,000 ransom to the hackers in order to have the data deleted.
A tidal wave of data theft
The relentless stories of companies losing data are unlikely to stop in 2018. Hackers recognise the immense value that lies behind the flimsiest of doors, and they know that digital crimes can be committed cleanly, from the comfort of your own home. And the tools required to commit these digital crimes are not complicated or difficult to obtain. Anyone with a browser can buy hacking tools and start using them in a few minutes.
While the hackers seek an easy payday, organisations are providing too many opportunities, and failing to properly secure their precious data. Many of the data breaches reported in 2017 were the result of unpatched software and known vulnerabilities. And many more relied on human error – or disgruntled employees – to gain access.
Securing your data and complying with GDPR
How can organisations remain protected against this wide array of threats?
It’s an important question, because the new regulations surrounding data protection in the UK (GDPR) come into effect in May, and from that date, organisations will have greater responsibilities, and will face tougher penalties for failing to safeguard personal data.
Indeed, one of the stipulations of the regulation is that companies must take all proportionate steps to protect data. If you manage lots of sensitive data, then you will be expected to invest more in security. Even basic information, such as names and email addresses, are covered by GDPR.
A solid approach data security should cover a number of factors, including:
- Hardware – ensuring you have no vulnerabilities in your physical infrastructure
- Software – making sure programs are updated, and that you use adequate tools for monitoring data movements and user privileges
- Training – so your teams understand how to keep data secure
- Processes – good data security should be part of how you work
- Reporting – you should understand what data you hold, why you hold it and how you protect it.
Keeping data safe is no easy task. At times it can feel like to trying to make tea in a sieve.
But with GDPR coming into force, organisations are obliged to do everything in their power to protect the data they hold. Now is the perfect time to start tightening up the processes, systems and infrastructure required to keep your data secure.