Securing a nuclear power plant against cybercriminals is a job for experts. The same goes for securing your company data, applications and IT infrastructure.
All your employees’ different devices, cloud developments and data security regulations make business management more complicated than ever. Innovation creates a lot of new chances, but it also implies new security risks. Security has become an expertise and a traditional firewall and basic anti-malware solution will not suffice.
The General Data Protection Regulation (GDPR) is a regulation that will be enforced over the entire EU starting in 2018. It forces (private and public) organizations to communicate data leaks of any kind within a certain timeframe from when the leak has occurred. Privacy and data will be protected by a unifying law. Breaches of this regulation can be punished by penalties up to 20,000,000 EUR or 4% of the total worldwide annual turnover.
Historically security has been appointed to the IT department. But due to the new legislation proposals accountability now lies with general management. This makes security not only a technical topic, but it has consequences for the entire organization.
Firstly set up a security plan that defines your goal. Too often a problem has to be encountered first before the technological measures are taken. When clear goals are set, it becomes possible to focus on current and future situations and requirements.
We frequently find passwords or other sensitive documents lying around on company desks. This also qualifies as a security risk. Most data leaks are caused unintentionally by employees. If the workforce is unaware of potential security risks, technological measures will lose their usefulness. That is why you should inform your colleagues of the fact that they too could be a security liability.
Technology is not goal of its own, but more a facilitator to achieve your goal. Technology needs to be able to establish whether malicious malware has entered the system or prevent sensitive data to be lost via mail, web or otherwise. Furthermore we find more and more solutions that inform employees when they leak data, which helps to create awareness.
Management needs to make sure that everything that he is responsible for is documented and stored. This documentation contains an overview of the associated parties, like affiliates or subsidiaries. All third parties with contractual agreements need to be documented properly, since management will be held responsible for everything that will be performed in his name by service providers, consultants etc.