So, if you haven’t heard about the recent cyber attacks on the NHS then firstly, where have you been and secondly, get reading as it’s really important subject. A total of 48 trusts were hit but now all are thankfully back to normal.
Understandably, NHS bosses and the government are facing questions over why hospitals had been left vulnerable when their systems were infiltrated by a global cyber attack which crippled their services. The chaos it caused was unthinkable, with operations and appointments being cancelled and ambulance services diverted.
Businesses and data security
According to Gov.uk, Britain’s businesses are being urged to better protect themselves from Cyber criminals, with two thirds of large businesses experiencing an attack in the last year. There’s a huge amount at stake, as we’ve seen from the past week’s happenings and so IT professionals have their work cut out when it comes to protecting this information; as quickly as technology evolves, so do the tactics of cyber criminals.
More and more businesses are adopting Cloud technology as part of their digital transformation strategies to increase their potential capabilities. Many organisations now view the cloud as secure, in fact, more so than on–premise deployment. However, what we have to remember is that cloud security is a joint responsibility.
Organisations relying solely on a cloud vendor’s security protocols are potentially exposing themselves to unnecessary risk and cyber attacks. So with this in mind, we mustn’t rest on our laurels; whether you’re a Director or an employee, data security is a hugely important issue which demands careful consideration and forethought.
General Data Protection Regulations (GDPR)
The European Union’s GDPR comes into effect on 25th May 2018 and so companies must be compliant with the newly published rules to drastically improve their data privacy policies by this date. We mustn’t underestimate the scale of this topic, with reported staffing levels reaching a massive 28,000 data protection officers in Europe alone.
GDPR includes people’s IP addresses and online identifiers, as well as forcing companies to gain people’s explicit consent to use their data. The aim is to make it easier to find out what data companies hold on you, how your data is handled and what it’s used for.
Data owners (client) vs data processors (us)
Previously the onus was on the data owner, however, as of May 2018, it will be a joint responsibility with the data processors (i.e. cloud service/us as an example) so in our market, we are also liable and need to ensure as a business we are compliant.
This is a huge subject and one we will continue to talk about in future articles and white papers, so use this as food for thought at this point in time and we’ll be back soon with our next update