Employee Shields against Cyber Attacks
Protecting data from misuse requires continuous review of business practices as well as supporting technology tools.
The current 7th Data Protection Principle will be replicated in the GDPR and will require an organisation to have appropriate technical and organisational measures in place to prevent personal data being damaged, lost or stolen. This will include the need to ensure proportionate cyber security processes are in place due to increasing cyber attacks.
Cyber attacks are now a regular occurrence and most organisations are realistic enough to look at a “when and not if” scenario. Whilst technology solutions may minimise impact, this needs to be combined with a “cyber aware” culture amongst employees.
Employees have the potential to inadvertently damage systems by their actions if they are unaware of risk areas and therefore clear instructions on the use of company systems should be communicated regularly.
> Review Electronic Communications, Home and Remote Working and BYOD practices and policies and plan these into your data protection compliance timetable.
> Educate employees on the use of systems and information to maximise compliance and reduce risks from cyber attacks. This will provide positive indicators to business partners that the security of their data is of paramount importance.
> Employment contracts should be reviewed to ensure that express terms provide clarity to employees of the importance of compliance and the consequences of non compliance. Failures to follow data housekeeping should be dealt with in the same way that a failure to take care of physical property is dealt with.
> Carry out a mock cyber attack to test employee responses in a safe environment
We work closely with Navigant, a specialist global professional services firm that helps companies protect their business interests and manage cyber security risk. Click here to find out more about the services offered.