GDPR Success is a Journey

According to a recent report by Marketing Signals, more than a third (37%) of businesses are still lagging behind on GDPR, three months after it became law. Perhaps an explanation for this is that 17% of the 1000 companies surveyed did not understand the benefits of being GDPR compliant. Shamefully, the biggest offenders were tech companies (42%) and retail (26%).

Whether it is ongoing threat awareness training for our staff, state of the art technology to mitigate against malware, or asset wiping to military standards, keeping data safe is our primary concern at Techbuyer. There are some amazing pieces of kit out there to protect the business and its customers, but without the right culture, they will not work.

This contrasts sharply with the attitudes found in the report. Some actions, like sending newsletters without getting approval from the recipients (35% of companies surveyed), keeping data from those who have not agreed to it (31% of companies) and not shortening opt-out processes (22% of companies), suggested many respondents do not care about the regulation. Others, like not securing data in case of ransom attack (27%), suggest others do not understand how to protect their data.  Here are some simple tips that might help them take care of areas they have overlooked.

Segment Business Unit Data

The fewer people who have access to sensitive data, the lower the risk of data loss. We ensure that all departments are trained never to send any information that is not necessary in internal communications. We have put some access control barriers up too: each member of staff only has access to the data necessary for their role; email is fully protected internally and speciality software prevents sensitive data being sent outside of the company.

Segment International Offices

Companies with offices inside and outside of the EU need to be aware of the different regulations covering each region. Techbuyer simplifies this with a policy not to share Personally Identifiable Information between regions. Each country has its own access to information on their customers.

Prepare for a Breach: The Gamification of Security

Security underpins everything that we do and we take it seriously. However, having fun is a great way to get people on board. Over the past few months, we have been conducting a series of exercises with departments, managers and company members to see how they react when a threat comes in. Much like fire drills, these ensure people know what to do should the worst happen. Some of the ways we have been delivering these are Incident and disaster recovery table top exercises and specially crafted spear phishing email campaigns to make sure our teams know how to identify potentially suspicious emails.

Do business with those you trust

We have Data Protection Agreements (DPAs) in place with all partners or anyone who has access to any Personally Identifiable Information on our customers or employees. These DPAs cover the salient points such as assistance in case of a data breach, right and notices.

As asset wipers, we use the best data erasure software out there and provide certification to prove this has been done. Transport and storage is secure at every stage, and we know our customers appreciate the peace of mind this brings. We expect the same level of care from those who look after our data as we offer to those who entrust theirs to us.

Share the right kind of information

We are really proud to have a culture of being vigilant and alerting IT immediately if something seems suspicious. Staff at Techbuyer are encouraged to question and share any information on perceived threats. The culture extends to our business partners too, who will forward details of phishing attacks and malware, which we then share company wide. Good security is about taking responsibility and looking after one another, two qualities we prize at Techbuyer.