The Regulatory Impacts of Phishing Attacks

Phishing attacks can be a daily threat to everyone both in their personal and professional lives. The fact that a successful phishing attack can compromise an account and force a password reset is well-known. Here, we’ll be talking about how phishing threatens an organization’s compliance with regulations designed to protect the sensitive information under their care.

A Brief Introduction to Data Protection Regulations

Laws and regulations have been around for quite some time to protect personal information in certain fields (healthcare, finance and more). When the EU’s General Data Privacy Regulation (GDPR) came into effect in May, the bar for data protection was raised for many organizations. For those who may not be familiar with what data is protected in certain industries, this section provides a brief introduction to the data protection regulations known as GDPR, HIPAA and PCI DSS.

GDPR

The General Data Privacy Regulation (GDPR) is a regulation recently enacted by the European Union. Its purpose is to protect the privacy of EU citizens by setting out clear requirements and penalties for organizations processing the personal data of EU citizens. The regulation applies to any organization storing, processing, or transmitting EU citizens’ personal data, not just those within the EU.

According to Article 4 of the GDPR, an individual’s personal data is “any information relating to an identifiable or identified natural person.” In other words, GDPR covers any data that can be used to uniquely identify someone either on its own (name, email address, phone number, home address and so forth) or through aggregation (i.e., gender, ethnicity, birth date and so on).

Under GDPR, an organization is liable to be fined up to 4% of global revenue or 20 million Euros (whichever is larger) for a personal data breach. A personal data breach is defined (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/U0sGA3FBIwg/