GDPR is coming
and there's nowhere
GDPR is coming
and there's nowhere
Mindful of EU’s data protection rules, businesses are beefing up cyber security
When Mark Zuckerberg, co-founder of Facebook, faced up to Congress earlier this month, he thought the European Union’s data protection regulations were a good idea, according to technology site Recode.
He was speaking, of course, after a major breach of data was discovered for millions of Facebook’s users. But his point about the General Data Protection Regulation (GDPR) is an important one for many businesses around the world that work with personal data.
The GDPR is the most significant regulation in recent years. When it starts being enforced in May 2018, it will affect all businesses dealing with residents in the EU.
This includes outfits big and small, including those that are based outside of the region but handle the data that its residents provide online. An online retailer that ships to the EU or a manufacturer that deals with EU distributors are two examples.
Failing to protect users’ sensitive information adequately could result in fines of up to 4 per cent of the turnover of an offending business, or €20 million, whichever is higher.
Also spelt out is the need to have data protection by design and by default. This means the personal data is used only for the specific purpose that it is given for.
In the event of a data breach, a business must notify its users, especially if it involves sensitive information. With these concerns in mind, businesses s have to consider how data is being safeguarded, as well as defended against threats from multiple vectors.
How can a business get up to speed to ensure that it is on the right side of GDPR rules? Here are four immediate areas of concern:
1. The threat from mobile devices
Much of today’s cyber threat comes from personal mobile devices that users hold in their hands. In the age of BYOD (bring your own device), many businesses have enabled users to receive e-mail and other corporate information on the go.
However, proper management of these devices is critical.. Through mobile device management tools and mobile threat defences, businesses can have better visibility of the data that goes through mobile devices. They should be able to remotely wipe a device that is lost or remove access to corporate apps that are sensitive, for example.
2. Looking after your Web servers
Facing the public, Web servers are prime targets for many cyber attackers. A Web application firewall (WAF) is still an important part of the overall protection against online threats, by protecting data residing in the Web servers. They ensure this data is not easily stolen while users interact and transact with the business.
3. Preventing data loss
This involves sophisticated data loss prevention (DLP) tools. They enable a business to analyse the content of the data transmitted, used or stored in any IT system that processes the data. From here, the system can determine if it is personal data that has to be protected, while allowing unrestricted flow of other data.
With real-time controls and centrally managed functionality, DLP is an important component to combating data loss. It allows a business to have privacy by design, by monitoring and controlling personal data across the IT infrastructure.
4. Securing your database
Databases are key to businesses today, because they are accessed by apps and many other digital services to connect to customers. A database firewall helps discover and classify sensitive data. It also assesses if the database is vulnerable to attacks, while monitoring access of this data from users.
The database firewall makes use of machine learning to dynamically learn users’ normal data access patterns and identities potential issues to prevent a data breach before it occurs.
With cyber security tools now available to businesses to better protect their customer data, they can more readily tackle the compliance challenges that GDPR brings.
More than that, as regulators around the world consider more stringent data protection rules, it is always important to be prepared to better protect one’s customer data.
Are enterprises ready for Singapore Cyber Security Bill?
Singapore has witnessed its fair share of cyber attacks over the past few years. With the passing of Singapore Cyber Security Bill, is it sufficient to secure the enterprises? Find out more.
In Cybersecurity, a battle of bots
Will 2018 shape up to be a battle of the bots as both attackers and defenders become more sophisticated?
Changing the game with cyber threat Intelligence
Enterprises are moving towards a more predictive and proactive approach on cyber security to counter the onslaught of attacks. Find out how CTI transform your cyber strategies.