By this point in time, you should at least have heard of GDPR (General Data Protection Regulation). In fact, you should also at least be well on your way to compliance with them. Be aware, however, that, tough though they undoubtedly are, the GDPR penalties can actually be a whole lot less severe than the cost of the reputational damage caused by a data breach. That being so, all organizations which collect personal data (which these days is a lot of them) need to put information security front and centre of everything they do, particularly if they belong to one of the following four high-risk sectors.
The sort of data held by many financial services companies is of clear attraction to criminals and it’s therefore more than understandable that both customers and legal authorities not only expect them to pay the highest attention to information security, but also to own up promptly to any failures in this area. The latest example of a company failing in this regard is Equifax in the U.S., which discovered a data breach in late July but took over a month to disclose the fact. Since then they have been under almost continual fire from U.S. authorities, while the IRS (the U.S. tax authority) has suspended a valuable contract with the company.
Those in charge of information systems for the healthcare industry may have the toughest jobs in IT. Having rapid access to a patient’s healthcare records may, literally, mean the difference between life and death for the patient in question, but the data held by healthcare providers is also hugely desirable to criminals. The WannaCry virus and the devastation it caused clearly highlighted the threat to healthcare providers and will hopefully have helped to focus attention on the importance of working constantly to combat it.
In addition to the obvious threat of criminals attempting to access data to be used against them in criminal proceedings, there are all kinds of reasons why people might try to gain illicit access to data kept by lawyers working in the various fields of civil law. Additionally, the fact that the law is one of the few professions in which there is still a heavy reliance on paper creates an added complication for those managing information security in that they not only have to ensure the safety of physical documents but also ensure that they are linked with the relevant digital data for seamless case management.
Governments are the authorities which regulate the private sector but they also need to watch their own behaviour. People with longer memories will remember that back in 2007, HMRC was responsible for a major data breach and since then there have been a number of government- or government-agency-related data breaches, possibly most infamously one in 2012, when Greater Manchester Police lost an unencrypted data stick containing the details of witnesses linked with serious criminal investigations. More recently, there was the aforementioned WannaCry attack, impacting the NHS. Governments and their agencies both hold valuable data and can be perceived as legitimate targets for those with grievances, which means that they are a particularly high-risk sector for cyber attacks.
RADS are a specialist document storage and information management company based in Nottingham.