ProPrivacy

Data Protection, Electronic and Privacy Law Blog

Keeping you up to date with plain language explanations of your obligations and liabilities under data protection law, electronic law and privacy law. With a touch of cybersecurity and trends like blockchain and quantum computing.

With cyber security, breaches, hacks and attacks being headline news daily, Cath Jenkin takes us through some basic elements of cyber security and tells us why we should care.

What is Cyber Security?

And why should you care?

21 July 2019
Posted in: ICT and Cybersecurity

It's everybody's business
High profile cyber attacks hit the headlines more than ever before, and so they should. While the panic of finding out if you've been hacked feels somewhat prescribed for modern life, there's no comfort to be found in complacency. It's not just a problem for your IT Department: cyber security is everyone's business.

Unauthorised access
Cyber security relates to your company's mechanisms for protecting computers, programmes, data, and networks, from unauthorised access. Malicious attacks, whereby company information, important data, or even confidential memos, can be obtained without permission, are all the more common. A simple republication of a confidential internal memo via a social media post can be construed as a form of cyber attack. But, what is unauthorised access? Simply put: any time a piece of information or data from within your company is shared publicly, or with someone outside of your organisation without the required permissions, that's unauthorised access. That data or information could be anything from an internal memo, to a complex piece of code embedded in a network server. Or, it could simply be an email password. No matter the element of data shared, the risk of unauthorised access remains the same: high.

All types of security
Cyber security also does not end with simply protecting your organisation's digital assets: it extends to protecting and ensuring the integrity of your physical assets too. Of course, protecting physical assets, by ensuring that relevant and appropriate security measures are properly used, is an important part of your business' facilities management mandate. But, physical security measures are not always enough, as is particularly true with our interconnected business landscape, and interpersonal communications.

Higher risk landscape
As the world has shifted its attention and effort away from paper-based communication, and face-to-face meetings, the risk of a malicious attack has risen. A simple hack into an employee's personal email address, if it has been used for your company's work purposes, could expose your business to an even greater cyber security risk.

The cyber security framework
There are several elements that make up cyber security. These include:

  • Physical security: The security measures your company takes to ensure that no computers, printers, hard drives, consumables, memory sticks, or other equipment is lost during your day-to-day operations.
  • Network security: The applications, programmes, and equipment used to secure your company's internal network, internet connectivity, and associated networks, from unauthorised access.
  • Application security: The protocols and procedures your IT Department oversees, that enable or disable the installation of programmes on to your company's computers, laptops, printers, and other equipment. This form of operational security will have the biggest effect on your team member's experiences with cyber security, as it affects and determines the type of programmes they use in their daily work.
  • Information security: The policies and procedures that are followed to secure your company's information, including emails, memos, product and sales information, employee data, and similarly important information. Much of this information needs to be well-protected in terms of the law, and compliance is a legislative requirement. Moreover, as personal data has become our calling card in the digital world, ensuring unauthorised access to personal information remains significantly important, and your customers will demand higher levels of it as our world evolves.
  • Disaster recovery procedures: How your company is equipped to respond to a cyber attack, malicious attempts to access information, or even a simple slip-up by an employee, must be defined in accordance with relevant legislation and your business objectives.
  • Company user policies: Every employee must remain compliant in their use of computers, printers, laptops, and other electronic assets. These policies may also extend to the employee's use of personal mobile phones, as these present a potential leak threat for every company too.
Defending your company's assets, information, and employees, from a cyber attack should be a priority for every business, no matter how small or large. While the panic may be rising in your throat, robust solutions to your company's cyber security problems can be easily found. Contact us for a strategic consultation, to better understand your company's needs and next steps.

LET'S CONNECT

Address

Castletownroche, Co. Cork
Mon-Thu: 10h00-14h30
Fri:10h00-13h00

Contact Philipa

Email: info@proprivacy.ie
Phone: +353 (21) 234 8890
Mobile: +353 (83) 827 4889

Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Farley is an Irish Computer Society Member Philipa Farley is a Business Analysts Association of Ireland Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

Philipa Jane Farley GPG Key - Fingerprint: 2D8E FAA6 B2C6 0754 D13B 2E7D 6A46 D9E6 F2F8 E7DE
ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
© Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved