GDPR & What It Means For Your Business
Perhaps the largest, most overarching digital security directive in history goes into effect May 25th. The catch is that it’s governance pertains strictly to the European Union, but that doesn’t necessarily mean your business doesn’t have to abide to its mandated requirements.
GDPR or the General Data Protection Regulation will become one of the most significant regulations placed on data & internet security to date. This 99-article regulation requires that companies that have an internet presence in the European Union be forced to comply. This means that even companies like Facebook & Spotify which are headquartered in the United States must also be in compliance with GDPR.
The regulation itself states that companies must first ask for permission to collect data from their users. If a user so requests that a company delete its data permanently, the company must oblige without any sort of postponement. If the company obstructs or impedes the request, they may face significant penalties.
Does your business serve clients in Europe and the United States? If so, you will also be required to comply with GDPR.
Pundits and small-business owners alike fear that this move will greatly hinder SMBs because of the cost-prohibitive nature of data protection software. While certain aspects of data protection may be quite expensive, others (such as secure email) are quite affordable in 2018… and what’s better is that most of these software packages require no hardware installations and are quite simple to understand and use on a daily basis.
For example, here at NeoCertified, we will be helping any business better understand how our secure email solution protects client data at all times for your business, and how it’s ease-of-use is similar to that of any standard email platform like Google’s GMail.
If your business would like to start a free 7-day trial, simply fill out a form on our website, and we will show you just how inexpensive and easy a protected email solution is to use.
The Push For Cyber Security
Cyber Security is a sweeping topic across the world, especially as documents and legislation like GDPR begin being enforced. Data protection has never been more important, which is why we’re here to help you better understand both the need and the solution.
We’ll go over a few of the most popular ways security solutions are protecting personal data and what you can do if you’re not already protecting yourself.
Secure Websites & Multi-Factor Authentication
Data protection is extremely critical when visiting websites, filling out forms, signing up for email sign-ups, and submitting purchases on the internet. It’s important for visitors of websites to know how to identify if a website is protected.
To quickly identify if a website that you’re visiting is one that can be trusted, check the URL in the website address bar for either a notifier that reads “Secure”, a lock icon, or a web address that begins with HTTPS://. Note the “S” that directly follows HTTP; this means that the website itself is protected.
Multi-factor authentication is the process of identifying an individual with multiple layers of security, such as a passcode being sent to their phone or an email being sent to their private email account. Generally, when you sign up to purchase items from an online retailer you’re required to confirm your identity with either your mobile device or email address. This is to better protect the individual and can let the individual know that their accounts are better protected by multiple identifying security layers.
Now, if you’re a business looking to protect your current website, you’ll need to purchase an SSL certification. If you’re a website visitor, you can also purchase security services like McAfee, Norton, or Kaspersky which generally include website surveillance and protection services to better help you understand if a website is secure or not.
Mobile Devices & Biometrics
Mobile devices can be a bit trickier to understand the security involved. The rise of biometrics, such as fingerprint scans on a phone, are generally understood to be more effective security resources.
While it’s true that biometrics may help secure a phone, it should not be the only security in place. Passwords and passcodes will always reign supreme, as they are formulated by the user and are not tied to their genetic makeup. If all that protects your device is a biometric fingerprint scan, the moment someone swipes a copy of your fingerprint your security defense is all but defeated.
We always suggest that you create passcodes and passwords that you (and only you) would know. Full password phrases are most effective and are more difficult to crack, while simple number schemes like birthdays or cliche 1234 codes are at a much more considerable risk.
Email Security & Understanding Threats
Phishing scams and Business Email Compromise (BEC) are two of the most popular ways for hackers or third-parties to compromise your personal data. Spam filters don’t catch every email that enters your Inbox, which means that any number of emails you receive on a daily basis may be a phishing scam.
Phishing scams are third-party hacker generated emails that appear to be legitimate and often even mimic the branding of a large organization or the email address of a person that you may communicate with on a daily basis. They’ll usually contain a link that they are driving you to click. Once clicked, your computer or device may be infected with a Trojan virus or taken hostage and held for ransom by the third-party hacker.
Business Email Compromise is a more recent phenomenon that consists of a hacker creating an email address that appears to look the same as an executive account within a company. They will then file a request to the accounting department within that business to make a specific payment to an offshore account.
Both Business Email Compromise and phishing scams can be difficult to identify which is why it’s always best to use a secure email solution such as NeoCertified when sending sensitive documents and information via email. This includes full names, addresses, social security numbers, credit card numbers, health record numbers, and anything that may directly identify another person.
We also advise that you never click links from random email accounts or from accounts that you may be wary about. If you receive an email inside of your organization that asks you to make a payment, always confirm the details with a separate person from that department that the email you’ve received is a legitimate request.
WiFi & Multi-Factor Authentication
WiFi connections are always either a protected source or remain unprotected and are open to the general public to access.
Always make sure when you are making purchases or submitting personal information on a website that you are connected to a secure WiFi network. When you connect to an open, public WiFi network, the person that created the WiFi account can watch your every move.
If you’re unsure if a WiFi network is protected, it’s best to err on the side of caution. Either wait and visit the website from a desktop device from a network you are sure is protected or turn your WiFi connection off entirely and use your phone provider’s 3G or 4G data connection.
If you have any questions about Cyber Security or the new GDPR requirements and how they might affect your business, feel free to give us a call at (877) 613-5036 or send us an email to Info@NeoCertified.com. We’re also happy to set up any free 7-day trials of our Secure Email Solution, so that you can see how easy it is to send protected emails for your business or organization.
Written by Peter J. Schaub
President & CEO, NeoCertified
