Looking back just a decade ago when Health & Safety began to become a thing it was considered a pain by those organisations who had to implement it but it changed the way we do things and fast forward to today, there is a specialist dedicated role to handle and manage Health & Safety in all organisations - The consultant argued that GDPR will be no different. It is protection in a non-physical way. In the future todays 'what to do' and 'how to do' will move to 'just do' like it is with Health & Safety today.
I tend to agree but GDPR shouldn’t be managed by just one role or department, it is everyone's responsibility to manage data privacy, across the whole organisation.
Cybersecurity professions for instance are under increasing pressure in today's post-GDPR world to minimise the risk of data breaches and keep their organisation's data safe and out of the headlines.
One line of the "Safety Dance" song is "we can dance, we can dance everything out control" and I can imagine that’s something many an IT security team could relate to in trying to gain visibility on security and access controls as part of compliance while working out what to do and how to do it.
If you are in IT security then you are well aware of the many tasks involved; as well as scanning for vulnerabilities across IT systems there is also managing licenses costs, controlling who has access to what systems and at what level, not to mention juggling which accounts could be at risk with insecure passwords or haven't been changed for a while or even whether the person assigned to the account has changed roles or left the company. Keeping on top of all this takes a lot of time and effort coupled with the headache of managing all this through multiple spreadsheets.
Are you getting the security insights that you need in today's post GDPR world?
- Can you tell which systems have the highest risk of exposure and need patching vs the actual usage?
- When auditing the actual usage of your licenses can you report on financial costs at the same time?
- Are you able to prove you are adhering to least privilege profiles across all systems?
Rather than dance your way through all those complicated spreadsheets have you considered using a data analytical platform that can combine all your data logs from the various security tools you use and give you a holistic view of the situation?
- Keeps you secure
- Saves time, saves money
- Gives greater visibility
And it's not just the external risk, it is also estimated that majority of data breeches occur from within the organisation, 20% from Human error.
Empowerment and education of individuals could be achieved by sharing benchmarking security data from top down, from board to floor, helping to avoid the common mistakes which can lead to inadvertent data breeches from the inside - such as weak passwords, print outs being left on the printer or storing a list of personal data on open public cloud systemsAnalytics is not just for the business; security intelligence is the smart way to stay safe these days
*Oh and in case you were wondering it turns out the "Safety Dance" was a protest song for Pogoing on the dance floor!