The internet is full of information regarding both GDPR and Cyber Security. Sophisticated software is being recommended along with offers to penetration test your IT systems to see how secure they are or software to locate personal data in your files that is not secure.
It is easy to panic and layout lots of investment but to still have vulnerabilities that could cost you thousands or even millions of pounds.
With even the most secure IT systems as used by multimillion-pound blue chip companies and government departments there is still the potential for failure – in short, it’s you and you and I.
It’s us that don’t use secure passwords, don’t always secure personal or sensitive data. We leave our PC, laptop or phone on and open for others to use.
Regular staff training and auditing is essential to ensure compliance with the requirements of both GDPR and Cyber Essentials requirements. This is not a onetime only training requirement. Induction & refresher training must be carried out
There must also be controls in place for site security, use of portable storage devices and clear desk policy to name just a few. Audits must be carried out throughout the company to ensure that these controls are in place.
Like all policies and procedures in your company. It is the responsibility of the managing director to ensure that there is the resource available to ensure that what is required to prevent both cyber attacks and data breaches.