GDPR Step 2: Helping you become GDPR compliant.
This month we’ll be looking at the steps you will need to take to make sure that you evaluate your email security. The main considerations include:
It is your duty to ensure that emails that contain sensitive customer data or confidential information are not leaked and are securely exchanged. In order to achieve this you should either deploy & maintain an on-premises email security solution or sign up to a cloud-based security solution.2. Quarantining unknown email attachments
Complex attacks can get through anti-virus/malware systems because of sophisticated targeting and strategies employed. File and data analysis are therefore essential. Monitoring should detect known and unknown links, malicious sender URLs and attachments before they get to the end user. If they don’t then the email system should test links and attachments in a sandbox/secure environment before the user can click the link or attachment. In order to achieve this you should deploy a reputable anti-spam system.3. DLP and Strong encryption
A Data Loss Prevention (DLP) tool can check outgoing emails for content that could indicate a breach. DLP’s can warn users if their emails contain PPS numbers or other keywords, automatically encrypt emails sent to certain addresses, or strip confidential attachments from emails sent outside the company.
Applications that use ‘EaaS’ (Encryption as a Service) architecture can control permission to read and share emails that have been recalled which otherwise once sent would be in the recipient’s inbox. Rescinding the encryption key can stop recipients from reading or sharing the message (even after it has been opened). Along with Virtual Read Receipts, this can address breach mitigation requirements or if you managed to recall the message before it is opened could avert a breach entirely.
As with any other area of vulnerability in your organisation, you should educate your staff on company policy regarding email, monitor their email usage, teach them ways to recognise threats and what to do if they think there has been a breach. And re-educate regularly, as this is a vigorously developing danger that is not going away.5. Keep your email password secure
Read our GDPR section in our April newsletter where we will outline some changes we are making to our DRIVE CRM software to help you comply with your obligations.
The new legislation will usher in the most comprehensive overhaul of Irish company law in over 50 years and we will provide you with a detailed synopsis of the highlights and notable changes that are to be introduced.
ACIS, Corporate Law & Company Secretarial Practice
A concise guide to the practical measures that Accounting Firms need to take from a tax perspective in adhering to FRS102.This will link up and follow on smoothly from the earlier presentation on the Accounting implications of FRS 102 covered by previous speakers.
The Statement of Recommended Practice applies to Charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and ROI (FRS 102) - effective date January 2015.