Rapport De stand van e-mailbeveiliging 2018
De nieuwste dreigingen, geschonden vertrouwen en slechte gewoontes — en een cyber-resiliencestrategie als oplossing
That’s the headline-grabbing stick being used by regulators to ‘encourage’ European Union General Data Protection Regulation (GDPR) readiness.
Granted, it’s the upper tier of penalties for non-compliance, but even the 2% or €10 million lower limit could put a big dent in profitability and even see some smaller organizations go out of business.
Given the choice, do you hope you don’t get breached or found out? Or do you take necessary steps to protect yourself and the privacy of customers, employees, and others you may hold personal data on? That’s the question being asked by many as they contemplate what or how much to do leading up to the May 25, 2018, enforcement deadline. Gartner believes less than 50% of organizations will be fully compliant by this time. And according to Osterman research, only 41% of organizations as of December 2017 feel they are ready to comply with the requirements of the GDPR. That leaves a massive number facing a significant risk of fines.
Full compliance is perhaps an unknown quantity right now, but there are critical people, process, and technology changes that can certainly reduce the risk of breach and subsequent potential fines.
Do you want to be the one to find out? Technology can help simplify the road to compliance but will need investment. Many will be asking, “what’s the cost of getting ready versus the potential fine?” It’s a legitimate question. But that’s like only taking third-party insurance on your car hoping you’ll never have an accident. It’s a false economy and you’ll end up paying for it in the long run.
There are ways to limit the “one-off” impact of technology purchases, like adopting cloud services. Now very much mainstream, you can adopt cloud-based services using operational cash versus needing the capital upfront. They benefit in other ways too, being generally faster to get up and running and keep up-to-date without needing your involvement.
There is also another layer of problems for an organization that violates GDPR, non-financial penalties. Authorities can impose restrictions, put an end to certain processes, implement remediation programs, and then require audits going forward. Investigation alone can also put a strain on your business by creating doubt in the minds of your customers, employees, and stockholders.
This includes email – storing a huge amount of personal data while also being the top route for attackers into your organization. Effective email cyber resilience, including advanced security, robust data archives and backups and a business continuity plan, can go a long way to getting GDPR ready.
The right security can help prevent a successful attack, stop personal data leaks and encrypt information at rest and in transit. An integrated archive and backup means faster access to information to support subject access, data portability and right to be forgotten requests. Having a Plan B for email means all your safeguards are maintained even if your primary mail systems go down.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly