Protecting Data – Simple Steps to Help Your Organisation Stay Compliant

 

Whilst the term GDPR should now be familiar to all organisations, many and especially those in the hospitality sector struggle to ensure that adequate steps have been taken to mitigate the risks to personal data. 

 

When the General Data Protection Regulations (GDPR) came into force, it introduced new requirements for the protection of our sensitive personal details. Since then, Uber, Sage, Tesco Bank, Experian, BA, to name a few have fallen foul, exposing, or losing customer details, and being hit with hefty fines. 

 

Education, Retail and Hospitality are all areas that hackers see as lucrative targets, due to the large amount and value of the data held, including names, email, address, and payment card details. All of this is data is highly desirable and will be sold on or used to commit fraud. Cybercrime now exceeds organised crime in terms of the revenues generated and has its own structured business model.

“If Cybercrime were measured as a country, it would be the world’s third-largest economy” Steve Morgan – Cybercrime Magazine

On the dark web, you can now get a menu of services and hire a hacker who will create and deliver a targeted ransomware attack, profit sharing any monies generated.

If you are unfortunate enough to suffer a data breach, the effect this can have on your revenue and customer base can be damaging. Just the initial email telling customers you have lost their bank details can see customers looking to place their business elsewhere.  This is also without the added impact of l fines that could be charged by the Information Commissioner’s Office (ICO). Recently the Marriot was fine £18.4 million for losing customer records.

Whilst this may seem a world away from your business, it is all relevant! Fines for breaching GDPR can be 4% of your global turnover up to a value of £20 million. If you run on low-profit margins can you afford to lose 4% of your turnover?

Fear not, the ICO are not monsters looking to find all and sundry. However, they do ask that data protection forms part of your business strategy and plans and should the worst happen, that you can demonstrate that you have taken all reasonable steps to protect the data.

Whilst effort and time is required to ensure you are adhering to the regulations below are a few tips to help you on your journey.

Simple Steps to Help with Compliance and Protect Data 

Ensure all of your devices are protected with passwords and where possible enable any two-factor authentication that makes it difficult for hackers to access the accounts  You must ensure that you use antivirus and malware software. Please use paid versions, not free ones. You certainly will get more than you paid for with free versions, that do not provide adequate protection.

Ensure that all of your computers and systems are up to date and running supported versions of software. If you fail to update computers, they remain exposed to cyber threats, and if you use unsupported software on computers, you will be in breach of GDPR.

For example, any machine running Windows XP or Windows 7 is a massive risk for being exploited, if you are still using any of these versions of windows, you are already in breach of the new data laws.

Spend time mapping the data you store. If you were asked by the ICO what information/data you hold and where it is, could you answer?

Many organisations have data pots all over the place, webforms sitting in outlook, bookings details somewhere else. It can be tricky understanding just what personal information you store, where it is and who can access this. Not knowing one element of these questions, can have you in hot water with the ICO should they investigate any complaint.

Do not forget if you do suffer a breach or a hack; it is now illegal to not report this. All potential breaches or losses of personal data (and that includes physical documents and USB drives etc.) must be reported to the ICO within 72 hours or face penalties.

We Can Help 

Sometimes, simple logical steps and measures can be enough to protect data, but you MUST understand what data you have and be able to articulate the steps you have in place to protect the data.

We have been helping organisations use appropriate security measure to protect data and can help. You can download our useful Infographics Here that details steps that we recommend here or using the link below.

If you would like to discuss data security or take advantage of our Free Security Audit call Zoe Grant on 0333 344 8971

 

You can also download our Security Infographic Here >>