Posts tagged "GDPR"

Cyber and D&O Liability: Principles for Handling Risk

February 22nd, 2019 Posted by Update 0 comments on “Cyber and D&O Liability: Principles for Handling Risk”

In recent years, UK organisations have experienced a dramatic increase in the prevalence of cyber-attacks, increasing the need for cyber-security risk management. Recent industry research found that there were as many cyber-claims in 2018 as there were in the past four years combined.

While this alarming statistic emphasises the importance of implementing initiatives to protect your organisation’s data, doing so can also help limit your directors’ and officers’ (D&O) liability concerns.

Under the GDPR, directors and officers are largely responsible for prioritising cyber-security throughout their organisation. With this in mind, senior leadership could face serious consequences if our business suffers from a data breach. Consider the following tips to reduce cyber-risk and protect your senior leadership:

  • More than IT—Many organisations fail to understand that cyber security should be considered a company wide risk management concern—not just something for IT to handle. Break this stigma among your directors by incorporating cyber-security into routine senior-level discussions. These conversations should pertain to your most critical data assets, including where data is located and who has access to it. In addition, discuss what security controls you have in place and how often they are tested.
  • Legal concerns—Your leaders should know what is legally required of them in terms of establishing proper cyber-security measures. In addition, they must document evidence of compliance.
  • Access to expertise—As well as discussing cyber security in senior meetings on a routine basis, directors should also receive input from cyber-security experts during these conversations.
  • Company culture—Directors need to help generate a culture that prioritises cyber security by setting standards for management, training staff members and providing a proper budget.

Apart from risk management, protect your organisation with robust cyber and D&O cover. For more information, contact Hamilton Leigh today.

ICO Releases Top Tips for Passwords and Encryption Under the GDPR

February 11th, 2019 Posted by Update 0 comments on “ICO Releases Top Tips for Passwords and Encryption Under the GDPR”

While the GDPR has been in place for several months, the ICO kicked off the new year by updating their data protection guidance with more details in the realm of encryption and password practices. Here are the highlights:

  • All organisations should possess a proper encryption policy, detailing the use of encryption and outlining associated staff training protocol. The policy should include these standards:
    • Encryption must be included in company risk assessments.
    • The planned encryption method should meet standards such as FIPS 140-2 and FIPS 197.
    • Personal data should be transmitted within an encrypted communication channel over any untrusted networks.
  • The ICO emphasises that businesses with an effective password system possess these qualities:
    • The system needs a proper hashing algorithm. Never store passwords in plaintext.
    • All login pages require HTTPS protection. Limit available login attempts.
    • Users must create a password with more than 10 characters.
    • Two-factor or multifactor authentication should be available as needed.
WordPress Image Lightbox Plugin