, , ,

GDPR cyber ransom demands predicted to increase

Leading cyber security researchers, F-Secure, have predicted a significant rise in the ransom demanded for stolen or encrypted data following the General Data Protection Regulation (GDPR) compliance deadline in May 2018. Potentially the sums demanded, due to GDPR cyber ransom, could be in the order of telephone numbers.

In the past, cyber attackers have often been unaware of how much stolen data is worth to organisations. However, the implementation of GDPR means that organisations can be fined up to 4% of their global annual turnover or €20m, whichever is greater, if found to have a data breach. These fines effectively provide cyber criminals with a price point. This means it is now possible for criminals to understand how much data is worth to organisations and demand a far higher GDPR cyber ransom.

GDPR Cyber Ransom:

As a result, hackers are likely to understand that companies will be willing to pay almost anything less than such fines, in order to keep the data breach quiet. This is in order to avoid the heavy fines and keep their reputation intact. Currently criminals typically only demand thousands of Pounds as a ransom for stolen data. This is predicted to increase to tens of thousands, hundreds of thousands, or even millions of Pounds, depending on the organisation.

GDPR as a business opportunity:

With just over six months to go before the compliance deadline, companies are being urged to get their data in order. This is not only due to the potential fines, but also as GDPR can be seen as a business opportunity.

Many organisations have focused on the fines associated with GDPR.  In reality, GDPR is an expansion of the ability to manage the use of data. This regualtion aims to level the playing field between the public and the private sector, in order to facilitate the exchange of data. In addition, GDPR enables companies to understand the data that they have, how to best secure it and how to manage the data effectively in order to use it to identify potential business opportunities.

GDPR will essentially work to create a global standard for data protection. This provides European businesses with the opportunity to produce goods and services worldwide that adhere to this standard. In turn, this generates trust between organisations and customers, which is essential for online business.

Read more information on GDPRCyber Security, Cyber Fraud, and Compliance. Don’t get held to GDPR cyber ransom.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Expected impact of Brexit on the UK tech sector

Technology companies are behind 24% of UK exports and 3 million jobs. However, the UK’s high-tech industry is likely to suffer as a result of the vote to leave the EU. This is expected to occur as a result of the significant network effects that impact this sector of the economy.

Network effects in this case refer to the dependence of a transactions value on the number of people doing related transactions. Network effects are cited as one of the main reasons why the technology sector is full of monopolies. Brexit is likely to have a significant influence on the tech industry in the UK and 4 reasons for this are outlined in the following sections of this post.

1. EU determines privacy and competition laws

The UK accounts for only 1% of the global population and 3% of world GDP. Membership within the EU gave the UK greater influential power, as the EU makes up a much larger proportion of both global population and GDP. Post-Brexit, the UK will have even less influence on IT markets.

The US isn’t as concerned about competition and privacy laws as the EU. This therefore means that the EU is effectively the world’s privacy regulator, as no other body has as great an influence on the world market. This means that irrespective of the deal that the UK comes to with the EU post-Brexit, the rules and standards set within the EU will still have a huge influence on UK firms. This will therefore increase costs for firms operating within the UK.

2. UK companies could face pressure to move EU data to European data centres

The first Data Protection Act was brought in by Margaret Thatcher in order to allow UK firms to process the data of Europeans. Without this banks in London would not have been able to store data on German account holders in their UK data centres. Post-Brexit there are fears that a tech startup in England may be pressured to use European data centres to store the data of their EU citizens.

The many international treaties that affect our trade can be obstructive and sometimes infuriating; they are the negative network externalities of the information age. The idea however that Britain can somehow ignore all these regulations is irrational.

3. UK startups may be more expensive after Brexit

Startups that serve customers directly are likely to be slowed due to the need to comply with EU privacy law. Startup costs are significant in the tech industry in particular due to the presence of network effects. When a new market opens there is often a race in which the winner will take all. This winner in most instances is the firm that is able to get the network effects running in its favour first.

