Our GDPR Compliance Project

The General Data Protection Regulations is coming - are you ready?

Protecting our customers’ data is a high priority for us here at RLS Computer Services. With the General Data Protection Regulation (GDPR) coming into effect in May 2018, we see this as an opportunity to strengthen our commitment in the area of data security.

What is the GDPR?

In the UK, the Data Protection Act 1998 (DPA) is a law introduced to protect personal data stored on computers or in an organisation filing systems. Its purpose was to control the way information is handled and gave people “Data Subjects” legal rights over the purpose, lawfulness, accuracy, period and what information was held about them.

Since the birth of the DPA, technology has moved on dramatically. Social media, Internet presence, mobile technology and CCTV have all emerged and grown and the act is long overdue an overhaul.

Enter, The General Data Protection Regulation (GDPR), which comes into force 25 May 2018, the new law applies to data processing carried out by organisations operating within the European Union (EU), It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The government has already decided that “Brexit”, will not affect the commencement of the new law, in fact we “may” also see introduced on the same day the UK’s Data Protection Bill, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

So simply put, GDPR, and the forthcoming Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.

What we’re doing to comply with GDPR?

The task of compliance can be long and complex, so we have taken steps to make changes to our policies, procedures and systems to ensure that we comply with the Regulation and continue to put data protection first.

Some of the steps we have taken and are taking include:

  • mapping all data handled by us and our suppliers
  • analysing GDPR requirements against our current processes and policies
  • making changes to our policies and procedures in line with requirements
  • making appropriate changes to our software tools and services
  • making sure our suppliers (“Processors”) are also compliant
  • reviewing and updating contracts, as and where appropriate
  • training all staff on the requirements of GDPR and our data privacy procedures.

But be assured, Organisations must ensure that they are compliant with the provisions of the new regulations when it comes into force, however the requirement to be compliant doesn’t end on 25 May. While there are a tick list of things to be done, our approach is not only to become compliant, but also reach beyond and gain certification in cyber security which will in turn assure our customers of compliance with our implementation to “Privacy by design and default”. This means we will implement technical and organisational measures to provide customers assurance of our security standards .

We hope to have all our policies and procedures in place before the 25 May and will keep you posted on our developments.

Social Share Toolbar

CyberSecurity – Top Tips

We at RLS Computer Services take cyber-security very seriously and don’t wish our customers to be a victim of fraud.

To help keep yourself safe from fraudsters by reducing their chances of getting hold of your information, we have put together some top tips for you.

  • When using Internet banking or any online service, never share  One Time Passcode (OTP), passwords, security codes or any other form of security information with another person. Not even an employee of that company.
  • Never download software or let anyone log on to your computer or other devices remotely following or during a cold call.
  • Never enter your Internet banking details after clicking on a link in an email or text message.
  • Never follow a telephone instruction asking you to press keys on your keyboard, or run any programmes from a cold caller.
  • Never visit a website given to you by a cold caller, it might contain malware.
  • If you are ever unsure, we urge you to take your time, don’t be rushed. A genuine organisation will never rush you to take action on your account.

To illustrate the point of security and fraud please take the time to watch this witty but to the point video.

Social Share Toolbar

Cyber Attacks – What To Do?

Image

cyber_security_banner_600x140

Cyber-attacks are on the rise; so, what can we do to protect our identity and keep our information safe? Read my action To-Do-List to keep yourself safe online and out and about.

it was only last week when Northern Lincolnshire and Goole NHS Foundation Trust suffered a major incident after systems were infected by a computer virus and now this week Tesco Bank suffered a sophisticated attack which saw monies taken from 20,000 of its customers’ accounts.

Here are my recommendations to keeping you safe online and out and about.

General Rules

  • Use a quality anti-virus solution and keep it up to date. There is no point scrimping on security here, an anti-virus application will provide several security benefits including malware protection, firewall and browsing protection.
  • Always use a strong password, which is a critical factor of preventing access to your  information. It doesn’t have to be overly complicated either, simply take this famous pangram “The quick brown fox jumps over the lazy dog” and ask yourself how many ways can you write just part of this sentence (i.e. “TheQuickBrownFox”, “Th3Qu1ckBr0wnF0x”, or “Th3QBF0x”)? You can use your own sentence and create your own short versions to create your password, there is literally endless possibilities and combinations.
  • Password protect your PC and lock it when you step away, even if you are just visiting the loo.

Safe Browsing

One of the biggest concerns most people have is with safe browsing, but what does that mean? I define it as visiting known websites or searching for information on the Internet. To safely surf the Internet you should follow these simple rules:

  • Never search for a website that you know the address for, always type the fully URL of the website instead of just the name. For example when visiting the BBC website don’t just type “bbc” into a search engine as you are then presented with a mountain of responses to choose from and the first one isn’t always the correct one, instead type “www.bbc.co.uk” which will take you straight to the site.
  • Always use bookmarks for regularly visited websites (i.e. Bank, shopping sites, etc.)
  • Never install browser add-ons, toolbars and extentions when you don’t know what they do, this is one of the major causes of browser hijacking to date.
  • Turn on Pop-up blocker to stop ads and unwanted browser activity and selectively allow only those sites who need them (i.e. your bank might sometimes pop-up a window to present your latest bank statement).

Out and About

Cyber security isn’t just about what you do at home and work on your computers, it is also about what you do when you are out shopping, visiting friends and using your mobile devices. Here are my recommendations to reducing your chances of being cyber attacked when you’re out and about.

  • Check that cash machines haven’t been tampered with, credit card fraud can happen if a criminal has skimmed your card directly from a machine that has been altered to read your card and capture your PIN.
  • Always make sure no one can see your PIN number when typing it in, this should always be observed in shops and cash machines. Don’t be afraid to ask people to step back if they are too close.
  • Lock you mobile devices with a PIN in case you loose it and enable track and trace.
  • Don’t keep PIN numbers written down and if you absolutely have to don’t keep them in the same place as your cards.
  • Never let your card out of your sight, even at your friendly supermarket
  • If someone asks to use your mobile phone in an emergency just ask for the name of the person they want to call and the number and call it yourself, only handover the handset once you are assured you are dialling a legitimate number and talking to real person.

My last piece of advice I want to share with you is this, DATA is KING, after all cyber crimes are not just about stealing your money, it’s about stealing your information and the more detailed the information the better. So we must back it up and back it up with a quality backup solution. It is admiral to watch someone backup their data to a USB pen drive or external hard drive only to then loose it or break it. If you get hit with ransomware, lose your mobile device or simply delete your data (accidentally or by malware) the chances of recovery has been increased significantly when correctly backing up your data.

Further Reading

For more help with securing your IT systems, why don’t you give us a call on 0844 334 2020 or email support@rlscomputers.co.uk

Social Share Toolbar