For many companies that must comply with these legislations, the best way to prepare is to implement a solid data protection strategy that guards against loss of data whether through malicious or accidental methods.
Creating a data protection strategy can be a daunting process, especially if it hasn’t previously been a focus area for an organisation. A solid data protection strategy isn’t built in a day. While many of the data breaches today are due to hackers or malware, a considerable percentage of data breaches are caused by unintended disclosure. Protection against such threats is a great place to begin and Sophos recommends three steps to achieve it.
Stop hacking and malware
Malicious attacks that employ data-stealing malware are a major cause of data breaches. Firewalls stop threats at the door before they can penetrate your network, and stop them from spreading inside the network.
- Next-generation endpoint protection keeps your endpoint devices safe from data-stealing attacks with anti-malware, anti-exploit and anti-ransomware protection.
- Server protection secures your servers against advanced malware threats including ransomware, keeping your organisation's most sensitive data protected.
Secure devices even if lost or stolen
Misplacing a device or theft of a device is no defence against the GDPR or POPI compliance. Sophos Encryption is the easiest way to keep your data secure even if it is lost or stolen. Sophos Mobile utilises secure containers to keep sensitive data isolated and secure. In the event a device is lost or stolen it can be remotely locked and wiped.
Reduce impact of human error
Most of us have sent an email to the wrong person or been tempted by a realistic phishing email. But when sensitive data is involved an innocent mistake can become a costly fine. Organisations have to develop a culture through training where users can spot and report phishing emails across a wide range of industries and languages.
Because none of us lives in a world of unlimited budget and static risk, we must have a best-practice framework to protecting data in order to succeed. The GDPR or POPI expect us to take ‘state of the art’ into consideration when defining best practices, which leaves us to define what these best practices are and to make the appropriate investment trade-offs. Make sure to document why these decisions were sound and logical choices at the time, in case you are ever asked to defend them.
Six steps to take for GDPR/POPI readiness
1. Remember, always seek legal advice as part of any readiness plan for the GDPR/POPI.
2. Take ownership of your compliance readiness. These compliances are not a mystery or something to be feared. Organisations need to take ownership of compliance readiness. By becoming the expert, and explaining your common-sense risk and investment strategy, you can both drive buy-in and become empowered to act and lead.
3. Evaluate risk exposure. Understand the GDPR/POPI and use the common-sense approach to recognise your business’ exposure to the regulation and its potential fines.
4. Determine your investment level. Use simple maths to determine an appropriate investment level in GDPR/POPI readiness.
5. Get executive buy-in. If you do business in the EU or SA, your executives need to understand and support your approach.
6. Invest in ‘state-of-the-art’ best practices. Use the Data Security Scale as a framework to identify the next possible investment you should make to reduce your risk further.
© Technews Publishing (Pty) Ltd | All Rights Reserved