Happy New Year 2016
The end of 2015 will have either ended with all the trimmings of happiness, success and achieving bucket list items, or, a gladness to see it fizzle away into the ether, with a new year ahead filled with promise, dreams and New Year resolutions.
Throughout 2015 cyber security ascended to the priority of senior board level meetings for many of the major companies in the UK, they could no longer ignore the severity of what was happening on an almost weekly occasion and had to take evasive action internally to mitigate potential threats.
TalkTalk, Marks & Spencer, Moonpig, 56 Dean Street Clinic, WH Smith, HMRC (be diligent when submitting your tax returns for 2016 – phishing emails that look like they’ve come from HMRC are viral at the moment) publically announced their breaches in the UK and the world, they had no choice.
‘EU Data protection regulation’ is to come into effect, therefore companies are now working towards developing a security improvement programme with artefacts, identifying that if company X were to have a breach they have safeguarding measures in place and are confidently protecting the company, employees and most importantly the brand.
EU General Data Protection Regulation Draft – here are some highlights
- Applicability to EU citizens’ personal data (even if such data is processed outside of the EU);
- Explicit informed consent required to be given by data subjects to any entity that processes or analyzes personal data, with the ability to easily withdraw such consent (this could be particularly onerous and expensive to implement in connection with the entity’s employees);
- Right to compensation for monetary damages in the event that unlawful data processing occurs;
- Imposition of fines as high as 1 million Euros, or two percent of a company’s “total worldwide annualturnover of the preceding financial year” (in particular cases), for non-compliance;
- Mandatory risk assessments and in-house data protection officers for larger companies; and
- In the context of cloud-based systems, direct accountability and reporting requirements for every person or entity that is part of the cloud “supply chain”.
The beginning of 2016 has begun with a vengeance, ‘Juniper Networks’ have come forward to advise that their ‘NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks’
The trend will continue with more sinister and sophisticated threats throughout 2016 discussed by Wired.com such as ‘Data Manipulation’,’Extortion Hacks’ and more ‘Backdoors’.
The EU GDPR will not be effective until Spring 2016, however 4/5 months isn’t a long time.
‘Prevention Is Better Than Cure’
Enterprise Account Manager