GDPR is an opportunity to bolster cyber security
Cyber security was ranked as one of the top five global risks for businesses at World Economic Forum in Davos, Switzerland in 2018. As the EU General Data Protection Regulation’s deadline has just passed, there is growing pressure on businesses worldwide to ensure that they are making cyber security a top priority.
Cyber security refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorised access.
If companies suffer a cyberattack, they stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation.
Responding to cyber threats
While larger organisations tend to have a realistic appreciation of the cyber threats they face, many small to medium-sized enterprises are vulnerable and still largely ignorant of the risks.
With GDPR, it is imperative for those enterprises to follow regulations by re-examining their cyber security strategies, which will have a beneficial impact.
Most businesses have very extensive business continuity plans. But only about one-third of companies have an incident plan to respond to a major cyberattack. By implementing a risk assessment process, businesses can be more focused on how they respond to cyberattacks, as well as preventing them.
Creating a solid cyber security foundation
The most effective strategy to mitigate and minimise the effects of a cyberattack is to build a solid foundation upon which to grow your cyber security technology stack.
Formulating an on-going effort to review information handling procedures and identifying technology gaps with a follow-up plan to reduce the risks will help businesses build a strong foundation for assessing the risk of data systems and securing the sensitive information they hold.
Where to start
Tieto Compliance Cloud, as a cloud-based service provider, has a wealth of experience in the cyber security and risk management field. As part of our work with organisations in the financial sector, we have been carrying out cyber security projects for more than four years.
A key part of these projects has been the implementation of internal procedures and practices to protect personal data and provide ‘sufficient guarantees to implement appropriate technical and organisational measures’ in such a way that processing will meet the requirements of the General Data Protection Regulation (GDPR).
Our Infrastructure as a Service (IaaS), for example, is designed using compliant security and privacy controls, demonstrated through certifications and reports, including the ISO27001 certification and Payment Card Industry Data Security Standard (PCI DSS) compliance reports.
Consultancies provided by our qualified Compliance Partners are particularly useful for organisations taking their first steps towards complying with GDPR as well as PCI DSS, ISO27001, FFFS and others.
Any questions, comments? Get in touch with me!
Further readings on the topics of cybersecurity and compliance:
More on Tieto offering: