The GDPR has been enshrined in EU law for four years now. In the intervening years the workplace has been transformed and so too have the needs of organisations to safeguard data from internal and external threat vectors including cyberattack, data breech and non-compliance.
Since the end of January last year, it is reported
[1] that fines totalled EUR 1.1 billion have been issued by data protection supervisory authorities across Europe, representing a near sevenfold increase on the previous year’s total. Now, as workers head back to offices, either full-time or in a more hybrid capacity, many organisations from large enterprises down to small single site SMEs have, or are in the process of, upgrading their technology infrastructure, to create a new look digital workplace. The anniversary of GDPR provides an opportune moment to reassert the importance of data privacy and protection, given the larger/changed threat surfaces that these new investments and ways of working create.
Changes to the workplace creates a new threat surface
Threats to an organisation are not restricted to the actions of determined cybercriminals using advanced malware, ransomware, and denial of service attacks. Confidential information can also be leaked through phishing attempts or unintentional errors. According to Quocirca’s ‘The Print Security Landscape 2022’ report
[2] (
in which Konica Minolta is recognised as a leader in print security), 68% of organisations have experienced data losses due to unsecure printing practices in the last 12 months, costing them an estimated average of more than £632,000 per breach.
However a breach occurs, it can cause lasting and significant financial and reputational harm if an organisation and its employees are not alert to the risks. So, as workplaces become more ‘open’ environments we must rethink how we manage trust.
This is not to say that co-workers should not trust one another, but they should be given the capability and confidence to operate in an ecosystem that supports them to make the right choices, that protects them and the organisation from an attack/breach and the ramifications, whether from a regulator or cybercriminal. A good example of this is password management, the sharing of which has long been rife, as well as using weak credentials that are rarely changed. Recent research conducted by the UK Government
[3] suggests that 75% of organisations have a password policy in place, yet it continues to be a rich hunting ground for hackers who have ready access to breached accounts on the dark web, where millions of new records are added daily.
There are of course important fundamentals that organisations can use, such as ensuring endpoint security is kept up-to-date and patched across all devices. Also, having clear guidance on the use of work and privately owned laptops, workstations, and mobile devices for work related activity. These may be lesser issues for larger enterprises with dedicated IT departments, but it can be a real challenge for smaller businesses to keep on top of. It is for this reason that those who place a premium on security choose a trusted managed service provider, to give them peace of mind that there are no weak links or easy entry points.
Every device needs protection
Ask the uninitiated to conduct a workplace security audit and those identifying the office printer or multifunctional device as part of the threat surface would likely be in the minority. However, whether it resides on the network or not, be it a single device or a fleet, left unmanaged it can present a risk.