GDPR: Walking in the shoes of the hacker
When you leave the house in the morning do you lock the front door?
Do you check that the windows are all shut?
And, if you’re a little bit OCD, you probably check again that the cooker is switched off!
My late father-in-law had been a policeman in his twenties and used to say that the thieves would always go for the easy targets, so make sure your house is more secure than your neighbours! (Not that he wished any ill will on my neighbours!)
Are there any valuables on display? Are your car keys in a dish beside the front door? Do you have a visible alarm box?
Put yourself in the shoes of the thief to determine whether you’d be an easy target.
But what’s that got to do with GDPR?
Many of the same principles apply.
Do you or colleagues leave papers on your desk when you leave for the evening that might contain personal information? It’s not just disclosure of digital records that could get you into trouble.
That should be relatively easy to address with training to embed good working practices.
The same applies to the digital world but there are also measures that you can put in place that take account of human fallibility.
Data loss prevention or DLP is built in to tools such as Office 365 to ensure your people don’t share or email sensitive data inappropriately.
Phish Threat is a training tool that allows you to test whether your people are likely to open spoof emails.
Intercept X prevents Ransomware attacks at the point of entry and reverses the damage without any impact, even if your users click on dodgy links or open rogue attachments.
Penetration testing and vulnerability scanning will literally give you the perspective of the hacker who is looking for vulnerabilities and systems that are easy to infiltrate – after all, why use a sledgehammer if you can just walk through an unlocked front door?
A key word that should be top of mind in relation to all things GDPR is negligence – and we’ll come back to that in a future blog.