With GDPR on the horizon, now is a good time to review your data security policy. The first step is to take a holistic look at your entire infrastructure, from how data is created or acquired to how it is valued, stored, accessed and disposed of. This includes data coming in from customers, partners and suppliers; data created within the organisation, such as presentations and reports; and data that goes out, such as invoices and proposals.
With last week’s Petya/NotPetya malware coming so soon after the Wannacry infection which affected more than 230,000 computers in over 150 countries, every organisation needs to assess their ability to cope with ransomware. That means considering a range of factors, from your patching regime to your back-up and disaster recovery provision. It only takes one user to accidentally click on an infected attachment and you could find yourself testing your DR plan!
You can imagine it now. If the world of IT security were to be played out as a pantomime today, the seeming villain of the piece would definitely be GDPR. Picture it, the face of the CISO when the crowd scream “It’s behind you!” as GDPR suddenly appears. Our hero knows that GDPR is lurking behind him but he is not quite sure a) how much of a threat it will be to him and b) exactly what he has to do to combat it.
The computer virus which affected Northern Lincolnshire and Goole NHS Foundation Trust in November is a further reminder that NHS organisations need to remain constantly on their guard against security breaches. As no ransom was demanded, it’s likely to have been a random attack, but reports suggest that 28 trusts have been hit by ransomware attacks in the last year. Additionally, the NHS was the UK’s biggest victim of data breaches in 2015 according to the Information Commissioner’s Office.