General Data Protection Regulation (GDPR)
The EU GDPR will be enforced from 25 May 2018, and it is the culmination of years of work by the EU to reform Data Protection regulation into a Union-wide framework instead of a patchwork of country-specific legislations. The GDPR affects all organizations that hold personal data on EU citizens, regardless of where the organization is based in the world. The maximum fines for non-compliance are the higher of €20m or 4% of the organization’s worldwide turnover.
WHAT IS THE GDPR? The EU General Data Protection Regulation (GDPR) is a new law that strengthens privacy for EU citizens.
WHO DOES THE GDPR AFFECT? All organizations that hold personally identifiable data on EU citizens. Even organizations based outside of the EU must comply.
WHEN DOES GDPR START? Enforcement begins on 25 May 2018. Many countries start implementing sooner.
Main Causes of Data Breaches
Let’s take a look at what is the main cause of data breaches today. This is how companies lost data in 2016: Hacking or malware leads the way with 57%, followed by unintended disclosure. In fact, incidents caused by hacking or malware represent over 90% of all the breached records last year. A staggering amount of data that could have been protected with better security. Encryption is universally acknowledged as one of the best ways to prevent data breaches and to mitigate risks.
First and foremost, it’s important to review and consider your current data protection capabilities. Though GDPR is the ‘trigger point’ for reviewing your cyber security, having the minimum cyber security requirements in place is best practice to protect your business against viruses, malware and data leakage.
Sophos Central EndPoint
Sophos Endpoint blocks malware and infections by identifying and preventing the handful of techniques and behaviours used in almost every exploit.
Sophos Endpoint doesn’t rely on signatures to catch malware, which means it catches zero-day threats without adversely affecting the performance of your device. So you get protection before those exploits even arrive.
Advanced Threat Protection
Office 365 Advanced Threat Protection, you can protect your mailboxes against new, sophisticated attacks in real time.
By protecting against unsafe attachments and expanding protection against malicious links, it complements the existing Hosted Exchange security features to provide better zero-day protection.
Ransomware is the number one malware attack affecting organizations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to business productivity.
Sophos Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by ransomware—even trusted files that have been hijacked.
Each year, millions of laptop computers are misplaced, stolen, or lost; many of them containing important and sensitive data. Full disk encryption is the essential first line of defence to protect your data in any of these events.
Sophos Central gives you the ability to manage full disk encryption from a single, integrated, web-based management centre.
Unified Threat Management
Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive interface will help you quickly create policies to control security risks. And clear, detailed reports will give you the insight you need to improve your network performance and protection.
Protect your network using multi-layered proven protection technologies.
We’ll give you complete control to block, allow, shape and prioritize applications. Our Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And you’ll get feedback on unclassified applications and websites too.
What Is Cyber Essentials? The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
Who Is It For? Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to look at the requirements and to adopt them. This is not limited to companies in the private sector, but is applicable to universities, charities, public sector and not-for-profit organisations.
What are the Benefits? The Cyber Essentials scheme provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the Internet with low levels of technical capability. Organisations that are good at cyber security can make this a selling point – demonstrating to their customers through the Cyber Essentials badge that they take cyber security seriously.
Boundary firewalls and internet gateways
Access control and administrative privilege management