4. Brexit will close doors for talented engineers and scientists

Generally speaking technology firms tend to cluster in specific areas. This occurs as a result of agglomeration economies or in other words the cost savings from locating in close proximity to other firms within the same industry. For example, in cities such as San Fransisco, Boston and Bangalore there are thousands of specialist engineers and scientists that are able to work for technology firms in this region. These cities offer specialist subcontractors, good universities and an environment in which tech workers can share information.

Britain has technology clusters in London and Cambridge currently but it is feared that these areas will become less attractive to workers once the UK leaves the EU. In most cases, tech clusters are located in areas in which it is a nice place to live. Usually, these tend to be open and liberal places in which diversity is accepted and thrives. The decision to leave the EU taints the UK’s image as an open and liberal place to live as many claim the Brexit vote was motivated by xenophobia.

Research commissioned by techUK reveals that British employers in digitally intensive industries are particularly reliant on overseas talent, with 45% of recent vacancies filled by foreign-born workers. If workers are deterred from coming to work in the UK, the tech sector may be unable to function and this could therefore lead to problems.

“There is no sector more dynamic, more innovative, more resilient than tech, but that doesn’t make it immune to Brexit,” said Jacqueline de Rojas, the trade group’s president and the UK managing director of the software firm Sage. The future impact on the tech industry yet to be determined. With negotiations set to continue for a significant period it is yet unclear what the future will be for firms in the UK.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Brexit survival guide for IT

Brexit IT Survival: Following the outcome of the referendum on the UK’s membership within the EU, businesses in the UK face a period of uncertainty as Brexit negotiations take place.

In the UK Cloud Snapshot Survey 2017, Serviceteam IT conducted research regarding the future challenges businesses in the UK face and the subsequent effect this will have on their IT plans. The survey conducted as part of this research revealed that almost 20% of respondents felt that Brexit presented the greatest challenge to their IT plans over the next 3 years.  

When interviewed Ben Griffiths, the head of systems from Analysys Mason, argued that “anything to do with Brexit is uncertain” and “makes life more complicated”. In the face of this uncertainty and complexity it is imperative that firms don’t just remain passive regarding the changes happening around them. The following outlines some of the key things businesses can be doing to prepare for the challenges Brexit brings with it.

1. Assess and Plan

The first thing that businesses should consider are the elements of their business that are affected by the EU. For example, UK legislation may change as a result of Brexit as laws previously controlled by the EU may soon become invalid in the UK. As a result of these changes businesses need to be aware of any changes in existing contracts that may occur. For example, have you reviewed your software licensing agreements? Most EULA (End User Licence Agreements) refer to EU law or jurisdiction. Vendors could potentially revoke licence usage and enforce a new licence agreement, with new costs associated.

In order to mitigate any potential issues that may arise as a result of any changes that may impact businesses planning is essential. Businesses need to conduct a review of all aspects of their business that have any links to the EU and formulate a strategy to cope with these changes.

2. Think about your customers

Many businesses in the UK will have a customer base that includes individuals from within the EU. Prior to Britain’s exit from the EU businesses need to think about their customers and how they will be affected by the changes resulting from Brexit. This may include looking at potential customer base that may exist in other areas of the world, outside of the EU for example.

3. Supply chain

Another aspect that also needs to be considered is that of the supply chain within businesses. Additional licenses for exporting and importing within the supply chain may be required as a result of Brexit and it is important that this is considered before any changes take place. This helps to ensure that businesses are prepared for what lies ahead and therefore can avoid disrupting operations.

4. Regulation

It is also important to consider the changes in regulation that may occur as a result of Brexit. At the moment the UK is subject to the regulation imposed by the EU. These regulations may not continue to be enforced in the UK and therefore businesses need to be able to adapt to any changes in regulation that may apply to them in the UK post Brexit.

One significant change in legislation is the UK Data Protection Bill to the House of Lords, which will bring the European Union’s General Data Protection Regulation (GDPR) in to UK law. Read more about GDPR.

5. Staff 

Although it is not yet clear what the effect of Brexit will be on EU citizens living in the UK, it is important that businesses identify the members of their staff that will be affected and how they can help. In addition to this, businesses need to plan for the future and look at their recruitment plans. If it is likely that EU nationals will be hired in the future businesses need to gain an understanding of the immigration application process in order to be able to provide the best support to applicants.

