02 Jan 2018
11 Dec 2017

2017 – The year cybercrime became the norm for business

In 2017, the cybersecurity landscape changed immeasurably after several high-profile attacks caused major disruption around the world. High profile cases can have the unintended effect of making small and medium-sized businesses believe that cybercrime isn’t something that will affect an organisation of their size. The way that cybercrime is reported in the media can incorrectly give the impression that it is only large organisations and government institutions that are targeted.

read more
Share this
24 Nov 2017
07 Sep 2017

Spread joy with your Christmas email messages not computer viruses

With the Christmas season upon us again, protect your business. Do not click on Christmas messages and links and attachments received by email unless you are totally sure of their source. You may inadvertently download a virus onto your business system. As an extra precaution do not forward or share any received Christmas emails received to your work email address without checking its source. If your organisation does not have an email policy to cover this type of issue, perhaps it’s time to implement one!

read more
Share this
23 Jun 2017

GDPR Compliance – Navigating a steep learning curve

Ensuring your business remains inline with the GDPR compliance will likely require you to implement more measures to protect and secure your data than most organisations are taking at present.

Companies must re-think how they engage with customers; information regarding what you will do with an individual’s data must now be made entirely transparent.
Regulators will have new enforcement powers and sanctions to shape how an organisation conducts its operations, and you will have to notify customers and agencies of a breach in security or confidentiality within a timeframe of 72 hours. You may also need to employ an independent data security officer too. Failure to comply will result in hefty fines.

Costly mistakes

The 2015 Information Security Breaches Survey by analysts PwC found that 90% of large UK organisations and 74% of UK SMEs reported a security breach in 2015.
This resulted in roughly £1.4 billion in regulatory fines.

If the frequency of data breaches remains at a similar level to 2015, under the GDPR, accumulative fines could reach £122 billion in 2018/19 – an increase of over 870%.

Besides the fines themselves, breaches also result in severe reputational damage and loss of revenue. When combined with these eye-watering fines, organisations that do not comply with the GDPR could find themselves in serious financial trouble.

The technological solution

There is no single ‘fix-all’ in terms of software that will guarantee complete security of your business. Instead, you should employ a set of tools and services to secure content holistically. These will need to be maintained, but can help substantially when it comes to remaining compliant with data security laws. Let’s explore what this security toolbox includes:

1. Firewalls and internet gateways

A firewall acts as a barrier between an organisation’s network of computers and the internet, allowing only inbound and outbound network traffic via authorised connections. Without this barrier, skilled cyber attackers can gain access to the sensitive information in your business.

Firewalls protect you against the threat of unauthorised access. Employing experts to manage your firewall security remotely or on-site can provide you with peace of mind that your content is safe and save you money in the long run.

2. Secure configuration

Upon their default installation, it’s unlikely your computer systems are fully secure.
Much of your hardware and software will require an additional level of configuration for maximum protection. Similarly, removing old and outdated software will reduce your software vulnerabilities – weaknesses found in a piece of software or operating system are an easy target for cyber attackers.

Managed security services take much of the IT security burden off your shoulders. Experienced consultants can work alongside you to build a solution that fits the compliance needs of your company – from securing employee emails to document access.

3. Access control

Permissions add an extra layer of security over the files your employees are accessing.
By giving out the correct permissions to accounts, workers can only access the content appropriate to their current role.
Avoid giving out administrator accounts to users just because they need access to a certain file or folder. This is important to meet GDPR compliance.

As a business grows, the need for controlling access becomes increasingly important, as does the task of managing it. A managed service provider can align your employees with the right permissions to ensure they’re only accessing the content they should be.

Download the Data Security Infograph
The Numbers driving GDPR Compliance

4. Malware Protection

Anti-virus and anti-malware products can scan your network regularly to detect and prevent potential threats. But it is your responsibility to ensure anti-malware tools are kept up to date and scanning the right files. You and your users will also need to know what to do if you are alerted to a threat in the system.

Remote monitoring services can also automate many key software updates on your systems. Managed network services ensure your system is consistently as powerful, secure and up to date as possible.

5. Software updates

Regular updates are necessary now more than ever as the pace of technology change continues to increase, meaning your software and hardware require regular maintenance to keep the system running smoothly – keeping workers productive and avoiding security vulnerabilities.

Remote monitoring services can also automate many key software updates on your systems. Managed network services ensure your system is consistently as powerful, secure and up to date as possible.

Learn more about GDPR compliance

What to expect from GDPR? Read our recent blog for more details.

Take a look at our online Business Talk Magazine for further information on GDPR. Synergy Technology is planning to hold workshops to help guide SMEs regarding GDPR. Register for our GDPR workshops today.

Share this
01 Jun 2017

What to expect from the General Data Protection Regulation (GDPR)

It’s set to be a turbulent year for data protection and security in the UK, and one that will affect the way you manage data within your organisation.

