ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

It’s Not Our Fault!

28th March 2017
It’s Not Our Fault!

Too many times over the last few weeks have we heard of Ransomware outbreaks on organisations who process significant amounts of sensitive data. Be that
credit card details, customer contacts ,employee records or other high-value information worth a few coins on the dark web.

Inevitably a user will click on a suspicious link, it’s going to happen, there isn’t any magical unicorn wizardry that’ll prevent an attack, it is sadly
a case of “when it happens”. An IT department’s worst day that month/year.

This is not down to lack of provisions or lack of security measures, it just down to facts, YOU WILL BE BREACHED.

Now this used to be a complete pain, granted, as most attacks in the form of Ransomware, will encrypt data and hold your company’s data in a squeeze until
the wonderful folks in IT restore from backup. But now, ok not quite now, on the 25th of May 2018 “when” a user clicks on a link that has a beautifully
sophisticated pain in the ass hiding as a payload, the folks at the GDPR will consider this a breach of data!!!!

WHY? Well, the simple fact is if you are a Collector or Processor of data, you have data! If that data then becomes encrypted, guess what? Yep, you can
no longer process or have control of it and is considered a breach. This could mean big trouble for the SMB company, as let’s face it who has a spare
10,000,000€  kicking around? Or 2% of revenue turnover, whichever is higher.

A DPO (Data Protection Officer) would have been a great idea in hindsight, expensive, but in this day and age, a DPO is equally, if not more significant,
than a Health and Safety officer. They have the ability to streamline the GDPR process with the EDPB (European Data Protection Board) making them invaluable
to an organisation in the prevention of a breach.

Fun fact, GDPR will be in place May 2018, GDPR will make examples of organisations failing to outline the cause of a breach and the security prevention
they have in place, and GDPR will be an enforcing entity that will have many organisations running around trying to prevent financial loss.

But….. I’m sure you’ll be fine!

Please contact us at ITB and discuss, in great detail with our trained GDPR specialists.

Author – Neil Raynor, Technical Director