6. Data protection

As of May 2018 the EU’s new General Data Protection Regulation (GDPR) will come into effect and replace the existing Data Protection Act. As the UK will still be a member of the EU at this point businesses in the UK must conform to this regulation. However, once the UK leaves the EU GDPR will apply to UK citizens’ data, and it will still apply to any businesses possessing data regarding EU citizens or businesses. This means businesses in the UK need to ensure that they comply with the demands of this legislation or face the risk of large fines if found to be non-compliant.

7. Data Sovereignty

According to the research conducted by Serviceteam IT, 62% of respondents listed GDPR as the biggest challenge to their IT plans over the next 3 years. With the advance in the adoption of the cloud, many businesses have data stored in data centres across the globe. Businesses need to be aware of the data sovereignty of their data in order to ensure that it complies with the appropriate regulation. Data concerning EU citizens stored in the US for example still needs to comply with GDPR 

There are a number of immediate steps that businesses can take in order to get ahead in the lead up to Brexit. A wait and see strategy is not an option for businesses in the UK and leaders of businesses need to look outwards to identify both the opportunities and challenges Brexit brings with it. Preparation and adaptability are key in order to succeed in this time of uncertainty.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Seven deadly sins of Data Sovereignty

Data Sovereignty refers to the concept that digital data must comply with the data legislation of the country in which the data is stored. This becomes important when considering migration to the cloud as there is not a universal data regulation applicable to all countries and therefore regulation can vary significantly between countries.  

The cloud offers a variety of benefits for firms in terms of cost savings and efficiency gains and it is therefore unsurprising that the number of businesses migrating to the cloud is increasing year on year. Despite the surge in migration it is important to consider the implications of data sovereignty when deciding which cloud service provider to use.   

A recent study, the UK Cloud Snapshot Survey 2017, conducted by Serviceteam IT aimed to determine whether UK businesses had considered the impact of Brexit on data sovereignty and whether this would lead to the relocation of cloud services back to the UK? The response to this question showed that 63% of businesses that participated in the research felt that there would be a data sovereignty issue as a result of Brexit. This highlights that there is still a significant proportion of businesses that are unaware of the consequences Brexit could have on data sovereignty.  

When interviewed as part of this project, Head of ICT Ben Griffiths from Analysis Mason said:

“anything to do with Brexit is uncertain”.

It is this uncertainty surrounding Brexit that may therefore be the underlying reason for the large proportion of businesses that did not think there would be a subsequent impact on data sovereignty.  

Data sovereignty is something that can have a massive impact on businesses but there is still great uncertainty surrounding this subject. The following therefor highlights 7 key things businesses need to know about data sovereignty: 

1. Data legislation varies between countries

One of the most important things to understand is that there is no blanket legislation that applies to data across all countries. The data protection laws between countries can vary quite substantially. For example, in Russia and Germany the data protection laws are far stricter and require that data concerning the citizens of this country remains within the physical borders of the country. It is therefore important to fully investigate the data privacy laws that apply to the data that you hold.  

2. Data sovereignty is not the same as data safety

Although similar, these two concepts are often confused as referring to the same thing. There is however a difference between these two terms. Data safety is often a priority within firms in order to safeguard the personal information of customers and employees. Data sovereignty on the other hand is regulated on the government level and is a set of laws cloud providers have to abide by. 

3. Data sovereignty cannot be guaranteed by solutions providers

Service providers cannot actually guarantee that data will comply with data legislation. This means that organisations need to ensure that they understand the risks of storing their data in the cloud and have an understanding of their service providers position regarding data sovereignty.

4. Location of cloud service providers

When deciding which cloud service provider to use the location of their data centers may therefore be an important thing to consider. There is a strong possibility that it is possible to choose a cloud service provider that has its data centers located in a location that ensures compliance with the data protection legislation that applies to that specific data. The location of your cloud service provider should therefore be one of the first considerations when deciding whether or not to migrate to the cloud.

5. Ensuring you remain compliant

It is important to have an understanding of the laws not only in the country in which you are based but also in all countries in which your business operates. This helps to ensure that your business remains compliant with all legislation surrounding the data you hold.

