This week’s Knowledge Update talks about why GDPR compliance is a requirement for SME’s, Dow Jones leaving 2m customer records hanging out on an unsecure AWS repo and firms struggling to keep up with more sophisticated phishing scams.
Data protection: Why GDPR compliance is a requirement for SMEs
Information Commissioner Elizabeth Denham addressed boards and executives on the topic of the GDPR, “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance.”
These demands relate to SMEs as much as large organisations. Accrediting your business to Cyber Essentials or Cyber Essentials Plus will help secure your data.
You can also read more here.
Dow Jones leaves 2m customer records hanging out on unsecure AWS repo
Dow Jones, the American publishing and financial information company, has joined a long list of companies which have left a customer database viewable by anyone on the web.
Businesses should conduct internal audits and highlight what data they control and where that data is stored or available; sensitive data should always be encrypted and regular secure backups should be deployed.
Firms struggling to keep up with ever more sophisticated phishing scams
Companies are bombarded with phishing scams every day. In a recent survey of more than 500 cyber security professionals across the world, 76% reported that their organisation fell victim to a phishing attack in 2016. Even more worryingly, phishing attacks are now the most popular way of delivering ransomware onto an organisation’s network.
Staff should be made aware of the threats posed from phishing through training and awareness sessions. Policies in regard to acceptable use of computer equipment, handling data and payment processes should be implemented and adhered to.
Prevention advice for phishing can be found here.