Being in the IT business tends to mean that you know your stuff, and when IT professionals are wary of their company’s data breach protections, upper management should listen. Hopefully, many of the issues with data protection, currently covered under the Data Protection Act principles, will be ironed out when GDPR comes into force in May 2018 – and yet many IT professionals are already worrying that their companies will not be adequately prepared or protected in the event of a data breach.
Backup routines and password maintenance are only as strong as the weakest link: one careless person leaving confidential information (like their password) on their desk, a couple of days’ delay leading to a couple of weeks’ delay between back-ups. IT professionals know only too well that their job is reliant on people who do not understand how a seemingly minor and unimportant weakness can be exploited by a hacker – who only has to be lucky once. Businesses must be lucky all the time.
Falling under GDPR regulations will be a positive, but much of the legislation deals with punitive measures for failing to adhere to said regulations, with little assistance in the practice of securing and holding data safely and then disposing of it in a timely manner. Knowing that the business can face up to a €20-million fine will cause management to lose some sleep, but the individual employees (those who might actually breach the regulations) are unlikely to give it too much thought, not being liable for the fine, and being unable to pay in the event that they were deemed responsible!
This leaves the responsibility lying between upper management and the IT department whose duties include making systems and data entry and storage systems as fail-safe as possible: the best way to ensure that data is entered safely and securely, is by making it impossible to do improperly. There is little doubt that IT departments are currently working on code that will strengthen those weak links enough to become fully compliant with regulations.