A recent survey showed that nearly one in five (17%) of companies admitted they are still unsure as to what the benefits are of being GDPR-compliant. Many businesses have still not gained consent and yet are sending marketing emails. More so, some do not have the proper opt-out policies in place and many are still struggling to make sense of the point of GDPR at all. These businesses are at risk of receiving a fine equating up to 4% of their annual turnover, a huge problem for the sole trader, man-on-the-street style business. But is this putting them at risk of more than a fine?
Worryingly, business cyber-crime is up by 63% compared to 2017 and as former Cisco CEO John Chambers once said, “There are only two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” It is part of daily life, a new wave of criminal activity and one businesses need to protect themselves against. The most common types of cyber-attacks are malware, phishing, SQL injection and ‘Man in The Middle’ attacks but without proper security in place, any of these cyber-attacks could be imminent. With no GDPR compliant policies in place, companies could soon find their sensitive customer data is at the hands of a cyber-criminal as well.
With small to mid-size businesses being the most common target, try investing in knowledge with these top five simple and cost-effective ways to protect your data.
1. Phishing knowledge
Sending out fake phishing emails is a policy many companies are now adopting, making staff aware of the dangers of opening attachments from unfamiliar sources could protect your business.
2. Passwords and 2 factor identification
With 30% of Brits using the same password for their email account as other online accounts, having a personal account hacked could lead to a company breach as well. Ensure all staff are made aware of the phrase ‘longer is stronger.’ Use characters, symbols, numbers anything other than Password1 – make those hackers lives hard!
3. Not using public WiFi.
This should go without saying. Shadowing, side jacking and firesheep make public WiFi easy fodder for hackers.
4. Be aware of social media
Posting on social media is never secure and anything you put on there can be obtained by a hacker. Once you have ‘tagged’ yourself into work with a few colleagues’ names, hackers have this information and if they have your social media password, it’s then not too much of a leap to get into your personal emails, your work emails, your calendar, anything.
5. Invest in cyber security
Making the leap to invest in cyber security is often a big financial ask for small businesses, but it is essential and could save you thousands in the long run.
By Paul Tarantino, CEO, Consenteye
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/