THIS month saw a huge international story which sparked widespread panic as the NHS, and many other healthcare systems across the world were hacked by a Ransomware virus which threatened to have devastating consequences.
UK health minister Jeremy Hunt was heavily criticised for failing to put adequate resources into cyber security and many column inches were devoted to the terrible impact that lax cyber security can have on a business or an organisation.
Thankfully many businesses are finally waking up to the fact that resources need to be put in place to protect their systems, data and files.
Just imagine arriving into your office tomorrow morning to find that all your emails, customer data, financial transactions and HR records have been hacked and inaccessible. Imagine where you would start to rebuild your accounts data, email, old and upcoming projects from nothing or worse still calling your customers to tell them that you’ve lost all of your records relating to the trading history.
Business is waking up to the importance of adequate investment in cyber security to protect not only your company information but also that of your clients. However many businesses are not aware of the fact that things are about to get much more difficult with the implementation of the General Data Protection Regulation (GDPR).
With less than one year before the new EU data protection rules come into force, there are key areas businesses need to focus on to ensure they will be compliant. These rules will, as far as we are aware, be unaffected by Brexit.
But GDPR is the biggest change in data protection laws for 20 years, and when it comes into effect on May 25 2018, your business - however large or small - has to comply with the new regulations regarding the secure collection, storage and usage of personal information.
The legislation has been introduced to encourage companies across the EU to think seriously about data protection and security. But beware if you think you can ignore it. GDPR also comes with some fairly harsh penalties for those that do not comply with new regulations and will come into force before the UK leaves the European Union.
Ultimately, GDPR means that your company is solely responsible for your client’s data and steps should be taken to harden the overall security of your IT systems to provide appropriate protection, including data loss protection.
Any data breaches under the GDPR as a result of theft, system failure, cyber-attacks have to be reported within 72 hours to the Supervisory Authority (SA) after becoming aware of a breach and can incur maximum fines up to 4 per cent of annual turnover or €20 million, whichever is greater.
Cyber security is already a massive issue for businesses and it's set to become even bigger. Can you afford to leave it unaddressed?
:: Gareth McAlister is managing director of Nimbus CS (www.nimbuscs.com), which specialises in providing cyber security advice and IT systems for some of the UK and Ireland's brightest companies.
