17 May Ready for GDPR ✔️ But are your networks secure?
Ready for GDPR ✔ But are your networks secure?
The 25th of May is fast approaching, which, as we all know, is the deadline for GDPR enforcement. After four years of discussion and planning, this is the most important change in data privacy regulation in 20 years which has come about in order to better protect and empower EU citizens data privacy. At an organizational level, it will have a dramatic impact on the way in which we collect data as companies, as well as what we do with that data.
GDPR will apply to any company that processes the data of citizens residing in the European Union regardless of their location, and in the case of a breach of GDPR, they can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). Detailed information about GDPR can be found on the official portal.
In addition to the potential financial implications of a breach, the impact on a company’s brand and reputation would be hugely damaging, something that has been unequivocally proven by a multitude of scandals that have been in the news in recent years.
But while we’re all focusing on GDPR compliance, wouldn’t it be a good moment to consider the overall security of our networks?
Cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017, driven by ransomware and new attack methods. And since the majority of cyber attacks are never reported, the actual number of incidents in 2017 could, in fact, be over 350,000 according to Online Trust Alliance, 2018. As these figures unfortunately show, our enterprise networks are under threat.
What’s even more frightening is that many of the attacks are not reported, because network administrators are not even aware that they have happened. This is largely due to the fact that they don’t have real-time visibility over who and what devices are connected to the enterprise network, and certainly, don’t have any sort of warning system in place in the case of any usual activity.
Ensuring that no one unauthorised can access our networks, and therefore our information, seems like a sensible first step in data protection. Which is why we have created Fontech Enterprise Control.
Ensuring GDPR password compliance
According to a study conducted by Fontech, over 50% of participants reported using a shared password to connect to their workplace WiFi network. In the context of GDPR, the Data Controller of every business is obligated to ensure sufficient security in order to protect data, and the use of shared passwords may open them up to risks as they are far less secure than personalized passwords for each employee.
By comparison, Fontech Enterprise Control allows administrators to grant users access on an individual basis, and access can be limited at certain hours to avoid security breaches, for example during the night or at weekends. If any unauthorised devices try to connect to the WiFi network within these hours, they’ll be blocked from doing so.
Taking the headache out of offering guest WiFi
The internet is so central to many of our day-to-day work tasks that visitors expect to be granted access to enterprise networks. According to Fontech’s survey, over 70% of participants reported that their workplaces offer guest WiFi access. Managing the access of these individuals on an ad hoc basis can put a significant burden on IT teams. To ease the workload, many companies offer generic guest WiFi access, protected by just one password that is openly shared with anyone that needs temporary access to the network. Again, this opens the company up to many risks.
The Fontech Enterprise Control Guest WiFi module makes this simple, by ensuring external consultants, clients, and other visitors can easily access the network, but with controlled and limited access. Administrators can empower employees to send WiFi invitations to their guests (without the need to involve IT teams) as well as integrate the guest invitation portal with the employee’s calendar to allow access only to those users who appear in his or her invitation. If the guest is included on the attendee list, they will be granted WiFi access.