Penetration Testing and Getting Ready for the GDPR
Organisations in Europe and around the Globe are gearing up for the arrival of the GDPR. Among the many preparations that organisations are considering are Data Flow Mapping, GAP Analysis, and should a DPO be appointed etc.
It’s worth noting that Article 32 of the GDPR requires controllers and processors of personal data to have security measures in place “appropriate to the risk” around the rights and freedoms of EU Citizens who of course include our members. Article 32 is a short statement but one that could suggest the need for encrypting data, making sure our IT infrastructure is robust enough to withstand cyber breaches, having tested Business Continuity Plans in place, being able to restore systems after a cyber breach within a reasonable time frame.
It’s also worth referring to what Ms Elizabeth Denham, the UK’s information commissioner says on the subject,” If an organisation cannot demonstrate that good data protection is a cornerstone of their business policy and practices, they are leaving themselves open to enforcement action that can damage their public reputation and possibly their bank balance.
An important part of this preparedness is penetration testing, one might almost say it’s critical to proper GDPR preparedness. It’s important because done properly it can provide an end to end security check of our systems and give reassurance to the Credit Union Board that systems are secure and up to date.
Penetration testers uses the same methods that the cyber attacker might use. They can use all their technical skills to mimic the most recent and varied attach methods that hackers use to test your systems at the credit union, then importantly help you eliminate most if not all risks they discovered during the testing. I hope you will agree it difficult to see how we can have a completely secure system without penetrating testing.
We would urge you to speak to you IT advisor or supplier to understand better how penetration testing can help your GDPR preparedness.
We at CMutual on behalf of credit unions negotiated formed a collaboration with ITGovernance, a leading IT Security Specialist in the UK to create a tailored Cyber Essentials package for Credit Unions. The very reasonably priced package allows you to complete an on-line questioner, receive feedback and when you are ready progress to perform a network penetration test on your Credit Unions IT Systems. Please use the link below to find out more information. http://www.itgovernance.co.uk/cuna-mutual.aspx