Cyber Defense eMagazine January 2021 Edition

More documents

Recommendations

Info

Personal Data Breaches for GDPR Compliance: Everything You Need to Know By Dan May, Commercial Director, ramsac In the new era of cybercrime, identifying the proper sanctions and reactions for any business can seem challenging, if not confusing. When it comes to data protection and operational compliance in the digital world, authorities like the Information Commissioners Office, or ICO, have identified a sense of confusion surrounding incident management, which includes the whole process itself. The Information Commissioners Office recently revealed that nearly a third of the 500 reports of data breaches it receives weekly are unnecessary or fail to meet the minimum threshold of a GDPR personal data breach. As many operations attempt to anticipate GDPR (or compliance with the General Data Protection Regulation), there remains an unfortunate atmosphere of confusion, or misunderstanding, when it comes to appropriate incident management under data protection regulation. Operations seem to struggle with the types of incidents or breaches that should be officially reported under GDPR. It is understood that ‘over-reporting’ is the most common reaction to perceived breaches. Whilst this is largely motivated by a desire for operational transparency and good compliance practice, clearing up misconceptions surrounding GDPR and data breaches can help businesses remain competitive by avoiding risky or costly penalties. Cyber Defense eMagazine – January 2021 Edition 86 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Identifying personal data breaches Over reporting is not a strategy as much as it is a scattered reaction to a data breach. Under GDPR compliance, which is far-reaching across European territories and beyond, there is a new urgency to officially report compromises that might upset data protection within your organisation. It is also considerably more important than a mere courtesy to your employees, but an attempt to strictly regulate the collection, movement, and storage of personal information, which is why it is most often a challenge to companies with access to larger amounts of data. Defined under the General Data Protection Regulation, a personal breach can be understood as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” (captured in Article 4, definition 12). Importantly, not all ‘breaches’ are equal in severity and, therefore, not every incident needs to be officially captured and reported. Any compromise that falls outside of the definition, according to GDPR compliance, or where the severity is limited, then action isn’t necessarily required. The goal for businesses should be clarifying whether action is officially required or not. But how does this look in everyday practice? It is always advisable to evaluate incidents and cases individually, determining the next actions based on the severity of each breach. Some breaches may affect or inconvenience the role of a single employee, whereas other, larger compromises can impact the emotional, physical, or financial lives of many. Any business that suffers a breach should plan to formally document what happened and any next actions, including whether it was reported or if it failed to meet the criteria. This can help businesses in the scenario that a decision is challenged. How soon should a breach be reported? All businesses are responsible for identifying, and responding to, breaches under data protection. Not only should businesses aim to have the right controls in place to promptly detect a breach, but they should report any compromises within 72 hours to the supervisory authority (which is summarised in Article 33). One of the most common misconceptions about compliance with GDPR is that this mandatory reporting period accounts for 72 “working” hours – whereas, a breach should be captured within 72 hours from the moment of discovery. Where employees or the public might be involved by unauthorised data breaches, those affected should be appropriately notified. In certain scenarios, a business may even need to release a press statement. This will allow those affected parties an opportunity to take precautions and guard themselves from any fallout. What needs to be officially reported? Compliance requires expertise. And failures, delays, or inaccuracies when businesses respond to the ICO’s request for information is increasingly common. Preparing for incident management within your organisation means understanding your responsibilities when a breach is detected and how it needs to be managed – including documenting actions. Cyber Defense eMagazine – January 2021 Edition 87 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
3 Email Hacking Techniques to Watch
Page 3 and 4:
The Rising Tide of Security Threats
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s January 2021 Iss
Page 9 and 10:
Cyber Defense eMagazine - January 2
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
3 Email Hacking Techniques to Watch
Page 25 and 26:
3. Hijacking email threads When Emo
Page 27 and 28:
etween the data sets and filter out
Page 29 and 30:
The Bottom Line AIOps is a journey,
Page 31 and 32:
handle the IT and security challeng
Page 33 and 34:
Businesses Must Protect Their Most
Page 35 and 36: Tokenization also allows businesses
Page 37 and 38: Lately, Zero Trust is all the buzz,
Page 39 and 40: Let's look at what's the same. They
Page 41 and 42: Cryptocurrency Ransomware Is on The
Page 43 and 44: commission from you. That is why co
Page 45 and 46: The second national lockdown in Nov
Page 47 and 48: Communication Streaming Challenges
Page 49 and 50: the plaintext ends up with some sig
Page 51 and 52: create new global admins, add them
Page 53 and 54: Cybersecurity Maturity Model Certif
Page 55 and 56: est practices into your core busine
Page 57 and 58: Businesses Should See Security as A
Page 59 and 60: Businesses must increasingly focus
Page 61 and 62: Cybersecurity risk not only help un
Page 63 and 64: - Mapping sensitive data assets (su
Page 65 and 66: ACRR Formula The ACRR is based on t
Page 67 and 68: Development Model This indicated if
Page 69 and 70: About the Author Gyan Prakash is a
Page 71 and 72: Understanding the Industrial IoT Wh
Page 73 and 74: E-Merchants: Secure Your Online Sal
Page 75 and 76: Damaged Reputation - Damage can ext
Page 77 and 78: IT Automation Software and the Atta
Page 79 and 80: How To Keep Your Children Safe In R
Page 81 and 82: About the Author Nevin Markwart, Ch
Page 83 and 84: The cause? More remote work, fear o
Page 85: About the Author Jody Paterson is a
Page 89 and 90: Brave New World: Safari Content Blo
Page 91 and 92: AdGuard, EasyList and uBlock filter
Page 93 and 94: When Businesses Get Hacked- Who Are
Page 95 and 96: failing to enforce adequate securit
Page 97 and 98: Security and Remote Management: Wha
Page 99 and 100: Looking Ahead to 2021, and Beyond A
Page 101 and 102: workforces and education. However,
Page 103 and 104: About the Authors Steve Hanna is th
Page 105 and 106: As solutions for eXtended Detection
Page 107 and 108: 2. Threats against MSPs, cloud serv
Page 109 and 110: Why 'Thinking Small' Is the Way to
Page 111 and 112: Simplification of micro-segmentatio
Page 113 and 114: commonly used by IT orgs -- can int
Page 115 and 116: ServiceNow Discovery Documentation
Page 117 and 118: Are Your Organization’s Critical
Page 119 and 120: ● Gaining insight into how attack
Page 121 and 122: MITRE Shield introduces active defe
Page 123 and 124: How Next-Gen Identity Governance an
Page 125 and 126: • performing access reviews and c
Page 127 and 128: and intent-based authentication pol
Page 129 and 130: Innovation, Automation and Securing
Page 131 and 132: management, as well as monitoring c
Page 133 and 134: Peer-To-Peer Cybersecurity Insights
Page 135 and 136: Transitioning to Remote Work: The A
Page 137 and 138:
Traqq also performs automatic track
Page 139 and 140:
6. Tool to Prevent Inefficient Task
Page 141 and 142:
Page 143 and 144:
You asked, and it’s finally here
Page 145 and 146:
9 Years in The Making… Thank You
Page 147 and 148:
Page 149 and 150:
show all

Cyber Defense eMagazine January 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?