Are you aware of the GDPR General Data Protection Regulation?

The General Data Protection Regulation (GDPR) significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations.

Get aware and Get prepared.

Here are some short videos explaining what your organisation needs to do to achieve compliance.

 

Between now and May 2018, we will be sending more updates to our clients on this very important regulation. 

Further information is given below.

Please contact us in the meantime,  if you need further information.


The GDPR is upon us! Well, almost…

If your organization serves customers or individuals in the European Union, you’re likely already aware of the General Data Protection Regulation (GDPR). Introduced in response to concerns about data privacy, the GDPR will go into effect on May 25, 2018, requiring responsibility and accountability for every organization that processes the personal data of individuals in the EU. In today’s global economy, that includes the vast majority of enterprises and a large proportion of smaller businesses as well. The extensive requirements of the GDPR—and the high cost of non-compliance—make preparing for this new regulation a top priority for today’s organizations.

GDPR Basics

The first thing to understand about the GDPR is to whom it applies and what it covers. The regulation refers to both “controllers” and “processors” of data—in other words, any organization within the EU and any organization that stores, handles, or processes personal data of EU residents in any way. Personal data is defined quite broadly to include not only information provided by the individual, but also observed data such as online identifiers, browsing history or social media posts; data derived through straightforward processing such as previous transactional history; and data inferred through more complex processing. Given this, companies need to be extremely thoughtful about the handling of any data they collect.

The GDPR is all about accountability and governance. Companies must take steps to minimize the risk of breaches and uphold the protection of personal data, ensuring compliance through documented technical and organizational security measures.

Penalties

If GDPR compliance seems onerous, consider the alternative: organizations that fall short of GDPR requirements can face stiff penalties on a two-tier fine structure. A lack of compliance can bring a penalty of €10 million, or 2 percent of global revenue, whichever is greater.  Companies that violate the rights and freedoms of their data subjects—including those that fall victim to hacking and other breaches of personal data—are subject to twice that penalty. Add this to the already-considerable set of risks associated with a data breach.

Incident Response

In addition, under the GDPR, organizations will now have a 72-hour breach notification obligation. This applies to more than just the loss of personal data; any breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to personal data must be disclosed within the mandated time period. This requirement will cause many companies to mature rapidly their data incident response programs.

Additional Rights

Beyond new penalties, security requirements and incident response obligations, the GDPR extends additional rights to individuals in the EU, including the right to be informed about the use of their personal data, the right to have access, to erase and transfer their personal data.

Trust

At its core, the GDPR is about TRUST. It is about companies handling the personal data of their customers, partners and employees with care and respect. As a supplier of IT systems and services that helps Irish businesses, GDK's relationship with its customers is built on trust. GDK views GDPR as an opportunity to reinforce that relationship, and GDK is relentlessly focused on helping our customers secure all of their data, and supporting our customers’ GDPR compliance programs.

Between now and May 2018, we will be sending more updates to our clients on this very important regulation.

Please contact us in the meantime,  if you need further information.

CyberSecurity: Why your organisation needs to Get Wise to the New Threat Landscape

The CyberSecurity landscape changes every day, with new actors, new threats, new schemes, and new ways to infiltrate websites, emails, devices, and almost anything that is connected to the internet. We’re constantly reading about the rise of spear phishing, DDoS attacks, global malware threats, ransomware, CEO fraud, and more.

Screen 022.png

Despite all of the attention that CyberSecurity is receiving, there is still a widely held belief in the small- to medium-sized business or organization (SMB) that cyberattacks happen to someone else - the “Ostrich Effect”

Apparently, this is something that is prevalent in humans; it is our natural instinct to avoid unpleasant or difficult news or situations. Unfortunately, hiding from a problem doesn’t make it go away. It just continues without you, delaying the inevitable.

This is the state of CyberSecurity in the SMB market today. The threat exists. It’s real. It’s growing. It is not going away, and if we continue to bury our heads in the sand, it is going to get much worse. 

