Data Protection implications for SMEs: By Paul Buckle, Head of Customer Data at 9 Group

In March 2012, Robert Mueller III, the then director of the Federal Bureau of Investigation, gave a speech in which he stated, “I am convinced that there are only two types of companies – those that have been hacked and those that will be. Even then, they are converging into one category – companies that have been hacked and will be hacked again'.

The power of the illicit and substantial cybercrime industry is unlikely to be overcome by enforcement agencies and/or supporting legislation. After all, we are all becoming increasingly connected and each additional link creates a new point of entry for a hacker.

GDPR compliance is focused on protecting the individual whose data is held, preventing unauthorised access to that data and its subsequent misuse – internally and or externally.

But the cybercriminal is not interested only in personal data. The hacker seeks any data from which a revenue can be generated, be it through ransomware, or theft for fraudulent use.

IT security is only one aspect of it and this alone cannot be handled by a single piece of equipment. There is a requirement for risk assessments against the data assets in terms of their value to the company, the impact on resilience, customer trust and corporate reputation.

These will guide the company’s response in resourcing and managing security, internal processes, training and the isolation of data assets with the aim of reducing risk, achieving quick responses and affording greater protection.

The associated topics of data security, cyber crime and GDPR all need to compete for the attention of the channel and the largely SME businesses who we serve. They may lack the surface glamour of exciting new hardware, or cloud based applications, but by engaging with customers, the channel can provide the guidance and leadership that service providers are legitimately expected to provide.

Yes, hardware and software solutions have a part to play and can be interesting margin opportunities for the channel, but that providing clear, accurate information and support represents a value opportunity which should not be ignored.


Related Topics

Share this story