One of the biggest factors to change is the arrival of the EU’s General Data Protection Regulation (GDPR). Coming into force in May 2018. The GDPR aims to make it easier for individuals to understand how their data is handled and what it’s used for.

For businesses, this means a stricter code of conduct in terms of data protection. The new EU regulation overrides national law, meaning the GDPR will supersede the current UK Data Protection Act (DPA) that has been in place since 1998.

Getting ready for GDPR

Regardless of the effects of Brexit, UK SMEs and large organisations alike that process data regarding EU individuals will be subject to the General Data Protection Regulation (GDPR).

“Processing” of data refers to obtaining, disclosing, recording, holding, using, deleting or destroying personal information – essentially, whatever you do with information digitally inside your company.

The GDPR is subjective: it’s about the data, not the company. It’s about whether the data you handle concerns individuals residing in the EU, not whether your organisation is in the EU. Indeed, even monitoring the behaviour of an EU individual – through implementing website cookies on your site, for example – can make you liable to the GDPR.

And with monitoring features like cookies now more or less ubiquitous, companies that offer a digital service like a web app, platform or website (which is more or less every company) accessible by EU individuals must comply with the GDPR by 2018. The new regulation also voids the distinction between personal and business addresses. A marketing email that identifies a person (yourname@yourcompany.com, for instance) will require consent, and it is up to the sender to prove that consent was given.

Whether your business is B2C or B2B, the incoming changes will most likely affect you.

The GDPR is casting a much wider net when it comes to the collection, storage and use of EU citizens’ personal data. As such, you need to be more vigilant than ever when it comes to data protection. The following are five areas of focus when it comes to data protection best practice.

1. Secure the cloud

Processing data in the cloud presents a risk. The personal data which you are responsible for is not located in the known confines of your on-premises network, but instead processed in systems managed by your cloud provider. You therefore need to assess the security measures your cloud provider has in place to ensure they are appropriate.

We can advise you on your options to work within a secure digital workspace. Read more about our services provided by Citadel. Read more>>

2. Understand what you have

Given just how much data we now generate, part of keeping it secure involves understanding which information is and isn’t valuable to your company.

  • Necessary: ensure you only collect the most necessary information, as systems can quickly get overcrowded. Usage logs can help you identify content that is no longer being used.
  • Secure: it is your legal obligation to keep customer information secure. Data encryption and user training are vital parts to this – you can’t afford employees unintentionally sharing information they shouldn’t.
  • Readily available: under the GDPR, an individual can ask if your organisation holds any personal information about them, known as a ‘subject access request’. In this case, you must reply within 40 days. Make sure that your staff can recognise subject access requests and quickly find the relevant information.

 

3. Staff training

Whether intentional or not, it’s common for employees to be the main contributors to data breaches. Accidental disclosure and human error – from sending an email to the wrong recipient to opening an attachment with malware – are the main causes for breaches in personal data, according to the UK’s Information Commissioner’s Office (ICO).

By ensuring your employees acknowledge and understand their roles and responsibilities, you can greatly improve data protection across your organisation. Train your staff to make sure they understand the right and wrong places to share information regarding the company or customers.

4. The right to retain

It is good practice to review and refine the length of time you keep personal data.

Ensuring that any personal data is disposed of when no longer needed will greatly reduce the risk that it will become out of date, irrelevant or inaccurate. Always consider the purpose for which you are holding information, whether that purpose should constitute keeping hold of the information. Information that is out of date should be updated, but if it is no longer needed for this purpose, it should be securely archived or deleted.

5. Audit your activity

Unaware or inexperienced users are more prone to mistakes when it comes to keeping content secure. Running audit logs are a great way to keep on top of company content – where it’s going and who it is accessed by. By monitoring your systems and services, you can be alerted to any suspicious behaviour or activity. So, make sure this is the case in your organisation – ensure you can check what software or services are running on your network, and make sure you can identify when there is something there which shouldn’t be.

Now’s the time to be thinking of developing a traceable and transparent system for recording communication with your customers and prospects. Synergy Technology can advise you on CRM solutions and emarketing options to create a system suitable for your business. Read more >>

A wider reach than ever

The territorial reach of the GDPR is considerably broader than the UK’s current Data Protection Act. You can be subject to the GDPR if:

  • You hold data about individuals that reside in the European Union.
  • You handle data in the context of offering goods or services to an individual in the EU, or if you monitor their behaviour.

 

It is important that SMEs residing in Britain can fully identify with the current and future security of their data to ensure they don’t get caught in the increasingly wide net of data regulation. Given the associated fines, it very much pays to be educated on the details. Read our Spring edition of Business Talk to help to fully understand the implication of GDPR on your business.

This article is a guide only. To fully comply with the changes to Data Protection regulations that will be in force by May 2018, please also check the Information Comissioner’s Office (ico) website for regular updates.

Synergy Technology will be hosting GDPR workshops across the region during the next few months. To register your interest in attending a workshop please contact Synergy Technology for further information.

Share this

© 2018 Synergy Technology. All Rights Reserved

Click Me