Posts

Cyber Security: Small Business Guide

If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach*.  For micro / small businesses, that could result in costs of around £1,400.  Further, from May 2018, there’s the possibility of increased fines from the Information Commissioner’s Office if you fail to meet your responsibilities under the General Data Protection Regulation (GDPR).

But don’t worrynew guidance from the NCSC shows how easy it can be to protect your organisation’s data, assets, and reputation.

Easy to understand advice

Falling victim to cyber crime can be devastating for your business, and when you consider that SMEs make up 99.9% of Britain’s 5.5 million private sector businesses, it represents a real threat to the whole of the UK economy. That’s why the NCSC has produced this Cyber Security: Small Business Guide, which contains advice that is easy to understand and costs little to implement.

Following the advice in this guide will significantly increase your protection from the most common types of cyber crime. If you do nothing else to protect your livelihood from this growing threat, then take these 5 steps.

If you want or need to improve your cyber security further, then you can also seek certification under the Cyber Essentials scheme, which has the benefit of demonstrating to your clients (or prospective clients) that you take the protection of their data seriously. And if you’re a larger business (or face a greater risk from cyber crime) then the 10 Steps to Cyber Security can help your approach to cyber security.

We’d welcome your feedback

Cyber Security can feel like a daunting challenge for many small business owners. But it needn’t be. The NCSC is working with representative bodies, law enforcement, charities, not-for-profit organisations and small businesses to ensure we present our advice in the best way possible. We’d welcome your feedback on the Cyber Security: Small Business Guide to help us continually improve our advice to small business.

Neil

SME Engagement Lead, NCSC

*The Department for Digital, Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2017‘ reported that just under half (46%) of all businesses have identified at least one cyber security breach or attack in the last 12 months (and 38% have among micro-firms, 52% have among small firms and 66% have among medium firms).

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

What is GDPR: All you need to know

What is GDPR: The General Data Protection Regulation (GDPR) will come into effect from the 25th of May 2018 and aims to bring data protection legislation in line with the ways in which data is currently used.

Serviceteam IT has recently completed research on the ways in which businesses in the UK use the cloud and the external factors that are likely to influence the use of the cloud in the future. One of the key findings from this report was that 62% of respondents highlighted GDPR as the biggest challenge to their IT plans over the next 3 years. One interviewee from a technology fleet management provider, commented that the sheer volume of data that the company holds makes GDPR the greatest challenge for the company at this time. Adherence with GDPR in his opinion was ‘bigger than anything else the company has had to deal with’.  You can read the results of the UK Cloud Snapshot Survey 2017.

But what is GDPR? Who does GDPR apply to? What does GDPR mean for businesses in the UK? This will give you an overview of what GDPR is and what it means for you.  

What is GDPR? 

GDPR is an attempt to harmonise the data protection laws between countries within the EU. It is essentially an expansion of the Data Protection Act, introducing tougher fines for those found to be non-compliant and giving people power to have a say in the way in which companies use their data. GDPR was introduced to the House of Lords as the Data Protection Bill 2017 on 13th September 2017.

GDPR applies to both data processors and controllers. Data controllers outline how and why personal data is processed and data processors then act on these demands. Both of these parties will be liable if a company is found to be non-compliant with GDPR.  

One of the major changes the GDPR has brought with it is that companies located outside of the EU will still have to ensure that they are compliant with GDPR if they possess data of EU citizens. This means despite the UKs decision to leave the EU, firms in the UK will still need to comply with this change in regulation. It is for this reason that the firms surveyed in our research were so concerned with the challenge of complying with this regulation. If a company is found to be non-compliant with the demands of this regulation they can face a fine of €20 million or 4% of global annual turnover (whichever is higher).  

What counts as personal data under GDPR? 

There has been an expansion in what is classified as personal data under GDPR from what was previously outlined in the Data Protection Act. The definition of what classifies as personal data is more detailed under GDPR and information including an online identifier such as an IP address is classified as personal data. In addition to this, processing personal data of children under the age of 16 will now require parental consent.

When can people access the personal data companies have stored on them? 

Individuals can request to have access to the data companies have stored on them at ‘reasonable intervals’. Companies have an obligation to respond to this request within a month of it being made. People have the right to be able to request to see any data that a company holds on them and to learn how this data is being used and how long it will be stored for. They also have the ‘right to be forgotten’. This means that individuals have the right to request for their data to be erased from a company system.

What happens if a company experiences a data breach? 

If a company experiences a breach that risks people’s rights and freedoms they are obligated to inform the relevant data protection authority within 72 hours of the organisation becoming aware of the breach. This notification must include an outline of what type of data has been affected, what the consequences could mean and an outline of a response plan.  

Failure to meet this 3-day deadline means an organisation risks a fine of 2% of their global annual turnover or €10million, depending on which is higher.  

GDPR therefore presents a major challenge to businesses in order to ensure that they are found to be compliant. Many businesses are confused by the regulation of the GDPR and find them almost impossible to translate into a set of controls to implement across the organisation. With just one purchase you can now put in place the security baseline you need in order to meet the legislation and get compliant. For more information on this please check out one of our other blogs on what is GDPR.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

General Data Protection Regulation (GDPR)

Many businesses are confused by the regulation of the GDPR and find them almost impossible to translate into a set of controls to implement across the organisation. With just one purchase you can now put in place the security baseline you need in order to meet the legislation and get compliant.