In a typical small and medium–sized business, a lot of confidential data are stored on flash drives.
If a flash drive becomes lost or stolen, that confidential data is at risk of falling into the wrong hands. It is an obligation to report this incident to the data protection officer.
However, without any proper paper trail that the data is encrypted, a fine is still in order. DWS is able to help provide a Safe Console that enables you to access, lock and remove data without resulting in a fine. It’s the perfect paper trail, with no hassle or installation.
DWS are here to help
Minimising access to only those with legitimate need to access personal data is another key part of GDPR.
For example, passwords need to be strong authenticated passwords to avoid unauthorised access to sensitive resources or perpetrate a full-blown breach.
Furthermore, access Policy Management serves a vital function; protecting user identities and ensuring data is only accessed for legitimate purposes.
This enables the documentation and control of user transactions to ensure they are role appropriate.
Lastly, evolving business needs around mobile devices and cloud applications create new access control considerations, such as, protecting data which fit around the access of employees, customers and partners.
The recent revenue from cyber–crime, not to mention its potential for state–sponsored terrorism, ensures a level of resource and innovation that can be hard for any individual company, or even national government, to match the evolving threat landscape.
Part of the problem comes from the way cyber security has evolved. For example, on the discovery of each new attack, another security solution needs to be implemented. This is not only hard to manage but can easily lead to gaps and inconsistencies in the response to new threats.
The adoption of trends such as mobility, cloud computing, and the Internet of Things all expand the effective attack surface, exposing new vulnerabilities and eroding the traditional concept of a network border. Any solution worthy of the term, ‘State of the Art’, will not only need to overcome the above challenges but continually adapt to changes in the usage of technology in the evolving threat landscape.
To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimize both the number of network intrusions and their time to detection.
DWS can offer multiple products that can fill all key components of the security infrastructure.
For example, anti–virus, hardware and software, applications, access
management, and much more.
The first challenge to the GDPR’s breach notification requirement is to detect when a qualifying breach has taken place and determine which assets might be at risk. Almost by definition, any successful external security breach must have either evaded detection entirely
or was not detected quickly enough. This means it either exploited an attack mechanism unlike any previously encountered, or the flags that it did raise were missed. In 2016, the average time taken for an organization to become aware of a typical breach was almost five
months! Fortunately, the GDPR 72–hour notification window opens at the moment of detection, not the moment of intrusion. Since it is clearly impossible to detect the undetectable, security administrators should accept and prepare for the inevitable,
occasional intrusion while striving to minimize such occurrences and hasten their detection through every means possible. As previously noted, the GDPR does not require notification for all security breaches, only those that present a risk to the rights of individuals.
In the moment of a breach, please try and contact DWS, as we work proactively with organizations to help your situation to ensure it is handled effectively and immediately.
A strategy will be defined, and the appropriate technology around that strategy will ensure that proper incident management procedures are followed, the right stakeholders are alerted and actively involved, documentation is captured throughout the investigation, and remediation processes are followed to ensure proper reporting post–mortem. Remember, the full process of identifying, reporting, and resolving the breach must be completed within 72 hours.
Network Security Monitoring
Did you know that the average cyber attack goes undetected for 99 days? Our network security team will watch your systems, quickly identify attacks against your company, and mitigate any damage done by hackers who slip by your defenses.