Ransomware as a Service or RaaS is a direct threat to SMBs

ransom.png

SMBs should be aware that Ransomware as a Service (RaaS) can be used by anyone with the desire to commit cyberextortion and this has changed the threat landscape. SMB's are now at more risk than ever before.
Consider these statistics:

  1. Cybercrime is expected to cost the world over $6 trillion USD by 2021.
  2. SMBs are under attack as cybercriminals understand SMBs have fewer resources and far less protection than larger entities.
  3. Half of all cyberattacks are against SMBs.
  4. Ostrich Effect statistics: 77% of SMBs say their companies are safe from cyberattacks, yet 83% of them have no formal cybersecurity plan.
  5. 6 out of 10 SMBs do not have a contingency plan should they undergo a cyberattack.
  6. 66% of SMBs say they are not worried about a cyberattack.
  7. Most SMBs do not have policies in place to provide procedures for employees in the case of an attack.
  8. While most small businesses feel that they have adequate protection for themselves and their customers, Visa, Inc. reports that SMBs represent over 90% of payment data breaches.  
  9. Most small businesses do not have any cybersecurity training in place for their employees, while 83% of breaches are caused by untrained employees being duped by phishing and spear phishing activities.

Being Proactive is the Way to Defend against Cyberattacks

datarisk.jpg

While the news on the CyberSecurity front is daunting, SMBs with a proactive plan of protection are far less likely to suffer a breach. When considering a plan for protection, these four areas should be reviewed:

  1. Risk Assessment—it is critical to know what data is at risk, where it is, and how to protect it.
  2. Risk Remediation—have a process to remove/back up/encrypt data to bring to “clean state.”
  3. Protection—utilize advanced technologies to secure a safe environment for your business and your customers.
  4. Education—instigate employee CyberSecurity awareness training.

A proactive approach to protection is the key to being safe for most businesses and organisations, whatever their size.

Remember,
if you are connected to the Internet,
you must be protected!

If you would like us to assist, please Ring us now 01-2166 970 or click here to send us a form.

11 Tips on Internet Security

In recent times, the GDK Helpdesk has experienced a significant rise in Internet threats and in particular with Ransomeware such as Cryptolocker and Xepto. In most cases the solution to this problem was to restore from the last known good backup. GDK are taking this opportunity to remind our clients and our contacts of some of the best practices in relation to Internet and eMail usage. We are also making some suggestions below in relation to the Multi layered security approach that is now required to ensure a successful IT business continuity Plan.

  1. Use a Managed Antivirus product & and ensure it is active and up to date on your Servers, workstations, PC's and Tablets.
  2. Be careful of opening  emails from both known and unknown sources that look suspicious.
  3. Think twice and remain critical when opening attachments in e-mails or files downloaded from the Internet.
    Ask yourself if you trust the source and if they would send you this type of Email in the first place. Email addresses from the sender may be fabricated to look like yours.
    Never click links in emails or texts that seem to come from your bank, the Revenue or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.
  4. Be cautious with your passwords; don't use personal names, don't share them, make them difficult to break, use complex passwords. Implement a password change policy.
  5. Avoid using the internet to access your sensitive data in cafes or public places.
  6. Never leave your devices unattended.
  7.  Keep all software applications up-to-date with the latest patches including Microsoft Operating Systems
  8. Disable Java on your browser.
  9. Nothing is free. Be particularly careful of the source for free apps or software.  
  10. Don’t trust anything on the internet (even legitimate Web sites could end up delivering malware).  
  11. Back up your Data on all devices– not just your computer, but also your phone and your tablet ideally in both a local and cloud destination. Test the restore capabilities on a regular basis

What should Business Clients do?

  • Implement a robust data recovery procedure
  • Implement a multi layered security approach that would include:
    • Mail Protection (Includes anti-spam)
    • Server & Work Station Antivirus with up to date bit patterns
    • Implement a Workstation Management Policy which manages the Patch updating from all software applications.
    • Implement Web Protection on all workstations to avoid access to known malware internet sites
    • Insist on Firewall protection with additional security at the gateway for Antivirus, Anti Spyware and Intrusion prevention.
    • Configure your firewall to ensure remote users are who they say they are.

Call GDK for further information and how we have successfully implemented our Business IT Care plan for many clients.