Focus on security to meet GDPR obligations
The GDPR (General Data Protection Regulation) is coming into force on 25 May 2018, and it’s the hottest of hot topics as every business tries to clean up its data protection act in time.
But there is a danger that people are getting caught up in a tangle of administration and bureaucracy.
While you’re busy spring-cleaning your mailing lists and sending out emails asking for three different types of consent, make sure you don’t lose sight of the single most important thing to do.
This is to make your IT systems as secure as possible so that you don’t get a data breach.
Let’s face it, it’s the last thing you want anyway. But you especially don’t want to make yourself vulnerable to a cyber attack or other form of data breach because you’ve taken your eye off the ball while dealing with other parts of the GDPR legislation.
So take a moment now to check that you have the following firmly in place:
It would take a hacker less than 10 minutes to crack a simple word-based password. Make sure your staff know how to create strong passwords and have a policy of changing them regularly.
Use appropriate encryption software to protect against unauthorised access to your data. Even if cyber-criminals get hold of it, make sure they can’t use it.
All but one of the high-profile data breaches of the last two years were caused by a member of staff clicking on a phishing or fraudulent email. Make sure your staff are trained to recognise and avoid falling for suspicious communications.
And if you don’t, give John Crozier a call: 01865 598145.
For the vast majority of small businesses, especially if you are selling products and services to other businesses, if you can avoid a breach you will never hear from the Information Commission. And that is a target well worth achieving.