To get started, click accept below to bring up the cookies management panel. Next, tap or click on the Personalization button to turn on the chat feature, then Save.
Bill Mew is a key opinion leader, digital ethics campaigner and entrepreneur. As a key opinion leader, Bill focuses on striking the right balance between ‘meaningful protection’, where he has been ranked as the top global influencer for data privacy, and ‘the maximization of economic and social value’, where he is also one of the top influencers for everything from cybersecurity, and digital transformation to govtech and smarter cities. He also appears weekly on TV/Radio (BBC, RT, etc) as an expert on these topics - more broadcast airtime than any other technologist in the UK.
As an entrepreneur, Bill is the founder and CEO of CrisisTeam.co.uk, where he works with an elite team of experts in incident response, cyber law, reputation management and social influence to help clients minimize the impact of cyber-attacks.
We are ALL responsible - collectively and individually
In many organisations there is a prevailing attitude that cybersecurity is something that only a CISO does, or that privacy is something that only the compliance department does. Unless there is more collective responsibility for both cybersecurity and privacy, our data will not be secure and if things go wrong, we’ll all be held liable - both collectively and individually.
In such organisations, senior management is still failing to take cybersecurity and data privacy seriously. All too often they believe that these are tasks that can be delegated to the CISO or DPO (Data Protection Officer) and forgotten about. If senior management continues to see things this way, then it is hardly surprising when this kind of attitude permeates down through organisations and staff at all levels who also fail to take these issues seriously.
3 things organisations should think about:
1. If your procurement manager opts for unencrypted devices
If the decision to procure unencrypted USB drives, SSDs or IOT devices is based purely on price, without considering whether they are secure or have hardware encryption, then those unencrypted devices create a cyber vulnerability. This puts the whole organisation at risk of a data breach.
2. If staff reuse passwords or take shortcuts to bypass security measures
If staff fail to follow basic cybersecurity rules and are careless with passwords or email attachments, they are putting the security of the entire organisation at risk. Cyber criminals actively target weak or known passwords and use phishing tactics to compromise security of their victims. These are some of the most common attack vectors for cyber incidents.
3. If a CMO takes the odd chance with the use of private data
GDPR stipulates that personal data can only be collected with consent for a stated purpose. If you harvest or share data illegally then you are putting everyone at risk of major fines and litigation.
Who is responsible if these things happen? Organisations are and SO are we!
We all need to take cybersecurity and data privacy seriously
If you see that your organisation is using unencrypted USB drives, SSDs or unsecure IoT devices, you need to speak out. If you notice your colleagues failing in their cyber hygiene, you need to speak out. If you witness a member of the marketing department using customer data inappropriately, you need to speak out.
Change of culture is key
If we are to change attitudes and make people take cybersecurity and data privacy seriously in an organisation’s top to bottom, then we need to change the cultural mindset.
There are plenty of incentives for organisations to do so. There is clear evidence that customers will happily do business with organisations that they think will take care of their data and are more reluctant to do business with those that do not. Retaining customer trust and avoiding any kind of cybersecurity incident that can undermine such trust should be top of mind for us all.
In addition, there are plenty of deterrents to make organisations take data protection seriously. For starters, GDPR stipulates a maximum fine of €20 million or 4% of annual global turnover – whichever is greater – for EACH incident. The cost of fixing an incident can run into millions and if it’s a ransomware attack, the cyber criminals could be demanding a multi-million-euro ransom on top of this. You could also face litigation from the people whose data was compromised.
As if such sanctions on an organisation were not enough, there are also emerging sanctions on individuals as well. A recent case in the US has set a new precedent for a cyber incident case when board members and a CISO were individually named as defendants. A report by analyst firm Gartner has predicted that CEOs could soon be personally liable for cyber-attacks.
As citizens and as customers, we want organisations to protect our data, and when we are responsible for the data of others the standards need to be just as high. We should be concerned - both collectively and individually - that we could all be held liable. But we should be equally motivated to focus on data protection as it is the right thing to do.
#KingstonIsWithYou
Ask an Expert
Kingston can offer you an independent opinion on whether the configuration you’re currently using, or planning to use is right for your organisation.
Self-encrypted SSDs
We offer advice on what benefits SSDs will bring to your specific storage environment and which SSD is most suitable for your mobile workforce to ensure you are working securely on the go.
The importance of organisations to consider Revenue, Profit & Risk as equal in organisations to ensure they mitigate data security & cyber security risks. Read this article from Industry Expert, Bill Mew & he will provide you with an insight on this topic.
Choosing the right SSD for your server is important since server SSDs are optimized to perform at a predictable latency level while client (desktop/laptop) SSDs are not. These difference result in better uptime and less lag for critical apps and services.
What strategies can organisations use to best secure customers data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the programme delivers precisely what your organisation needs.
End-to-End Data Protection protects customer’s data as soon as it is transferred by the host system to the SSD, and then from the SSD to the host computer. All Kingston SSDs incorporate this protection.
Everyday working life has changed radically and so have traditional ways of working: thanks to mobile storage media, we can access our data practically at any time from any location, and can work on our data wherever we are.
Data security is a topic close to our hearts. As an industry leader, we are constantly striving to educate and share our knowledge on a number of technology related subjects and Data Security is a major concern for all.
Why do companies need to use Self-Encrypting Drives (SED)? What is TCG Opal 2.0, AES 256-bit Hardware Encryption and what are the benefits for a company, its departments and data protection best practices?
Heathrow Airport in London (30 October 2017) uses unencrypted USB drives for its non-cloud storage. Unfortunately, it was not standardized on encrypted USB drives.
Testing is a cornerstone of our commitment to deliver the most reliable products on the market.
We perform rigorous tests on all of our products during each stage of production. These tests ensure quality control throughout the entire manufacturing process.