Information Security

Protecting your; client, customer and employee data is key to any organisation.  So how do you know you are doing the right things?

Our training courses, created to help you understand basic practices of data security, delivered using real-world examples, not through tick-box questions filled with legal jargon. 

To give just a few examples; 

If you have sensitive personal data on paper, is it kept securely locked away?  Data protection concerns all data held, not just electronic data!

Do you work from outside your office and access information on the go? Are the devices you’re using to access this information encrypted? If your answer to either of these questions is “Yes!”, then you need to know how the Data Protection Act affects the way you work and how you can be compliant with the law.

Do any of your organisations’ operations require the transfer of data outside the European Economic Area? “No!” Are you sure about that? Best to check where your cloud-data is stored or where your CCTV provider stores your security footage because international data transfers; a keystone of the GDPR states that cross-border data transfers outside the EEA are generally prohibited.

How often do you update your anti-virus?  Do you know how effective your anti-virus is, even when it is updated? So how can you trust that this is protecting your organisations’ data, let alone the data of your customers, beneficiaries or data subjects?

Not many people realise that the General Data Protection Regulation is effective now; however, come May 25th 2018, it will be enforced.

With the well-publicised cases in the media of hacking, come other questions surrounding GDPR.  One question that I was recently asked, “Are there any hacker exceptions or are you just expected to prove you did everything you could to prevent it and hope the enforcement agency agrees?”, It was a very pertinent question, but we can look at real-world cases for the answer. TalkTalk was fined £400,000 for failing to prevent an attack in October 2015 on its’ data, however, if it had been unable to prove that, “Reasonable and practicable measures” had been taken to avoid the attack the fine would have been £70M, a far higher sum. So the answer is there are no hacking exceptions, and you must prove you have taken the necessary measures.

Securing your data is essential!