As a certified cyber essentials certified company, Kingsfield work with leading vendors to give you the right package around all your solutions and compliance; For example, we can provide and build an advanced security operations to center and revitalise your governance:

Risk Analysis and Compliance

Accountability

Implementation Support

Post-Implementation Support

Monitoring Endpoints

Training

Access Management

Fraud Prevention

Data Privacy

Data Protection

How Far Is Your Organisation?

GDPR isn’t something you want, it’s something you have to have in your organisation to take control and there’s no way around it. Whether those risks stem from external cyber threats, identity and access management challenges, online fraud, compliance pressure or any number of other business and technology issues.

It’s the measures organisations must take to protect personal data belonging to residents of the EU, which includes the opportunity to protect sensitive data in your organisation, fight online fraud, or detect the most covert cyber threats lurking on your networks. The new regulations came into place in 2018 and you need to start preparing now!

What Kingsfield Can Offer?

Kingsfield work with high profile vendors to give you the right package around all your solutions and compliance. For example, we can provide and build advanced security operations to center and revitalise your governance:

Risk Analysis and Compliance

Monitor Endpoints

Implementation Support

Training

Access Management

Fraud Prevention

Data Privacy

Data Protection

GDPR Compliance

GDPR highlights the need to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. For example, being able to demonstrate through appropriate governance measures. These measures include but are not limited to:

Understanding what personal data an organisation handles and where this data resides.

Firms will only have to deal with a single supervisory authority

Performing risk assessments to remove exposure to accidental or unlawful loss of data

Implementing various technical and organisational controls to protect personal data

Appointing a chief data protection officer charged with overseeing GDPR compliance

A risk-based approach must be adopted before undertaking higher-risk data processing activities

Processors can be held liable for data breaches, resulting in fines

Data controllers must report data breaches to their data protection authority

Notice must be made within 72 hours of data controllers being aware of it

Article 35 of the GDPR states that data protection officers must be appointed for all public authorities

Individual Rights

GDPR defines the rights of individuals to protect their personal data. These rights include; informed consent, Access, Correction, the right to be forgotten and data portability.

dsgvo-3415444_1280

GDPR And The Environment

Data disposal is a major part of the GDPR. Kingsfield are proud to offer a secure, GDPR compliant national collection service for all your redundant IT assets. Utilising an ADISA certified collection partner we ensure complete data security for your peace of mind as well as offering the most generous rebates on the market for your redundant machines. For example, we will take full custody transfer and documentation, security check the service representative, online account access, protect your data, dispose and erase data and destroy your data.

cyber-security-3400657_1280

Encryption

In the UK, 51% of confidential data is stored on flash drives. If a flash drive becomes lost or stolen, that confidential data is at risk of falling into the wrong hands. It is an obligation to report this incident to the data protection officer. However, without any proper paper trail that the data is encrypted, a fine is still in order. Kingsfield are able to help provide a Safe Console that enables you to access, lock and remove data without resulting in a fine. It’s the perfect paper trail, no hassle or installation. Kingsfield are there to help.

Data Access

Minimising access to only those with legitimate need to access personal data is another key part of GDPR. For example, passwords need to be strong authenticated passwords to avoid unauthorised access to sensitive resources or perpetrate a full-blown breach. Furthermore, access Policy Management serves a vital function; protecting user identities and ensuring data is only accessed for legitimate purposes. This enables the documentation and control of user transactions to ensure they are role appropriate. Lastly, evolving business needs around mobile devices and cloud applications create new access control considerations, such as, protecting data which fit around the access of employees, customers and partners.

Security Monitoring

Having a proactive alerting and visibility of how your network is performing and the threats affecting your network can minimise network issues. Kingsfield can help provide a monitoring system so you know there’s a problem before it’s even happened. This works by monitoring systems, learning KPI, patterns and human behaviour, alerting you when these patterns have been broken and predicting the future.

hands-1004271_1280

Security Challenges

The recent revenue from cyber-crime, not to mention its potential for state-sponsored terrorism, ensures a level of resource and innovation that can be hard for any individual company, or even national government, to match the evolving threat landscape. Part of the problem comes from the way cyber security has evolved. For example, on the discovery of each new attack, another security solution needs to be implemented. This is not only hard to manage, but can easily lead to gaps and inconsistencies in the response to new threats.

The adoption of trends such as mobility, cloud computing, and the Internet of Things all expand the effective attack surface, exposing new vulnerabilities, and eroding the traditional concept of a network border. Any solution worthy of the term, ‘State of the Art’, will not only need to overcome the above challenges, but continually adapt to changes in the usage of technology in the evolving threat landscape.

hacker-1944688_1280

Network Security

To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimise both the number of network intrusions, and their time to detection. Kingsfield can offer multiple products that can fill all key components of the security infrastructure. For example, anti-virus, hardware and software, applications, access management and much more.

What To Do When A Breach Occurs

The first challenge to the GDPR’s breach notification requirement is to detect when a qualifying breach has taken place and determine which assets might be at risk. Almost by definition, any successful external security breach must have either evaded detection entirely, or was not detected quickly enough. This means it either exploited an attack mechanism unlike any previously encountered, or the flags that it did raise were missed. In 2016, the average time taken for organisation to become aware of a typical breach was almost five months! Fortunately, the GDPR 72-hour notification window opens at the moment of detection, not the moment of intrusion. Since it is clearly impossible to detect the undetectable, security administrators should accept and prepare for the inevitable, occasional intrusion, while striving to minimise such occurrences and hasten their detection through every means possible. As previously noted, the GDPR does not require notification for all security breaches, only those that present a risk to the rights of individuals.

In the moment of a breach, please try and contact Kingsfield as we work proactively with organisations to help your situation to ensure it is handled effectively and immediately. A strategy will be defined and the appropriate technology around that strategy will ensure that proper incident management procedures are followed, the right stakeholders are alerted and actively involved, documentation is captured throughout the investigation and remediation processes are followed to ensure proper reporting post mortem. Remember, the full process of identifying, reporting and resolving the breach must be completed within 72 hours.

Penalties Under GDPR

Organisations found in breach of the regulations can expect administrative fines of up to 4% of annual global turnover or £20 million, which can lead to business insolvency, reputation damage and customer loss. Regulatory fines can result in senior executives facing fines or even imprisonment for negligence and legal non-compliance.

GDPR Facts

Yes, they are vital to the controller and processor relationship as it binds both parties to the agreed terms.

They must only be appointed on case of public authorities, organisations that engage in a large scales monitoring systems or organisation that process sensitive data. However, it’s still encouraged if you don’t fall in these categories.

No, as cookie tracking and IP addresses are classed as non personally identifiable information.

Yes, as it’s all identifiable information.

Yes, even though the UK will be leaving the EU, the new regulation will still be coming forth to protect everyone’s data.

Buy Security Products

Contact Us