Preparing for the EU GDPR, containing the insider threat and Egress Sunglasses Selfies: Highlights from Infosecurity Europe 2017
Last week, the Egress Team attended Infosecurity Europe 2017. The largest of its kind in Europe, the event took place in Olympia, London, and brought together attendees from across not only the UK but Europe as well.
The team had a busy three days on the stand, networking with clients and meeting with new delegates, as well as posing for ‘Egress Sunglasses Selfies’ in aid of our Twitter competition! Here are a few of our highlights from the event.
Day One: Containing the insider threat
With research continuing to show that human error causes half of all data breaches, a big topic for delegates was how they can contain the insider threat. The Egress Team was therefore busy outlining our approach to mitigate the risk of an insider data breach caused by both staff making mistakes and also data leaked through malicious intent:
1. Engage with end-users. It’s well known that staff struggle to use technology they don’t understand the purpose of or know how to use. However, engagement needs to go further than education and training, and needs to be promoted by the security technology itself. This can include monitoring of when users encrypt information, with prompts to help ensure all sensitive content is protected. Additionally, this can feed into performance-based scoring, with positive choices rewarded and promoted amongst teams. This information can also be used in staff appraisals to provide metrics to improve data security culture.
2. Share data with the right person. Whether information is sensitive or not, we all want to share data with the correct recipient. This can prevent a host of consequences – from simple delayed replies or mild red faces when non-sensitive information is shared incorrectly, to putting personal and corporate information at risk. The ‘accidental send’ is an all too familiar scenario (who hasn’t sent or received an Outlook recall?) and, if human error accounts for half of all data breaches, technology must help ensure information is only shared with those it is intended for.
3. Apply appropriate security when required. Finally, end-users need to be able to access security technology when they are required to protect sensitive content. Organisations must conduct data audits to understand which staff members handle such information – rather, as is sometimes the case, make assumptions based on a half-understanding and only offer software to segregated departments.
Day Two: Preparing for the EU GDPR
With the new regulation less than 12 months away, Egress CEO Tony Pepper had attendees queuing out the door for his Day Two presentation: ‘So you think you’re ready for the EU GDPR? Three tips to make sure you’ve future-proofed your approach’. The presentation focused on key steps organisations must take in order to aid compliance:
1. Conduct a data audit. A full understanding of the data organisations hold and how staff handle it is crucial to EU GDPR compliance. Only by understanding their data can organisations then put in place measures to protect it.
2. Control and reporting. Data is frequently most vulnerable at the point it is shared and the EU GDPR will require organisations to be able to demonstrate the measures they are using to protect against this and other vulnerabilities. Additionally, the EU GDPR will require organisations to report and respond to a breach within 72 hours, as well as manage increased demands by data subjects (such as Subject Access Request, which will be much easier for individuals to submit under the new legislation), and the ability to report this information is key.
3. A future-proofed approach. Preparation for the EU GDPR is not just about ticking all the boxes in time for 25th May 2018. This legislation will be central to how organisations operate for the foreseeable future and so any approach must have longevity. For example, any decisions about technology made today need to consider potential changes in the future. With many businesses transitioning to cloud-based platforms, such as Office 365 in the next two to five years, any provider selected in 2017/18 for immediate compliance with the EU GDPR must also offer the required levels of integration, assurance and security in the cloud for the future.
Day Three: Egress winners
Returning for a second year, the Egress Light Chaser Challenge had delegates testing their reflexes to see who could eliminate the highest number of lights by the end of each day. With an Amazon Echo Dot up for grabs for each winner, competition was fierce and our congratulations go to each of our winners:
Day One: George Ellams, 58
Day Two: Damien Holloway, 57
Day Three: Nikolce Davchesvski, 57
Elsewhere on the stand, we were inundated by delegates sharing their ‘Egress Sunglasses Selfies’ to our Twitter account, @EgressSwitch. With each selfie entered into a prize draw for an Amazon Echo, the Egress Twitter feed was inundated with photos. We hope everyone who took part had fun in the sun(glasses) and our congratulations go to Rob Long (and potentially the geese!), who won the prize draw.
So, after a busy few days, the Egress Team returned to the office for ongoing discussions about data security with the new and familiar faces we met at Infosec17, and we can safely say - now that our feet have had a rest! - we're already looking forward to next year!