Security Management as gdpr nears: New data protection rules will have an impact, a round-table gathering recently heard. About EEMA A not for profit think tank, it covers identification and authentication, privacy, risk management, cyber security, the Internet of Things and mobile applications. It’s recently joined the European Cyber Security Organisation (ECSO). Visit eema.org. The view of a rainy summer London from the EEMA seminar venue, Atos in Triton Square Photo by Mark Rowe 48 UNHAPPY ‘Sharing information that we do not 100pc trust, without fact checking is a dangerous practice. As well as fuelling the fake news fire, we could be inadvertently spreading malicious activity and supporting cybercrime.’ Raj Samani, chief scientist, McAfee. The man making that prediction was Richard Preece, and the forum was a ‘fire-side’ by EEMA - the European Association for E-identity and Security. As the name suggests, it covers cyber; its 30th anniversary conference this summer in London was hosted by Microsoft. Jon Shamah, Chair of EEMA, chaired the smaller gathering at the central London offices of the IT firm Atos. The title was ‘prepare your board for a cyber attack’. As the sub-title was ‘your reputation gone in 60 seconds?’, the other speaker was Rod Clayton of the public relations agency Weber Shandwick. Tip of the spear Now as a speaker last year at the Fraud Advisory Panel conference on fraud against charities, he featured in our January issue. So first to Richard, a former British Army officer, now in his words a ‘hybrid’ or ‘portfolio consultant’ who for instance works on cyber crisis management for a client; information security for another; and that GDPR (general data protection regulation) for a small business. In passing, we might say that as Richard went into that field while in the Army, that shows the sort of roads you can go down in the Army; it’s not all packs and yomps. Despite the UK leaving the European Union, the EU’s GDPR will happen here, as set out in the Queen’s Speech in June. The UK Government wants it to ‘incentivise good behaviour’, Richard said. He sees GDPR as ‘the tip of the spear’; while he thinks it’ll take 12 months before the data protection regulator will hand out larger fines under this new regime, he warned: “We are entering an era where claims companies are going to be using GDPR as a very useful source of revenue creation, shall we say; and that in many ways, if you have large amounts of data that suffers a breach, is probably more dangerous than the regulatory fines for some companies.” As Richard added, GDPR is new, for insurers and everyone. GDPR will matter particularly he suggested with SEPTEMBER 2017 PROFESSIONAL SECURITY Risk in the ‘sensitive data’ collected; about for example political views, or what race you are. He planted work to prepare for GDPR next year in managing risk, ‘actually a pretty simple process’. People talk about enterprise risk management, he noted, ‘but it doesn’t happen’; people, in institutions, don’t, or don’t want, to ‘join the dots’. A lack of forward thinking means that an institution may go through with some innovation, but that has second or third-order consequences, not thought about. Risk management needs to be wider, and broader, and less retrospective, he said. This includes planning for and ‘walking through’ scenarios. Such as; under GDPR, if you have a data breach, you have 72 hours to tell the regulator (although the details are hazy still). Always on a Friday Now to Rod Clayton, who also picked up that 72 hours rule. As someone around the table lamented, ‘it’s always on a Friday’, when a cyber breach gets reported inside a business, that is; which does rather suggest that the IT staff had known for at least part of the week and were now admitting defeat before the weekend. While the regulator the ICO (Information Commissioner’s Office) has publicly urged everyone to prepare for GDPR, it has not, as featured in our June issue, given guidance yet on (for example) when the clock starts to tick on those 72 hours. Is it when anyone first notices something is wrong, or round when someone checks and calls in a consultant? Yet such things can have an impact on reputation, he said. He urged care also on what words you use to describe a cyber breach. Is it even a breach, for instance? To call it one, from an insurance or legal point of view, may have consequences. “The consumer doesn’t necessarily understand the subtleties.” Or as he equally neatly put it, people aren’t all rational or ‘well grounded’, so the debate about your firm in its crisis may be distorted, even deliberately. Joining the dots He had begun by agreeing with Richard Preece that ‘joining the dots’ is one of the biggest problems in any organisation. The end of his talk was the story of a Greenpeace protest at a building; that client called in Weber Shandwick. Clayton - leaving aside whether you agree or not with Greenpeace’s campaigns - made the point that Greenpeace always has dialogue with the place it’s going to target. The client denied that; until it turned out that Greenpeace had written; to the sustainability department, which had however thrown it in the bin. And did not bother to tell any other part of the business; that might however have assessed that a problem was coming. Clayton’s point; people in a business fail to connect with each other, and don’t think about ‘risk in the round’. On his specialism of corporate, and crisis, public ➬ www.professionalsecurity.co.uk
Find us in the most remote places Altron AW1697 / ACT Cabinet-based Tiltdown Lattice Tower Tel +44 (0)1269 833222 Email cctvsales@altron.co.uk See our website at www.altron.co.uk M A N U F A C T U R E R O F C C T V P O L E S , C O L U M N S , T O W E R S & B R A C K E T S REQUEST A CATALOGUE AT DVS.CO.UK H.265/265+ Optical Zoom Behavior Analytics LPR 15m Capture THE NEW ICONIC DVS SUMMER CATALOGUE IS NOW AVAILABLE Low Light DELIVERING VISION TRADE ONLY CCTV & IP VIDEO DISTRIBUTOR Panoramic View DVS.CO.UK Thermal 35mm Get In Touch +44 (0) 2920 455 512 sales@dvs.co.uk www.dvs.co.uk Follow @DVSLTD /DVSLimited /DVSLTD SUMMER 2017 OUR PARTNERS