PrintIT issue48

Nine out of 10 businesses not ready for GDPR Law firm Blake Morgan has launched a free guide to GDPR compliance, as its survey of UK organisations shows that just one in 10 (13%) has updated their privacy policies to comply with the new regulations. More than one third (39%) of organisations have not yet taken steps to prepare for GDPR. A similar proportion (38%) doubt whether they will be compliant by May 25, 2018, when the new rules come into force. Simon Stokes, a partner specialising in data protection law at Blake Morgan, said: “There appears to be genuine confusion among many business leaders about what the new law means and how to achieve full compliance. With the clock counting down to the law coming into force, we would recommend a focused effort by businesses to get to grips with the changes and implement a strategic plan of action.” www.blakemorgan.co.uk/GDPR Negligent employees main cause of security breaches SMBs face an increased risk of cyber-attack, warn Ponemon and Keeper Security, following research showing that 61% of SMBs experienced a breach in 2017, up from 55% in 2016, and that the quantity of stolen data in an average breach has nearly doubled to 9,350 records, from an average of 5,079 in 2016. According to Ponemon, the average cost of disruption to business operations now exceeds $1,000,000, as does the cost of damage to or theft of IT assets/infrastructure. Negligence by employees and contractors is the number one cause of data breaches, cited by 54% of IT professionals surveyed, followed by third party mistakes (43%), errors in system or operation processes (34%), external hackers (33%) and malicious insiders (7%). Keeper Security’s  2017 State of SMB Cybersecurity Report  shows that despite concerns about the vigilance of employees, only 43% of SMBs have a corporate password policy in place. Of those that do, 68% don’t strictly enforce that policy (or are unsure whether they do). www.keepersecurity.com Generalists not up to the task IT managed services provider CORETX warns that mid-sized businesses are compromising the effectiveness of their cyber security defences by relying on generalists for their day-to-day security management. The warning follows a survey of 100 IT decision- makers, which revealed that although 72% have implemented a Security and Information Event Management (SIEM) solution and 83% have replaced their firewall with a more modern solution in the last three years, just 4% have staff dedicated to analysing IT security logs and only 6% have staff dedicated to acting on security reports. Less than 20% have enough resource to scan all IT logs that might contain security information and, when a potential threat is identified, only 13% always report the risk to someone able to deal with it. Merlin Gillespie, Group Strategy Director at CORETX, said: “Of the organisations we surveyed, 75% have recently fallen victim to a cyber- attack, with 40% occurring in the last year. It’s clear that many organisations’ security practices leave very large gaps in their protection. In our view, creating actionable intelligence on the threats organisations face can only be handled by a dedicated team. A business can either recruit and support that function in-house or outsource it to a service provider that specialises in security.” www.CORETX.com Don’t rely on cloud provider for data protection As more businesses move to a cloud-first mentality, Veritas Technologies warns that many are mistakenly abrogating their responsibility for data protection. A global survey of 1,200 businesses by the multi-cloud data management company shows that 56% of companies operate with a cloud-first mentality when it comes to deploying new applications and managing workloads and that 83% of organisations that use, or plan to use, IaaS believe that their cloud service provider will take care of protecting their data in the cloud. More than two thirds (69%) wrongfully believe that data protection, data privacy and compliance are the responsibility of the cloud service provider. In addition, more than half of organisations surveyed for the Truth in Cloud study believe it is the responsibility of the cloud service provider to securely transfer data between on-premises and cloud (54%), to back up workloads in the cloud (51%) and to ensure application uptime (55%). Jason Tooley, Veritas Vice President for Northern Europe, warns that organisations are wrong to assume that the cloud provider will take care of all data privacy and compliance requirements. He said: “Although cloud providers have a duty to ensure they help keep data secure and readily available, the ultimate responsibility of maintaining a compliance position with regulations such as GDPR lies with the organisation that owns the information.” He added: “With the recently introduced UK Data Protection Bill, businesses should remember that they are the data controller, and that they must comply with all the obligations that the GDPR imposes.” veritas.com  PixelPin replaces passwords with pictures PixelPin, a cyber security company based in Cheltenham, has developed an alternative way for end-users to authenticate their online accounts by replacing traditional password and biometric methods with an image that the user must click in four places, in a specific order. www.pixelpin.co.uk BULLETIN PRINT.IT 11 www.printitmag.co.uk Simon Stokes Merlin Gillespie