Is the board listening? We all know that GDPR will be enforced from 25th May 2018, but is your board aware of their new privacy obligations? While there is substantial GDPR coverage in the technical press, has the message got through to senior management? Are their preparations adequate?
The FBI estimates that between the years of 2013 and 2017, US businesses were victim to loses of over 5bn USD from phishing attacks alone. It is no surprise then that phishing simulation tools and anti-phishing solutions are popular for businesses and organisations who wish to get ahead of the problem.
After facing major and publicly embarrassing data breach in 2017, Doncaster & Bassetlaw Hospitals NHS Foundation Trust has chosen wisely in Shieldox as their GDPR readiness solution in document security. Providing both document encryption, access control and tracking in both the cloud and on the desktop, Shieldox has given much needed peace-of-mind to Robin Smith, the IT security manager for Doncaster & Bassetlaw Hospitals NHS Foundation Trust.
There is no shortage of information about the GDPR out there, from the six core principles to data subjects rights to the lawful basis for processing, there is a dizzy number of changes an organisation may need to implement. Solution selling on the back of the GDPR message is a sore subject for many and for good reason. The gold mine that is the GDPR is a marketers dream gone wrong.
The GDPR (General Data Protection Regulation) is a complex beast at best, with some estimates as low as 15% of organisations being ready for May 25th. Questions and challenges are swirling around various board and meeting rooms regarding how to respond to subject access requests, how long do we retain personal data and what legal basis they have for processing...and that is just the tip of the iceberg.
Where are our sensitive documents? How many copies of them have been created? And who has access to them? Simple questions all information security professionals must ask of themselves in any organisational network.
If there is one thing that has come to define the very nature of the porous network boundary, it is the use of cloud storage to provide always-on availability to documents. With convenience abound, the only person shaking their head is the IT security practitioner who winces at the idea of sensitive content being released into an uncontrollable ether.
The guest list of the email security world, SPF (Sender Policy Framework) is an absolute must for any organisation. Easy to implement and maintain, it not only provides security in its own right but also is used in more advanced email security solutions such as DMARC (Domain-based Message Authentication, Reporting & Conformance).
If you want to guarantee the integrity of your email communications you must consider implementing DKIM or DomainKeys Identified Mail. DKIM often gets a bad rap as being too complicated to be considered as a implementable email security solution due to its raw use of asymmetric encryption. Yet, not only is it incredibly simple but when configured correctly, it can guarantee the integrity of emails between sender and recipient, transparently to both parties.
Email is the life blood of business and personal communication, something which any IT administrator would have been reminded of by panicked board members whenever their email capabilities have been interrupted. In a world where technology moves so quickly that a device older than 12 month is considered worthy of programmed obsolescence, it is amazing to think that much of our communication hinges on a protocol which was created in 1982.