Twitter: @JannineMahoneFS
Amid the noise of emails with doomsday titles and references to hefty GDPR fines, emerges a refreshing train of thought: If we get this GDPR thing right, the results could be incredibly positive for consumers/customers and companies. That’s right. I used “GDPR” and “positive” in the same sentence. Read on to learn why.
- No more I love you’s.
2017 was a banner year for breaches of personal and corporate data. The net result is that attackers armed with this ill-gotten data have led to increased phishing attacks on individuals1 while ransomware attacks on corporate devices continue. Data privacy is the right of all citizens of the world and the Council of the European Union recognizes this right. By creating a set of principles (though vague in nature) and arming a force of regulators with the authority to levy hefty fines, they are making a bold statement: Companies must be held accountable for processing, storing and transmitting personal data.
Consumers like me, can now feel a little more confident that when I fill out an online form or purchase an item from a store and enter my email address, that I have to worry less that my personal data may end up on the Dark Web followed by a million phishing attempts requesting my PayPal® and Apple® iCloud passwords. Companies will now focus some of their resources on privacy and data security in addition to their promise of excellent goods and services.
- So…tell me what you want, what you really, really want.
For Legal, Marketing and other corporate functions, the exercise of interpreting the principles of GDPR is cumbersome and fraught with unanswered questions. The good news is that this in-depth analysis of internal processes has produced, for many, startling revelations into gaps that exist in their current data protection policies and enforcement processes. This new consumer-centric approach to data protection provides a means for organizations to communicate cross-functionally and across former silos. The exercise also empowers IT Security teams who may have had to leap political hurdles to enforce security policies in the past.
- Hakuna Matata. It means no worries, for the rest of your days.
Let’s face it. Nothing ensures peace of mind better than establishing a good security program that incorporates industry-standard best practices. SANS recommends starting with the CIS Top 20 Critical Security Controls2. Many organizations are beginning to standardize on the NIST CyberSecurity Framework, with at least 50% expected to adopt the framework by 20203. With NIST’s Security Controls document (800-53) being revised to incorporate privacy controls, even organizations with fewer IT Security resources will be able to establish industry-standard data protection policies.
Automation and integration between security platforms will continue to drive visibility, resulting in a more proactive security posture and faster, more accurate reporting. This will result in a win-win for auditors and corporate teams who dread audits. And that should be music to your ears!
For more information on how ForeScout is working to address its own organizational goals and objectives for GDPR, view our webinar with Tony Miller, Senior Director of Legal Affairs.
ForeScout resources for GDPR:
- ForeScout’s approach to becoming GDPR-compliant Webinar
- GDPR: A Europe-Based Regulation with Global Impact White paper
- How ForeScout Technologies Is Preparing for GDPR Use Case
- Addressing the EU General Data Protection Regulation (GDPR) Solution Brief
1https://docs.apwg.org/reports/apwg_trends_report_h1_2017.pdf
2https://www.sans.org/reading-room/whitepapers/analyst/basics-focus-first-cis-critical-security-controls-37537
3https://www.nist.gov/news-events/news/2016/02/cybersecurity-rosetta-stone-celebrates-two-years-success