GDPR: How aligning the board and middle management will bring you one step closer to compliance

Language EnglishTags: With the enforcement of the General Data Protection Regulation (GDPR) just around the corner, organizations are finally starting to implement new technologies, policies and processes to become compliant for May 25th. However, conflicting views between the board and middle management employees on the state of their organization’s GDPR readiness and data management capabilities have the potential to skew how prepared they really are to comply with the regulation. Findings from our latest research study, which surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia, revealed that board members are more confident than management about their organization’s ability to comply with GDPR in time for the May deadline. 41% of board level respondents believe they have all of the necessary processes in place to be GDPR compliant. In contrast, only a quarter of senior management and even fewer middle management level employees (21%) think their organization has what it needs to achieve compliance. The ability to handle the right to be forgotten (RTBF), one of the most challenging areas of the GDPR, also saw a stark divide in opinion between the board and management. Entitling EU citizens to request organizations...
Read more

Right to be forgotten requests: how to ensure your business doesn’t grind to halt

Language EnglishTags: GDPR is the most comprehensive data protection legislation to date and it's revolutionizing the information security landscape. The impending enforcement of the regulation is forcing organizations to understand, and transform, the way they collect, process and store data. One of the most challenging aspects of the legislation is the ‘right to be forgotten’ (RTBF), the ruling that dictates organizations must remove or delete upon request an individual’s data, as long as there is no compelling requirement to keep it. For most organizations, handling the right to be forgotten is expected to be time and resource intensive, and it’s likely that businesses will be inundated with requests from consumers and employees alike. We recently surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany, and Australia to find out whether they would be exercising their right to be forgotten and the impact this would have on their organizations. According to our research, a staggering 75% of employees are likely to request an organization to delete their data. Receiving and processing such a large volume of requests is something most organizations will have zero experience in handling. So much so that almost half (48%)...
Read more

Security v Productivity: The Office Macro Dilemma

Language EnglishTags: By Tim Peters, Pre-Sales Engineer, Clearswift Australia There is no doubt that macros are being increasingly used to execute malicious code around the world and we have all know what impact it can have on an organization when they strike. But sometimes team members just need to run macros to get their work done. So, what do you do? As a security professional, you want to prevent macros from running because it's safer and you don’t have to work until 3:00am to clean up the mess if a macro has caused chaos in your environment. However as a user, you just want to be able to do your work and not have to jump through hoops just to open a spreadsheet with a macro. How do you find that balance between keeping your environment secure and keeping your users happy and productive? There are several different ways to approach this and like anything, each have their pro’s and cons. So let’s explore a few. Lock It Down The Australian Signals Directorate (ASD) recommend disabling office macros as part of their “Essential Eight” strategy and Microsoft have within their Office suite “Protected Mode...
Read more

GDPR Compliance – take a practical approach with 5 key steps

Language EnglishTags: <a href='/blog?tag=GDPR'>GDPR</a> <a href='/blog?tag=Compliance'>Compliance</a> I have been fortunate to be invited to speak about the EU GDPR at a variety of security conferences and events recently including, ISSA in the USA, CeBIT in Germany, C-Cure/DEXCEO in Denmark, Telegraph Business Reporter in London, and most recently, Security Days in Tokyo. It became apparent that GDPR awareness is certainly increasing in all of these countries. In Tokyo however, there is a strong focus on Payment Card Industry Data Security Standard (PCI DSS) and its importance with the 2020 Olympics being held in Japan. While they are separate frameworks, it is not a big leap to talk about the data which needs to be kept secure for the PCI DSS, as a subset of that required for GDPR. Furthermore, many of the underlying requirements which are needed for GDPR compliance are the same as those for PCI DSS. One major difference is, while businesses can out-source the process of credit card payments to reduce the impact of PCI compliance, when it comes to the GDPR, most organizations will be directly impacted by and accountable for the personal data they hold on EU...
Read more