The Importance of End User Awareness
With GDPR less than a year away, are we all preparing as best we can? GDPR shouldn't be mentioned with the tone of it only affecting members of board, CIO's/CTO's/controllers and processors. When we talk about GDPR - we should be looking at both ends of the spectrum. End users play a huge part in the general data protection regulation cycle. Are you end users currently aware of how GDPR will affect your organisation? Are they aware of the costs of breaching GDPR rules, how to abide by it, how to make choices that won't find you looking at a large fine with lot's of zero's? Simply put - you cannot simply tell your end users to read up about what GDPR is and how to conduct best practice regarding it. It simply will not work.
So, how does the end user play a role here? Well, lets first look at what GDPR is in summary.
GDPR applies to all personal data. More specifically - any data that can be used to identify a person. The rules set in place are designed to control what can be done with personal information and require that a persons consent is given and that there are reasons to process or store personal data. The rules also state that any person has a right to know if and what information is held relating to them. If there is no formal reason for personal information to be held, a person can request this data to be erased. Access to personal data that is stored needs to be strictly controlled and only granted access when required. This only briefly touches on the details of GDPR - for a more in depth look, please read this
Now that we've established a brief over-view of what GDPR is, let's look at how your end users are going be playing a part in this process. GDPR is all about being able to comply with regulations and hold full accountability.
Ransomware. Unless you've been hiding under a rock and simply aren't concerned about your network or your data - it's fair to say you'll have a good idea of what it is and how it can cripple business and infrastructure. All it take's is for one end user to click the wrong link, which sometimes may seem beyond authentic and that end user has not only potentially crippled your network/business, but should the ransomware attack result in a breach of data and you're found to be accountable for lack of end user training - you've now got a hefty fine to potentially face.
Ransomware and phishing attacks will only get smarter and more effective with time. It's YOUR organisations job to ensure your end users are up to date with awareness training. Knowing the best practice and how to best avoid not becoming a victim of a phishing or ransomware attack. So what can be done? Fortunately there are solutions available in order to keep your end users up to date and at the best level of training they can be at in order to avoid potentially facing devastating consequences. If you'd like to know more about anything discussed in the article or have any questions, please feel free to send me a message.
Please find more of our colleague Wesley Freeman post's here