The inevitability of data breaches is slowly becoming a common understanding for almost every organisation, and no industry is safer than another.
With serious breaches costing large firms between £600,000 and £1.15m and small firms £65,000-£115,000 every year, it’s time for businesses to start reassessing their security strategies.
To combat this issue, new EU data regulation will look to set change for the first time since 1998.
Significant changes will be made to how EU member states collect, store and use the personally identifiable information of EU citizens.
In order to try to get organisations to take Data Security more seriously and to stop these businesses from failing to reassess their security strategies, fines of up to 5% of gross turnover (not profit) or €100m will come into force if organisations are hit by a data breach. This will hopefully now act as a reason and encourage these businesses to review how they secure and manage their data.
As we move into a more digital landscape, this regulation is a step in the right direction. The changes are intended to keep up with a shift towards more data being kept in the cloud and therefore managed by a third party and off premise.
Recent research from Fujitsu found that more than one in five of us will now always use a digital service when it is offered by an organisation. Whilst this is encouraging, of the 12% of UK consumers who said they never use digital services when offered to them, the second highest reason given for this was due to ‘security concerns’.
How to keep your data in check
Immediate cyber defence is needed by organisations to lower the risk of data breaches and avoid hefty fines. There are several key actions that businesses can take to protect their data:
- What’s important to you will be important to them: The first step in protecting an organisation is ensuring you understand what information is most important to the business. Once you understand that, it will be much easier to know how you can protect it
- Focus on the threats relevant to the business: Businesses need to be proactive in identifying threats and their impact. By taking things back to a risk-based approach, identifying which threats are greater and planning for them, these companies will be in a better position to defend and protect their assets
- With information on breaches being reported and becoming public, be ready to be able to respond in a professional manner to the attention your organisation may come under, when information about the breach is known.
- Be proactive about hosting and data storage strategies – It seems inevitable that the final changes to the regulation will include measures that will affect all organisations that hold data on individuals. It means the service provider will be a data processor and must not only protect the information it handles and stores on behalf of customers, but also share the liability with them for data breaches and violations of the law
- Have a Security Incident Response process: Once a threat is detected it’s essential businesses have the ability to respond to this in a well-defined and practised manner. Effective security controls and trained personnel and a tested security incident response process are invaluable when faced with a real-life security incident
An encouraging start
At a time where security breaches are so frequent, it has never been more important for organisations to embrace digital services to protect data.
It is great to see the EU encouraging organisations to change how they manage data breaches. Hopefully, this will ensure better security protection as attackers become stealthier with their efforts.
Latest posts by Rob Norris (see all)
- Bridging the security talent gap will ensure a safer Britain - August 14, 2017
- How to train the cyber security pros of the future - April 19, 2017
- Digital and physical security should go hand-in-hand - February 28, 2017