Protecting Personal Data from Cyber-Attacks
Last week the world woke up to the latest cyber-attack of 2017. Initially striking the NHS in the UK, the malicious “WannaCrypt” ransomware then quickly spread across the globe with more than 200,000 computers infected across 150 countries. Once infected, the malware prevents organisations from accessing their data holdings unless a ransom is paid.
The story is becoming increasingly familiar and with each high profile attack the protection of personal data held by businesses becomes an ever increasing concern. Cybercrime is fuelled by the sheer volume of data now available, and the increasing use of offsite and cloud storage systems has dispersed that data giving criminals many more points to access it.
Faced with such threats, businesses have been encouraged to review their cyber security and upgrade their IT systems. But technology on its own cannot stop a cyber-attack unless the organisation fully understands the data assets that the technology is trying to protect. An effective cyber security strategy requires a legal analysis of an organisation’s whole approach to data protection - how the organisation controls the collection, use and sharing of its data.
Data protection and cyber security are no longer just IT concerns; they are now board level issues.