[BreachExchange] “Safe from harm” - Data protection and network security made easy for businesses

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 15 21:50:16 EDT 2018


Hard-pressed decision-makers within fast growth businesses typically focus
on building a strategic vision and creating working cultures that support
creativity, innovation, profitability and competitive edge. They want to
drive growth by establishing incremental revenue streams and driving up
margins, while keeping operational costs and overheads to a minimum.

Issues around security, data protection and business continuity have also
historically been seen as critically important. However, they have not
always been prioritised by expanding businesses who see establishing a
strong position in their chosen marketplace as a more urgent concern.

Failing to counter these threats has never been a viable option for these
organisations. This is even more true given the current environment where
their importance has been highlighted by the advent of GDPR and the recent
growth in the cybersecurity threats facing organisations, including
ransomware and cryptomining.

Data protection is key

What these issues have in common, of course, is they all underline the need
for businesses to better protect the data they hold. In the case of GDPR,
it is typically other people’s data that is the key focus. Even today, many
organisations are still ignoring it and hoping it will go away.
Unfortunately, it won’t. Organisations need to have a best practice culture
in place when it comes to managing and protecting the personally
identifiable information they hold. A significant part of that will come
down to the processes and procedures that the organisation itself puts in
place to ensure that data is protected, but technology can and should play
a key protecting role.

Even with GDPR continuing to make the headlines today, it’s important to
highlight that the network security, business continuity and data
protection issues that most organisations face extend far beyond GDPR alone.

Network security is clearly one of the most important areas any business is
likely to face today. As well as the obvious extreme case disasters that
can affect the business there are also more ‘run of the mill’ every day
occurrences that can leave an organisation’s business data at risk of being
inaccessible for a long period of time, and in the worst cases, forever.
System malfunction, employee misconduct or external threats can all cause a
security breach. Spam-based attacks and threats from hackers are evolving
and becoming more sophisticated all the time.

Every organisation should be aware, that it may need to put a disaster
recovery approach in place if it becomes the victim of a security breach.
In May 2017, for example, the NHS announced that it had been a victim of a
global cyber-attack, which affected more than 300,000 computers across the
world. The attack, caused by a ransomware known as WannaCry, locked
healthcare professionals across the UK out of their computer systems by
encrypting important patient data and demanding a cash ransom in order to
access the computer system.

Its seriousness highlighted the need for organisations to have disaster
recovery plans in place to ensure they are fully equipped to deal with
potential cyber-attacks in the future.

Any short or prolonged period of uncertainty can result in real damage to
an organisation’s reputation and lead to a lack of productivity and
increased costs. This can seriously restrict the organisation’s ability to
keep on top of customer expectations and respond to growing business

Closely linked to disaster recovery is the whole area of business
continuity. Unforeseen disasters can, after all, have serious consequences
for any business and their staff. That’s why it is important for every
organisation to have in place a continuity programme that allows their
employees to continue working whatever the circumstances. Any loss of
productivity can impact immediately, and, depending on its seriousness,
could even put the future trading of the organisation at risk.

Finding a way forward

The issues of network security and data protection are so interlinked that
most businesses tend to see them as a common challenge. Yet, with their
focus squarely on innovation, expansion and cost control, these issues tend
to be put on the back burner by businesses as they grow.

This is why those businesses that are still ignoring the upcoming deadline
for GDPR probably have a head in the sand approach to business continuity
and disaster recovery too.  Often too, there is the perception that they do
not have either the time, money or resources to deal with the issue. Senior
management are focused on the core business, they often have little funds
spare to spend on anything other than their strategic goals and they
typically will lack the necessary resources to even consider managing IT

For this reason managed IT services approach might be an attractive
proposition for them. It gives them the opportunity to put their IT
operations in the hands of specialists and experts who can help them to
protect their business from cyber-attacks; ensure data is safe and secure
and prevent embarrassing security breaches. For only a few pounds per
month, per user, companies can encrypt their cloud based email and ensure
this and their data is suitably backed-up – helping guard both against
non-compliance and protect their data from cybercrime and/or loss through a
fire or other natural disaster.

Businesses need to weigh these benefits up against the risks of not doing
anything or trying to manage the IT process themselves and then falling
short of the mark. Fines for non-compliance with the GDPR regulation could
be up to €20 million, or 4per cent annual global turnover – whichever is
higher – and a data breach or major loss through flood or fire could result
in a long period of downtime and therefore prove just as disastrous to the
business. In fact, smaller firms don’t recover at all from a catastrophic
data loss, with many failing to remain in business more than one year after
such an event.

Fortunately, there is an alternative. By pursuing an IT managed services
approach, companies can employ a ‘win, win’ strategy – finding a suitable,
affordable solution for all their data security and integrity, GDPR
compliance, business continuity needs. It’s a compelling proposition and
for many growing businesses today, an approach whose benefits are too
attractive to ignore.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180515/c6b706b4/attachment.html>

More information about the BreachExchange mailing list