No business can afford to underestimate the value of their data assets and equally the need to ensure their adequate protection. While many SMEs recognise the importance of this, to engage a full time Data Protection resource is very often impractical or uneconomical. Often the responsibility is delegated to unqualified staff.
Engaging a resource through DPS provides your business the assurance that you always have access to a qualified resource, available when needed and at a cost to meet your budget.
Those nominated with responsibility will benefit from having a source to lean on when they are unsure and can use the service to further increase their own competence in the role.
There are many aspects which need to be considered when determining the appropriate measures needed for all round data protection. All too often businesses fall into the trap of focusing exclusively on IT-related controls and support from outsourced IT services. The advice and guidance which can be provided through DPS will ensure that your business takes the right approach to assessing all relative risks to its data and provide opportunity to implement practical measures to reduce them.
DPS has a range of telephone, email & onsite support packages starting at £300 a year to suit your needs and as an annual subscription service offers reduced rates for the support provided.
The UK’s implementation of GDPR through the Data Protection Act 2018 heralded a significant change in the enforceable legal requirements for the protection of personal data and with it potential for significant fines. Many of these legal requirements have not been well publicised and are therefore not being recognised by business, leaving them exposed to potential for regulatory action or fines and the negative reputational impact that can have.
Audits of the business’ organisational and technical approach by a professional resource will provide a reliable independent assessment of the current status of compliance against relevant legal requirements. The assessment gives opportunity for business leaders to fully appreciate their exposure to potential legal action by either the regulator or data subjects and address those risks appropriately.
The auditor will work closely with those managers responsible for data protection and/or legal compliance across the business, ensuring that the audit itself offers opportunities to enhance managers understanding of the law with relevance to business activities.
The audit will provide a full report of compliance status and recommended compliance or improvement actions.
Post audit, a range of follow on services can be offered to assist with improvements. Compliance audit costs start at £250.
The basis of most data security standards and a fundamental aspect of the law requires businesses to understand how they process data and identify the risks associated with it. This however can be a difficult and daunting task for those without previous experience or resource.
A thorough mapping out of data processing activities and assessment of associated risks can provide valuable information on which to base decisions around data security measures and also ensure legal obligations are met. Within GDPR a legal requirement exists to document all data processing activities in order to evaluate and establish their lawfulness. This is called a Register of Data Processing Activities.
Using the experience of a qualified resource can ease the burden on businesses, assure the required outcome and complete the process in a more economical way. Staff engaged in the process will benefit from a greater understanding of their processing activities, the associated risks and potential negative impacts. Through this type of support, those staff can be encouraged to determine appropriate controls for their areas of responsibility and recognise their roles in maintaining the security of the data they handle daily.
This exercise enables the business to establish and document the basis of the controls already in place, identify requirements for further control and ensure these are effectively maintained.
Conducting this type of exercise gives the business the foundations on which to continually build its data risk resilience and implement an effective regime of internal auditing.
Getting the right level of support at this crucial stage of the process, will be key to its success. Mapping and risk assessments costs start at £400/day.
The daily threat posed by cyber criminals is a growing risk and one which can have significant financial impacts on a business through lost access to data, downtime and breaches.
Cyber security audits taking a more in depth look into the businesses approach to risk assessment, risk management and technical security measures. These are bench-marked against recognised standards and provide the opportunity to further improve your business resilience.
The auditor will work closely with those responsible for the business IT infrastructure (including third parties) and establish how priorities for security are being currently determined, with a view to their consideration of data asset value and sensitivity.
Audits will provide an independent assessment of the effectiveness of the current approach and also offer opportunities for staff to broaden their perspective on relevant threats, vulnerabilities and associated risk.
The auditor will also assess the current levels of threat / risk monitoring, reporting and management review; aimed at encouraging ongoing assessment by senior management.
The audit will provide a full report of current levels of effective risk awareness, cyber security and recommendations for improvement; which may include undertaking penetration and vulnerability testing of systems. Cyber security audit costs start at £400.
The process of building resilience to the many and varied types of threats which your data systems face, should not purely be based on the implementation of security measures.
Many businesses invest in security hardware and software with which to protect systems and assume effectiveness until such time that these defences are breached.
Testing of the measures in place is the only sure way in which to know your defences are effective, are being correctly managed and give vital warning when they are not.
Penetration tests & vulnerability scans are provided through partnerships with nationally recognised test houses. The tests will provide comprehensive reporting on any weaknesses uncovered and support is on hand to help resolve these.
Support is provided in liaising with testers to scope out your systems, to ensure testing is effective and covers all potential vulnerabilities within your systems.
Prices are provided following no obligation consultations and scoping visits.
Currently the most likely threat to be encountered by businesses is phishing emails to staff. PHISHING is deployed by criminals in attempts to gain access to systems data, launch viruses or malware attacks or fraudulently receive goods or payments.
Running phishing tests can assess the vulnerability of your staff to this type of threat and identify further awareness training requirements. A simulated phishing campaign will also provide useful information on the effectiveness of your email filters.
On completion of testing, a full report will be provided detailing the results and recommendations for any identified improvements. Costs for phishing tests start at £200.
Achieving certification against a recognised standard will provide assurance to all your interested parties that effective technical and organisational measures are being taken to protect data. These certifications also often provide a gateway to new business opportunities or meet demands of customers seeking more assurance of you capabilities to protect their data.
Support can provided in the attainment of the following standards, by a practitioner with thorough experience of their requirements and implementation.
- ISO27001 – Information Security Management System
- ISO22301 – Business Continuity Management System
- ADISA – IT Asset Disposal Standard
- Cyber Essentials (+) – UK Government scheme recognising fundamental Technical measures
- PCIDSS – Payment Card Security Scheme
- DSP Toolkit – NHS self-assessment Scheme for suppliers
Details of costs on application.
Staff can often be the greatest risk in maintaining the integrity and confidentiality of data.
Ensuring your staff have the appropriate awareness and knowledge of the law, cyber threats and security policies is an essential element to protecting data.
Running a training session for your staff helps enforce the message that data security is a responsibility for all employees and their diligence can prevent serious impacts to the business.
Similarly, relevant training can help staff better understand the many confusing terminology associated with IT and/or data security and give them opportunity to ask the questions that they may never otherwise ask.
A well informed and data aware workforce is a significant step in reducing the potential for data related incidents.
Training sessions can be provided to both groups or individuals and tailored to your specific requirements; across all aspects of data protection. Training costs start at £200.
The increasing value of data to businesses, multiplying threats and growing likelihood of an incident occurring requires business to ensure they have the ability to sustain potential financial losses.
A comprehensive cyber insurance policy will assure the appropriate level of cover for all manner of loses associated with a data loss or compromise.
Support can be provided through partnership with competent brokers in selecting the right policy for your business and assisting in completion of insurance questionnaires. There are many simple measures that can often be taken to help reduce your risk profile and achieve the best possible premiums for your cover.