6. Is your data compliant with the country it resides in

Is the data you hold compliant with the laws of the jurisdiction of the country you store it? More often than not, this aspect is completely ignored, especially when the data storage is provided by a solutions or cloud provider. For example, there have been a number of Government initiatives to restrict the encryption of data, such as India’s abandoned Plain Text storage law. In France until 1996 you could go to jail for encrypting a file without prior permission.

7. Understating the importance of data sovereignty

You may not feel that data sovereignty is a big issue but that is not the case. Non-compliance with data legislation comes with significant consequences. For example, within the EU if a company is found to not be compliant with the requirements of GDPR this can bring heavy fines for firms that can be up to €20 million. 

Despite the demands of data sovereignty, this is not a reason to prevent migration to the cloud. Read more about data sovereignty.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

What is GDPR: All you need to know

What is GDPR: The General Data Protection Regulation (GDPR) will come into effect from the 25th of May 2018 and aims to bring data protection legislation in line with the ways in which data is currently used.

Serviceteam IT has recently completed research on the ways in which businesses in the UK use the cloud and the external factors that are likely to influence the use of the cloud in the future. One of the key findings from this report was that 62% of respondents highlighted GDPR as the biggest challenge to their IT plans over the next 3 years. One interviewee from a technology fleet management provider, commented that the sheer volume of data that the company holds makes GDPR the greatest challenge for the company at this time. Adherence with GDPR in his opinion was ‘bigger than anything else the company has had to deal with’.  You can read the results of the UK Cloud Snapshot Survey 2017.

But what is GDPR? Who does GDPR apply to? What does GDPR mean for businesses in the UK? This will give you an overview of what GDPR is and what it means for you.  

What is GDPR? 

GDPR is an attempt to harmonise the data protection laws between countries within the EU. It is essentially an expansion of the Data Protection Act, introducing tougher fines for those found to be non-compliant and giving people power to have a say in the way in which companies use their data. GDPR was introduced to the House of Lords as the Data Protection Bill 2017 on 13th September 2017.

GDPR applies to both data processors and controllers. Data controllers outline how and why personal data is processed and data processors then act on these demands. Both of these parties will be liable if a company is found to be non-compliant with GDPR.  

One of the major changes the GDPR has brought with it is that companies located outside of the EU will still have to ensure that they are compliant with GDPR if they possess data of EU citizens. This means despite the UKs decision to leave the EU, firms in the UK will still need to comply with this change in regulation. It is for this reason that the firms surveyed in our research were so concerned with the challenge of complying with this regulation. If a company is found to be non-compliant with the demands of this regulation they can face a fine of €20 million or 4% of global annual turnover (whichever is higher).  

What counts as personal data under GDPR? 

There has been an expansion in what is classified as personal data under GDPR from what was previously outlined in the Data Protection Act. The definition of what classifies as personal data is more detailed under GDPR and information including an online identifier such as an IP address is classified as personal data. In addition to this, processing personal data of children under the age of 16 will now require parental consent.

When can people access the personal data companies have stored on them? 

Individuals can request to have access to the data companies have stored on them at ‘reasonable intervals’. Companies have an obligation to respond to this request within a month of it being made. People have the right to be able to request to see any data that a company holds on them and to learn how this data is being used and how long it will be stored for. They also have the ‘right to be forgotten’. This means that individuals have the right to request for their data to be erased from a company system.

What happens if a company experiences a data breach? 

If a company experiences a breach that risks people’s rights and freedoms they are obligated to inform the relevant data protection authority within 72 hours of the organisation becoming aware of the breach. This notification must include an outline of what type of data has been affected, what the consequences could mean and an outline of a response plan.  

Failure to meet this 3-day deadline means an organisation risks a fine of 2% of their global annual turnover or €10million, depending on which is higher.  

GDPR therefore presents a major challenge to businesses in order to ensure that they are found to be compliant. Many businesses are confused by the regulation of the GDPR and find them almost impossible to translate into a set of controls to implement across the organisation. With just one purchase you can now put in place the security baseline you need in order to meet the legislation and get compliant. For more information on this please check out one of our other blogs on what is GDPR.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!