Time is running out for business to prepare for GDPR

Neil Bramley, Toshiba

As part of European Cyber Security Month, Business Leader Magazine spoke with Neil Bramley, the B2B Client Solutions Business Unit Director of Northern Europe for Toshiba.

Bramley shares his thoughts on what European organisations should be considering from a cyber security perspective, especially with the upcoming GDPR regulations.

With the EU’s General Data Protection Regulation (GDPR) coming into force in a matter of months, the clock is ticking for European organisations to get a better handle on their data – both in terms of how it’s used, and how it’s secured.

Throughout October, European Cyber Security Month is helping to further raise awareness around data protection by encouraging organisations across every vertical to consider their security strategy.

In today’s working environment, mobile working practices and developments such as IoT are opening businesses up to more touchpoints and greater volumes of data than ever before, creating an ever-increasing attack surface.

Despite advancements in the technology in their hands, people continue to be the weakest link in any security chain, especially when they are working away from an office environment.

While failing to sufficiently protect data in the past could have led to costly reputational damage, GDPR will bring a heightened level of penalties, fines and legal action, and so the time is now for businesses to assess data protection and security strategies.

A move towards zero client solutions will help businesses to remove the threat of malware being stored on a laptop, or eliminate data theft should the device be lost or stolen.

Such solutions play a vital role in moving the threat away from the employee’s hands, restricting access rights, and creating greater protection and compliance at the earliest possible stage of a potential breach.

However, in the first instance it is important that the devices in use at that employee level offer a robust first-defence, in particular when taking the increased risks associated with mobile and remote working into account.

According to Gartner, worldwide spending on cybersecurity products and services are predicted to exceed $1 trillion in the next five years – demonstrating that organisations will seek an all-encompassing approach to securing their IT infrastructure at every level.

Business devices which have built in security features such as biometric fingerprint sensors and IR cameras, can act as an effective first barrier to attacks, but it’s also important to look at the heart of the device – its BIOS – and how safe this is from interference.

With access information including System ID and authorised network information stored here, ensuring your device provider has developed its BIOS in-house for guaranteed security is an important but often overlooked consideration.