GDPR-security

Top 5 Network Security Considerations for GDPR

Will Wood Blog

A Quick Overview

With so many businesses buzzing around trying to figure out the what/who/where/why/when around GDPR, Datasharp have been getting heavily involved in the network security aspects of this heavily enforceable change.

For the benefit of anyone who’s been living in an isolation chamber for the last 6 months, here’s the main headlines around what GDPR can mean:

  • Customer data that is not adequately protected according to the European Data Protection Board (EDPB) could lead to fines of €20 million or up to 4% of global revenue, whichever is higher, for the offending company.
  • Companies must report any data breach within 24 hours and data loss within 72 hours. Without complete visibility of company data and access points, this may not be possible. Especially with the increase in complexity, as we move from centralised data to storage on multiple endpoint devices.

There are loads more besides the above, but when it comes to network security, most businesses are very concerned about whether they can detect a breach, let alone how to remediate from that point.

Top 5 Network Security Considerations for GDPR

1. All of the below security aspects contribute to GDPR compliance and need to be reviewed:

  • Email Security
  • Access Management
  • Privileged Account Management
  • Remote/Mobile Access
  • Multifactor Authentication
  • Next Generation Firewall (NGFW)
  • Access Governance

2. Technology is great, but staff are likely the biggest threat, whether innocent or malicious.  Datasharp are able to provide behavioural threat detection to pick up on significant changes in user/device behaviour, allowing you to set thresholds around what’s ‘normal’ and what needs to be investigated/stopped in real time.

3. Get your security tested.  Penetration testing is a great way to identify any weaknesses in your defence.  It’s also a great time to get some independent thought and consultancy around best practice and understand how the threat landscape has changed since you last reviewed your security.

4. Encryption as standard.  Taking data outside of your organisation is well established as a big area of problems.  From USB sticks being found on the underground to laptops being stolen, if that data isn’t encrypted, there’s your breach!

5. Email security needs to be in place.  Don’t fall into the trap of thinking that Office365 will protect you, because that’s not it’s forte.  Many businesses will choose to block emails with potentially unsafe attachments, but we would suggest using an email security platform to ensure everything you send & receive is clean.

When asked “Does your company have a plan to prepare for GDPR?”, 97% still don’t have a complete plan in place.

GDPR-readiness

Datasharp are working closely with our customers to ensure they don’t fall victim to dangers around the new GDPR legislation.

If you are at all concerned about how this will affect your business, please get in touch for a free review of your network security.