VOW explains how technology resellers can help customers secure corporate and customer data prior to the GDPR deadline and the UK’s new Data Protection Bill
From May 2018, it will become a crime to lose unprotected data, making it time-critical for resellers to help customers review their equipment and end-user behaviours to ensure they comply with the General Data Protection Regulation (GDPR).
With the global cost of cybercrime estimated to reach six trillion dollars by 2021, the safe storage of personal information and secure destruction of confidential data should already be important in every business. This new data legislation makes the issue integral to any organisation that handles EU citizens’ data.
From May 2018, the loss or theft of data may lead to a fine of up to 20 million euros (£17m) or 4% of annual global revenue, whichever is greater.
The GDPR will determine how businesses manage, protect and administer data. All organisations should set up procedures for data processing activities and ensure all IT systems are robust. Anyone with responsibility for data will be expected to handle that data in line with the GDPR.
Under the GDPR, personal data includes any data that can be used to identify an individual. This includes genetic, mental, cultural, economic or social information, alongside that traditionally considered to be identifying information.
Ivana Laskodyova, HP Product Manager, VOW said: ‘Key steps that companies should be taking are to identify the data that they want to protect and in what form; to establish where the data resides; and to understand the ‘value’ of this data if it were to be accessed by a non-approved party.’
End user behaviour
End user awareness and training is a vital element in helping organisations prepare.
End users will need to think about their use of devices, how they store data and how they handle any paperwork containing personal data. It will be critical that paperwork is not left lying around the workplace or on machines, particularly in large offices where multiple users print on one or two devices.
Networked printers help streamline business processes and increase productivity, but also leave a fleet vulnerable to attack. If a printer fleet is connected to a network, it should be protected in the same way as PCs and other network endpoints.
HP advises that cyber security must be multi-layered, operating at network, device and user level, with multiple defences on each. Detect and respond should be favoured over protect and defend.
Six steps to securing endpoints are:
1. To audit all authorised and unauthorised devices with access to personal data;
2. To invest in new more secure devices, if necessary;
3. To implement remote access and erasure rights for company data on devices;
4. To implement a regular scan and security software update policy;
5. To implement real-time detect and response software. Solutions could include HP Biosphere or SureStart for PC and print;
6. To train employees in cyber security. HP products offer solutions that can help mitigate the risk of data loss when using printers and PCs. These include HP Enterprise printers, which can detect, protect and even self-heal attacks, automatically and in real time; and HP JetAdvantage Security Manager, which enables the customer to set security configuration policies and automatically validate settings for every HP printer in a fleet.
VOW Technology Product Manager Claire Cully said: ‘Tech resellers should be promoting products that offer additional security measures, such as encrypted USB and SSD devices. Encrypted Memory devices significantly reduce the risk of a data breach. By storing sensitive data on hardware-encrypted USB drives and SSDs, customers can minimise the risk of their data being stolen or illegally accessed.
‘The GDPR says organisations may not be required to report a data breach to the individual concerned if they can demonstrate that they have ‘implemented appropriate technological protection measures’. This means that if measures have been taken to protect lost or stolen data via an encrypted device, it may not have to be reported and so the business may avoid potential administrative costs, fines and reputation damage.’
Hardware encrypted storage solutions from Integral Memory will safeguard customers’ data with high strength, military-grade security features. Product solutions include secure flash drives such as the Integral 256-bit AES Hardware Encrypted USB range.
SafeXS Protector USB flash drives protect sensitive data from unauthorised access and accidental loss, with built-in encrypted backup, secure file sharing and computer protection features. These include auto-destruct settings to delete data beyond a specified date; the option of read-only access to prevent malware infections; and data deletion after 10 failed password attempts to thwart password-guessing attacks.
For support in preparing customers for GDPR, please contact your VOW account manager or call VOW on 0844 980 8000