FEATURE
remediation and repair costs, as well as
regulatory fines. the gravity of data protection and the
part every individual plays in ensuring it.
Since the introduction of the EU’s GDPR
(General Data Protection Regulation)
a year ago, protecting personal data
and the implications of a breach have
become even greater concerns. But what
puts an organisation at risk? 3. You don’t fully understand your
risk and compliance posture
There are a number of warning signs
to look out for – here are five of the
most important:
Fully understanding your organisation’s
risk posture and compliance status with
key legal and regulatory frameworks is
essential. Compliance with regulations
such as GDPR is not a foolproof way
of preventing a data breach, but it
certainly goes a long way towards
mitigating the risk.
However, if you don’t know whether you
are fully compliant or where the gaps lie,
you’re working in the dark. This is why
it’s so important to have comprehensive
visibility over your entire IT infrastructure
and to undertake gap analyses to
ascertain how compliant you are with
key data protection regulations.
4. Your policies are all style,
no substance
Five warning signs your business
is at risk of a data breach
GEMMA
GEMMA PLATT,
PLATT, MANAGING
MANAGING
EXECUTIVE
EXECUTIVE FOR
FOR VIGILANT
VIGILANT
SOFTWARE,
SOFTWARE, DETAILS
DETAILS THE
THE FIVE
FIVE
BIGGEST
BIGGEST WARNING
WARNING SIGNS
SIGNS THAT A
BUSINESS
IS AT RISK
DATA
THAT A BUSINESS
IS OF
AT A
RISK
BREACH.
OF A DATA BREACH.
Data breaches are one of the biggest
threats to modern organisations. They
can bring operations to a grinding halt,
drastically damage your reputation and
your relationship with customers, cause
severe financial losses from lost sales,
Protecting against
data breaches is not
something you can
do once a year and
then forget about.
www.intelligentciso.com
|
Issue 15
1. You have not mapped data flows
In order to effectively protect against
data breaches, you need to understand
and control how data flows throughout
your organisation. Data flow mapping
tools, which simplify how you map data
flows, can help you identify and resolve
data protection issues quickly and cost-
effectively – ultimately reducing the risk
of a breach.
2. Lack of staff awareness or
training programmes
The vast majority of cyberincidents are
due to human error and carelessness –
from the misconfiguration of a security
tool to clicking a malicious link in an
email. You can help mitigate the risk of
such incidents occurring by taking a
comprehensive, dynamic approach to
staff training and awareness.
Remember – to build a robust approach
to data protection, it needs to be
embedded in workplace culture, with
every employee aware of their role.
Your workplace culture needs to dictate
Plenty of organisations have well-
documented and carefully thought-out
data protection and cybersecurity
policies. After all, these policies are key
for demonstrating compliance with legal
and regulatory frameworks, establishing
your risk posture and understanding how
your business is organised.
However, they mean very little if
they are not enforced and backed
up by robust technical controls and
businesses processes. In other words,
your data protection policies need to
have substance.
5. Your risk assessments are
static, not dynamic
Protecting against data breaches is
not something you can do once a year
and then forget about. Even if you
have achieved compliance with every
regulatory framework you are subject to,
trained every staff member to recognise
malicious emails and deployed the latest
cybersecurity tools and technologies,
the threat landscape will continue to
evolve. You need to take a dynamic
approach to data protection and
continually examine your risk posture. u
39