With the new General Data Protection Regulation (GDPR) coming into force next year, it is important for South African organisations to identify ways to best manage their data. Yet many companies are still worryingly under-prepared for what will be the most significant shake-up of data protection law for 20 years.
While technology continues to evolve to protect a user and company’s data, organisations still find the most long-standing factors remain the most vulnerable, such as passwords and the person using the device.
Many South African companies doing business with EU customers may be obligated to comply with the new regulations. Despite the impact of the regulations, the EU GDPR is one of the most important changes in data privacy regulation and South African companies that deal with European countries must be prepared.
According to Gartner, over 50 percent of companies affected by the new regulation will not be in full compliance with its requirements come May 25th, 2018 – the date GDPR comes into effect. Twelve months is not a long time in IT, especially when considering the heightened risks associated with mobile working, and the vast and ever-increasing swathes of business critical or consumer data today’s businesses manage of a day to day basis.
In addition, Gartner recommends organisations act now to ensure they are in compliance when the regulation goes into effect. They should focus on five high-priority changes to help them to get up to speed with GDPR requirements.
South African organisations need to ensure that the devices used have additional layers of security, such as biometric solutions, which can help safeguard against the pitfalls of purely using passwords. Businesses can remove the threat of malware targeted at vulnerable IoT devices by storing data away from the device on cloud-based virtual desktops, thus making the hardware a secure gateway to virtual data and subsequently taking security threats further away from the end point.
Not only will GDPR subject organisations to severe penalties should they fall foul of the regulation – facing the risks of penalties, fines and even legal action – but the threats surrounding IT security and data protection continue to grow. An attack at such a large-scale may be rare, but goes to demonstrate the increased intelligence and guile of today’s cyber criminals in their relentless pursuit of valuable company and employee data – as well as the inadequacies of many IT systems in protecting against such attacks.
With all of this in mind, it’s clear that CIOs and IT leaders have a challenging task ahead in ensuring not only that they meet the requirements of GDPR, but are also robustly prepared to address the incalculable number of cyber threats circulating around the world’s IT networks each and every day. So how can such threats be minimised and averted?
Today’s working environment can be anywhere – whether that be in the office, at home, on train, or in a coffee shop. Clearly employees need devices which will allow them the flexibility to work productively in any environment. Yet employees are often the weakest link in an IT security chain, and the increased preference for mobile and remote working is only amplifying their vulnerability, with them more likely – but often unwittingly – to act in unsecure ways, placing data at risk.
While business-built devices can offer a strong first barrier, often equipped with features including biometric finger-print scanners, it is time for organisations to consider solutions which shift sensitive data away from a set device and centralise permissions and data access management. Unlike historical thin client solutions, zero client solutions contain no locally installed operating system, HDD or SDD, and don’t allow any data to be hosted on the device – instead using it purely as a sophisticated mobile terminal. Rather, both functionality and data is made available through a user’s existing VDI solution, removing the threat of malware being stored on the device and data theft in the event the device is lost or stolen – helping organisations remove the threat away from the hands of employees, and help comply with the GDPR.
Business leaders will undoubtedly be placing both more trust and responsibility on, their CIOs and within the IT teams as they look to adhere to the new regulation. With this added responsibility comes greater pressure for senior IT staff as the ramifications of a security breach heighten. Organisations found to be in breach of the GDPR will be subject to a fine of either up to 4 per cent of annual global turnover or R298 344 180– whichever is greater. Security has to therefore be the number one priority within any IT strategy – particularly within sectors where personally identifiable information plays a central role in daily operations, such as finance and healthcare. Solutions such as mobile zero clients can play a central role in achieving the protection and flexibility needed in today’s professional landscape.
Ronald Ravel, Director B2B South Africa, Toshiba South Africa