Everyone knows about GDPR don’t they? Surely at least everyone has heard of it even if they don’t know much other than it’s about personal data.
Because GDPR is about personal data and the protection of that data it has become synonymous with Data Protection.
We can’t argue that it isn’t a good thing that GDPR and Data Protection are on the tip of people’s tongues, even if preceded by a profanity.
What a shame is that GDPR has made everyone think about personal data, in the same way that PCI DSS made anyone who takes card payments think about card data.
Thee is much more to Data than Card Numbers and Personal Data
Consider a small manufacturing company who only deals business to business and works on invoices and bank transfers for payments. They don’t have any card data and the only personal data is their 25 employees.
Quite possibly a data desert you might think, policed by a couple of old servers a laptop and a handful of PCs’.
But wait, there’s an excel spreadsheet with all the customers details, and what their credit limit is. There is a mail server with confidential correspondence about manufacturing techniques and installation guides.
The diary shows when deliveries can be made and therefore when people are in or out.
The fileserver holds documents and drawing of all the designs.
There are sales documents which show prospective clients and details of bids for work
If this was your business would you want someone else to be able to get that information, or what if you simply lost access to it – cold your business still function?
Worst still what if the details of a new product you have been working on got stolen and your biggest competitor then produced something similar.
There are countless pieces of data flowing through every business, most of it just tumbleweed like mails you are cc’d into, or internal news, or what’s for lunch.
However, we guarantee that almost without exception every business has some information (data) that they wouldn’t want anyone else to see, and could cause considerable issues if they could no longer gain access to it.
Ask yourself these questions:
- Do I know where all my critical data is?
- Am I confident that confidential data can only be accessed by those who have permission to see it?
- Would I know if my data was stolen?
- How much is my data worth to the business?
- Are my system and processes adequate to keep my data safe?
Finally we picked a handful of statistics by way of illustrating the importance of Data Protection:
- 62% of businesses experienced phishing and social engineering attacks in 2018 (Cybint Solutions)
- 71% of breaches were financially motivated and 25% were motivated by espionage (Verizon)
- 34% of data breaches involved internal actors (Verizon)
- 22% of all folders were available to every employee (Varonis)
- 43% of breach victims were small businesses (Verizon)
For a complete list of stats go here: https://www.varonis.com/blog/cybersecurity-statistics/
If this article has madde you think and you want to know more about how we can help take a look at our data protection services.