Data Protection, Electronic and Privacy Law Blog

Keeping you up to date with plain language explanations of your obligations and liabilities under data protection law, electronic law and privacy law. With a touch of cybersecurity and trends like blockchain and quantum computing.

Do you know how to deal with cyber security in your business? Is it just for the IT department to know? Cyber security is everyone's business. Cath Jenkin explores planning, informing and cyber education in the workplace in this cyber security blog.

What's Next? Don't wait: educate.

Cyber security is everyone's business.

29 September 2019
Posted in: ICT and Cybersecurity

Every level matters
Cyber security is not just your IT department's problem. This brief guide outlines the importance of educating every single member of your team in terms of the:

  • Compliance-related rules and policies around ensuring cyber security and managing cyber risk.
  • Operational requirements, rules, and policies for ensuring cyber security and managing cyber risk.
Creating easy to use guidelines and solutions that offer your business a robust cyber security framework is imperative, to ensure a successful adoption and implementation of your cyber security plan. The fact remains: you can have the strictest network protocols, the most dazzling of security procedures, and the highest level of verification mechanisms attached to your office door. But, all it takes is one person with a memory stick, or a simple laptop theft, to expose your business to extreme risk. Most cyber attacks nowadays rely upon some level of human interaction to be successful. Phishing attacks, for example, work because they are created to fool even the most critical of eyes into believing something is authentic.

Every level has the appropriate privilege
Defining the level of access a member of your team will have to your company assets and information forms part and parcel of their job description. For example, a filing clerk may not need access to the CEO's email account to ensure they're doing their job well. Alternatively, the head of your IT department may be responsible for helping your Human Resources department maintain their online systems, but that doesn't mean they need to know how much your CEO's trip to a conference in Hawaii cost. Similarly, your cleaning department does not need to take a laptop home every day, just so they can catch up on emails.

Tokenised access systems
Defining the level of data or asset access is important, but ensuring those access privileges are maintained, and can be revoked if required, is just as vital. Tokenised access systems, including fingerprint verification systems for your office door, or one-time password services for your network configuration tools, can be used to ensure a relatively robust level of cyber security.

What matters the most
A cyber security plan is not a once-off project. Instead, building, implementing, and then maintaining or expanding that plan so that it's adaptable and responsive to changing business needs must be kept in mind. For that reason, we recommend you focus first on the mission-critical aspects of your business, and securing the assets and information your business relies upon the most, first.

Verify, then trust
Authentication mechanisms are not purely for computer-based use. Instead, authentication mechanisms can take on the form of showing an identity card to your security guard at the door, or creating critical guidelines for how passwords and usernames are to be created by end users. Every policy and procedure for the appropriate employee or team member must be shared, understood, and adopted by everyone. This will also include authenticating and verifying the access and use by third parties, or external service providers.

Adopt and review
Verification techniques are great tools, but people leave jobs, equipment may be lost, and projects end. Establishing solid procedures to review access and ensure it's still required must form part of your cyber security plan.

Personal data
The buzz around personal data security has never been louder. And, as a business, you've got to take notice. Personal data, including employee records and other important information, customer, and third party data, is a deeply regulated realm. Avoiding or forgetting to comply with the relevant legislation can be a death knell for your business. Establishing an effective cyber security programme that ensures your business remains compliant at every turn, is not just the job of your IT department. Cyber security is everyone's business, so make sure it's part of everyone's job.

Conducting a thorough assessment of your business' needs and how to educate every member of your team is important. ProPrivacy can help. Let's chat.



Castletownroche, Co. Cork
Mon-Thu: 10h00-14h30

Contact Philipa

Phone: +353 (21) 234 8890
Mobile: +353 (83) 827 4889

Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Farley is an Irish Computer Society Member Philipa Farley is a Business Analysts Association of Ireland Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

Philipa Jane Farley GPG Key - Fingerprint: 2D8E FAA6 B2C6 0754 D13B 2E7D 6A46 D9E6 F2F8 E7DE
ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
© Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved