How is ransomware connected to GDPR? Harshini Carey explains
The world is still reeling from the recent WannaCry attack. The horrid virus popped up a few weeks ago and spread like wildfire, targeting both individuals and bigger organisations such as the NHS. The personal data of hundreds – if not thousands – of patients was taken hostage, causing disruptions to the NHS and its innocent patients.
How is this connected to the GDPR? Firstly, it’s a stark reminder that personal data is both valuable and vulnerable. Hackers will continue to target our personal data as long as it results in financial gain for them. As for the vulnerability, WannaCry evolved in the space of just two days, making the initial kill switch ineffective. We need to be constantly on guard, ready to evolve and up our security.
Secondly, it shows just how far many organisation are from taking proper precaution when it comes to data and sensitive information. When we look at all the media coverage that the GDPR has been getting, the bottom line always seems to be this: How can we avoid being subject to massive fines? There lies the real problem. Too many companies seem to view the GDPR as only a tool for the government to punish organisations, whereas it should be celebrated as a means of regulating data protection, which is what it essentially is.
The sooner organisations stop viewing the GDPR as a set of boxes that need to be ticked to avoid fines, and start looking at how they can use it to establish safer processes, the better. The key term is continual compliance. The GDPR isn’t just some benchmark to be met on the day it comes into effect – and sporadically thereafter. It’s a regulation, meaning you will have to keep on complying with it from now on. The only way to ensure continual compliance with it is by establishing the right processes now and making them a part of your organisation.
Overview Is Everything
So, how do you incorporate the right processes to ensure proper information security management and data protection? The key is overview. You need to have a clear overview of all your necessary processes: who’s involved in each process, and what stage they’re at.
One of the best ways to do this is to carry out a gap analysis. Figure out where you stand in relation to security standards such as the GDPR, and which areas you need to improve in order to be fully compliant. It’s best that you don’t view this as an annual job to be carried out by an external consultant, but rather invest in a tool that allows you more control and better understanding of your organisation’s compliance.
Information security management and data protection need to be a part of any organisation’s foundation: it should seep into every aspect and function of an organisation. Only then, does data have a chance of truly being safe – and your company fully compliant with the GDPR.
Neupart Launch GDPR Breakfast Discussions
Are you wondering how best to organise your IT risk management project? Or maybe you’re still trying to understand how the GDPR will affect your data breach management procedure?
Join Neupart for a morning of information security and risk management insight. During the meeting industry experts will discuss the risk management process so that you can better understand, and avoid, the pitfalls in IT risk management. There will also be demonstrations of how to practically implement the EU Data Protection Regulation and how to ensure continual compliance with the GDPR after the initial implementation phase.
These meetings are free and suitable for anyone working within Risk Management, Compliance Management, Data Protection and related fields.
- June 14, 2017, 08:45-11:30 – London
- June 15, 2017, 08:45-11:30 – Manchester