Even the mention of GDPR is enough to strike dread into the hearts of business owners. With potential massive fines if an organisation suffers a data (“data” can even be someone’s email address or name) breach, how is it possible to comply with the 88 pages of this legislation which affects anyone doing business in Europe?
Identify data which falls under GDPR
It starts here really, to identify any data that if it should be lost or disclosed, could incur penalties under the law. Personal data should be only accessed on an as-needed basis, and this data then needs to be protected to minimise the chances of a data breach. The following steps outline how this can be achieved using IT:
Passwords for critical business applications should be complex (i.e. not easily guessed, with a combination of letters, numbers, and characters, and should be updated frequently. Believe it or not, most data breaches occur where passwords are something like “Passw0rd”!!
Encryption is an advanced security feature which makes it extremely difficult to access a computer in the absence of the password. Because of their portability, it is especially important to encrypt laptops, especially if they contain client data, and/or are ever taken out of the office. Thefts can and do occur, and while a stolen laptop is a major inconvenience, at least your data is secure, as it virtually inaccessible by third parties without the encryption password. The relatively small monthly cost is well worth it to avoid a potentially serious data breach.
3. Two factor authentication
Email passwords can be cracked (decoded by using software) by hackers over the internet. This can occur even if your laptop is encrypted as the data for most email also resides on the internet itself. However, implementing 2 factor authentication provides an additional layer of security; if someone logs onto your email from a new computer, the mailbox owner receives an alert to her phone with a code, and the email account cannot be accessed without entering this code. As this is included as standard with Office Exchange Online, Microsoft’s award winning email software, this feature provides tremendous protection at no extra cost!
When it comes to anti-virus software, you get what you pay for. However, an enterprise-class antivirus system with built-in firewall (to block spam and malicious hacking attempts) keeps your IT secure against most threats, and needn’t break the bank either.
5. Advanced email security features
Microsoft Exchange Online includes some additional features to offer even greater protection than is already offered as standard. This includes Advanced Threat Protection, and Data Loss Prevention.
Other areas to look out for are to ensure that you fulfil data requests from individuals whose data you hold are fulfilled in a timely manner, and bigger organisations may need to appoint a Data Protection Officer. However, at a minimum, the steps described above will maximise the chances of your data being kept safe and secure. If you have any additional concerns about GDPR and how to secure your IT, please contact us at 091 395413.
Disclaimer: This article is only intended to serve as an overview of GDPR, and is not an exhaustive overview. We advise engaging with a GDPR consultant in order to ensure full compliance with this directive.