No phising here

Orla O'Driscoll

Companies who have not put security and compliance measures in place, can be fined up to 4% of annual turnover if a security breach occurs. Credit: PYMNTS.com

[dropcap]EU[/dropcap] regulations for the control of data security, which come into force in May, are a long way from compliance rates, according a cyber-security expert.

“Ahead of the GDPR regulations which come into effect on May 25th, many companies are only now realising that they must comply with the new regulations or face the possibility of comprehensive fines,” said Gerry Morley of Tech Guard, a Dublin based Cyber security firm.

Companies who have not put security and compliance measures in place, can be fined up to 4% of annual turnover if a security breach occurs.

And while many feel passwords, usernames, and email addresses are innocuous information to access global connections, our digital footprint offers criminals a lucrative lifestyle.

 

“Crypto-mining is the new buzz word when it comes to internet security breaches,” Morley said. “This scenario sees the bot delve into a user’s information, obtain passwords, create a profile, and use this identity theft to access services and commit financial fraud.”

In a recent survey 97% of email users could not identify a phishing email, and Morley says, “Users are the weakest link when it comes to security.”

The new legislation dictates sole responsibility for data protection onto those who hold the information, and this is not exclusively aimed at multinationals.

General Data Protection Regulation (GDPR) legislation applies to everyone in the public sector, charities, not for profit organisations, education, SME’s, and sole traders, and anyone who is responsible for the collection or processing of data, regardless of sector or size, or how the information is held or compiled.

Currently a company is legally obliged to release, under request, information it holds about an individual, within a 40-day period, and the new regulations reduce this to a 30-day period.

A breach of Snapchat credentials by a phishing expedition last year, left 56,000 accounts exposed online.

According to tech publication, The Verge: “The attack used compromised accounts to send out a malicious link, which would direct users to a website mimicking the Snapchat login screen.”

And while Snapchat apologised profusely, once legislation comes into play, an apology will no longer be a viable defence.

Jess Kelly who presents Tech Talk on Newstalk notes the industry have been working to ensure compliance.

“I think GDPR is a welcome change for consumers as we have been giving away our data for such a long time, without fully thinking about the consequences. Sometimes companies ask for information they don’t really need – that is then stored and sometimes never used. The arrival of GDPR will draw our attention to who has our data and why,” Kelly said.

The new regulations may mean more security for users, however, there is concern that those who wish to be litigious may attempt to take advantage.

“The new rules will mean that a civil case can now be brought against the company if compliance measures when not in place and a breach occurs,” said Morley. “The fear then is that people can take a case of ‘emotional damage’ due to a breach, and there is no precedent set for this.”

Orla O’Driscoll