GDPR Compliance Is Providing Cover for Phishing Attacks

GDPR Compliance Is Providing Cover for Phishing Attacks

Every problem is an opportunity, even for the bad guys

So the big day (25.05.18) has come and gone and the General Data protection Regulations (GDPR) are now in full effect. If you haven’t been able to achieve compliance with the new regulations, which are intended to give improved protection of personal data to all EU citizens (Even in the UK), you need to act NOW.
Here’s what the EU says about this important and far reaching legislation:

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”

The Issue of Consent.

As you know, I’ve already written a couple of articles laying out some of the challenges you will face when moving towards GDPR compliance. One of the key challenges is to demonstrate that any personal data you are using has been collected and is kept with the consent of the data subject.

You may have noticed that companies with whom you have a personal relationship, have been emailing you to ask whether you wish to maintain that relationship. They are doing this because data can only be collected or used with your explicit permission. There are very serious financial penalties for misusing personal data. It is almost certain that your own business will be undertaking the same process, to verify that data is correct and that it is lawfully held.

Here’s the Worry.

Unfortunately, the need to gain or renew permission means that a lot of email will be landing in your inbox (and the inboxes of your less IT-savvy colleagues) in the coming weeks. Because lots of us aren’t quick to respond, we’ll probably see multiple emails from the same contacts. This is providing fabulous cover for the nefarious activities of the criminal hackers, who are, let’s face it, chancers by their very nature and profession.

So, What Can You Do About the Problem?

If you are an Active IT regular, you may have read my earlier blog about the ongoing threat and just in case you need to give it another look, here’s the link.

Phishing for Fun and Profit

There are a few specific points I’d like to make about the current situation:

  1. Almost everyone who uses the internet, inside and out of work, will receive legitimate emails asking us to renew permission for our data to be used. After all, we all sign up for competitions, news, discounts, technical support and many other things. Anyone we’ve signed up with who wants to continue using our data to contact us will be in touch shortly and they’ll probably make several attempts, if you don’t respond promptly.
  2. The emails you will receive should be very clear and straightforward, or they’ll be in breach of the GDPR, which demands active consent and bans the use of long-winded or complicated statements.
  3. Many of the emails require you to click on a button which takes you to another webpage. This is potentially where the risk arises. You need to be sure that the email is genuine before you click on any link.

Be the hero.

  1. If you are the kind of person who pays attention to these things (and I assume that’s why you are reading this blog), you can make sure that your colleagues, friends and family stay safe.
  2. Remind people that phishing is a very real threat. The higher the volume of emails, especially if they are somewhat similar, the more likely you are to click on a link without really paying attention.
  3. If you, or anyone else, has any doubt about the authenticity of an email, contact your IT support company or just delete it.

This is what we do.

Active IT supports small to medium sized businesses across the UK. We provide an outsourced IT department for companies that need a dynamic, skilled and cost-effective service to support their growth.

Whether you need help with day-to-day IT support, improving your data security, managing GDPR compliance, or any other aspect of IT and data management, we can offer you a solution.

If you want to know more, give us a call.

Active IT. We take care of your IT, so you can take care of business.