Recommendation 1 – Control Access to Data
As a data controller under GDPR, you are responsible for the data security technologies of the files stored with your IT Systems. We have split this into three critical areas for your consideration.
- Prevent unauthorised access to data
You must show how you have considered who has access to what information and it is necessary for them to have that level of access
- Have records of how data has changed
It is essential to show an audit trail of data access, changes and deletion
- Detect and Report Un-authorised Access to Data
You must notify the ICO of a breach within 72 hours of becoming aware of the violation.
We recommend you secure your systems with access control lists and turn on file auditing. In addition to this, we have some solutions to address these issues and would be happy to help you enable this protection. Please reply to this email or give us a call to discuss this further.
Recommendation 2 – Remove Legacy Software and Hardware
There is a lot to be said about loyalty, but in this case, you may be doing yourself a disservice. Software and hardware that are not receiving regular data security protection are probably one of the most significant risks to your organisation’s data compliance and security.
Under GDPR you must ensure that you protect your data and doing regular security patching is all part of this. If a device or software system is no longer receiving security patches, then any exploits could leave your systems open to a breach like the NHS after the WANNA CRY outbreak.
We recommend doing an audit of all software and hardware in your organisation, so you know what is current and what is legacy, then replace the old kit. We already do a lot to keep your systems as up to date as possible, so this requirement should be another easy win. If you would like help with this give us a Call or email to discuss the further
Recommendation 3 – Run up to date Anti-Virus and Antimalware
Hopefully, in today’s business environments it is a necessity that we all run up to date Antivirus and Antimalware software. GDPR further enforces this requirement by its requirement to protect all personal information.
If you’re already a client, then it’s highly likely we already regularly monitor this protection and proactively fix any issues you have with Anti-Virus and Antimalware. If you are not currently part of our proactive ecosystem, then and would like us to monitor your systems give us a call or email to discuss further.
Recommendation 4 – Regularly update all software to ensure all known vulnerabilities are not present
Security and Feature updates are now commonplace in the IT industry. The most commonly known example would be Windows Updates. We recommend you regularly update your machine including downloading any update for software installed on your computer. GDPR requires you to give the best endeavours to data protection and running regular updates is a core part of your IT System’s Security.
If you’re a client, we can monitor your system and make sure you’re always running the latest version, if you would like us to track your systems give us a call or email to discuss further.
We Do Your IT Limited is an IT Support Company based in Bristol that offers service and computer support differently.
We Do Your Communications Limited is a Telephone and Broadband Company based in Bristol that offers service and telpehone support differently.