Manage your company’s cyber risks
- Check that the technical basics of data security are in order: anti-virus software, firewalls, encryption, limitations on using portable media, etc.
- Make sure that your products and services are secure.
- Categorise all data and make confidential information secure.
- Create a “clean slate” culture for your whole organisation.
- Provide data security training for your entire staff, keep them up to date on threats and test their know-how.
- Retrain, re-test, reward for sound data security practices, motivate a good data security culture.
- Know the data security regulations of each country in which your company operates.
- Create a continuity plan for your company in case of data breaches or cyber attacks.
- Inspect your subcontractors’, service-providers’ and outsourcing partners’ data security risks relevant to your business and protect your company from them with comprehensive contracts.
- Create a social media strategy for your company and prepare for crisis communication also in social media.
- Ask an external party to attempt access to your systems and to test the vulnerabilities of your company network.
- Keep your company’s senior management and board of directors up to date on cyber risks and their management.
An EU regulation pertaining to the protection of personal information
An EU regulation improving the rights of registered persons and setting new responsibilities for data controllers has been approved by the European Parliament.
The reform puts an emphasis on data controllers’ personal information protection practices that are either preventive or built into their daily operations. High-level data protection must be a part of the daily operation of organisations. Data controllers are to name a data protection officer whose responsibility is to ensure that the data controller acts in accordance with the personal information processing rules. The data controller must inform the controlling authority and, if required, the registered person if a data breach has taken place.
In addition to this, the controlling authority has the right to enforce a penalty on the data controller for breaching data security rules. The penalty may equal several percentages of the organisation’s revenue.