ECBM's Blog: Information To Protect What You Grow

What Is GDPR?

The General Data Protection Regulation or GDPR is a set of laws created with one ultimate goal: to protect the personal data of people in or from the European Union (EU). The critical point here is that the individual’s nationality or residence is irrelevant- just whether they are in or from the EU. This law has forced the hand of many businesses to adopt the regulations into their practices for data collection- most commonly seen on websites. The GDPR became effective on May 28, 2018, but many businesses are still catching up due to inertia in changing procedures and practices.

In November 2016, the National Institute of Standards and Technology released Special Publication 800-160.  This document constitutes NIST’s approach to securing internet-enabled devices from malware and cyberattacks.  The so-called Internet of Things represents a massive economic opportunity for many businesses, but it also represents another front in the war against cyber criminals. 

An emerging area of cyber liability for small businesses centers around the concept of third party risk.  Third party risk means damages resulting from the security breach of a connected party - normally vendors or customers.  Small businesses can face third party cyber risk on a number of fronts.  They can face liability from a breach of their own systems infecting a vendor; they can also face damages caused when the breach of a vendor causes a breach of their own systems.  Franchisee relationships have also caused increasing concerns of cyber risk.

Cyber criminals have a large number of ways of gaining access to a company’s computer systems.  What they do when they gain access to that system can also vary widely.