Issue link:

Contents of this Issue


Page 1 of 3

SUMMER 2017 SECURITY SMART 2 What You Need to Know about GDPR If you work for an organization that deals with companies based in the European Union, it's time to get familiar with these letters: GDPR. The General Data Protec- tion Regulation requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Companies must show compliance by May 25, 2018, and while putting the necessary processes and systems in place will be a challenge, noncompliance could cost them dearly. Which companies will the GDPR involve? Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR. The provisions are consistent across all 28 EU member states, so companies have just one standard to meet within the EU. However, that standard is quite high, and most companies will have to make a large investment in order to meet it. Who within a company will be responsible for compliance? The GDPR defines several roles that are responsible for ensuring compliance: data controller, data processor and the data pro- tection officer. The data controller defines how personal data is processed and the purposes for which it is processed. The controller is also responsible for making sure that outside contractors comply. Data processors may be the internal groups that maintain and process personal data records or any outsourcing firm that performs all or part of those activities. The GDPR holds processors liable for breaches or noncompliance. It's possible, then, that both your company and processing partner such as a cloud provider will be liable for penalties. What types of privacy data does the GDPR protect? Basic identity information such as name, address and ID numbers; web data such as location, IP address, cookie data and RFID tags; and health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation. Which GDPR requirements will affect my organization? The GDPR is expected to set a new standard for consumer rights regard- ing their data. Companies that need to comply with GDPR will have to change the way they process, store and protect customers' personal data. That data must also be portable from one company to another, and compa- nies must erase it upon request. Companies must report data breach- es to supervisory authorities and indi- viduals affected by a breach within 72 hours of detection. Impact assessments must be performed to help mitigate the risk of breaches by identifying vulner- abilities and how to address them. For more information, visit How to Avoid a Ransomware Attack R ANSOMWARE OUTBREAKS have been making international headlines recently, in particular the attack on the UK's National Heath Service in May and a large-scale attack in June that affected Ukraine's government and business systems as well as the Danish shipping company Maersk and U.S. phar- maceutical giant Merck. Ransomware is malicious software that blocks access to data and threatens to dis- seminate or delete it unless money is paid to the perpetrators. Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015, according to a report by Cybersecu- rity Ventures, a researcher and publisher covering the global cyber economy. New privacy rules in the EU will affect businesses everywhere Losing access to any files, whether they contain your daughter's graduation photos or your company's marketing materials, is something you never want to experience. Here's how to keep it from happening to you: ■ Make regular backups of any and all files you can't afford to lose. Don't assume that cloud backups or cloud storage are immune from ransomware: Many services sync files with those on your hard drive and could well overwrite unencrypted files with the newer en- crypted ones. The best plan is to make multiple backups, which includes copies on hard drives or any media not con- nected to a computer or the internet. A portable USB hard drive is ideal. ■ Keep your antivirus and internet security software up to date and ensure you are using software that can protect against all types of malware, including ransomware. ■ Be vigilant about which email at- tachments you open and links you click. Ransomware usually relies on human vulnerabilities rather than weak- nesses in security software. Even if an email or attachment is from a person you know, or a service provider you use, double-check that it is genuine. If in doubt, don't open the email, let alone open an attachment or click on a link. Err on the side of caution, and let your IT department know about any suspi- cious email you receive. For more information on staying safe online here at BSU or at home, contact

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Summer2017_Bridgewater