A Crash Course in GDPR
Launched in 2018 and designed to protect the data security and privacy of European Union citizens, the General Data Protection Regulation (GDPR) was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights include the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. In severe cases, corporations have been fined 4% of total global revenue.
So Where Does the Dark Web Fit into This?
We recently covered a report by the Federation of Small Businesses (FSB) stating that UK-based small businesses were suffering nearly 10,000 cyber attacks per day. Although the majority of these are not serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These vulnerabilities manifest from password recycling, lost devices, accidental website updates and emails, and sometimes even rogue employee behaviour.
Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency and then leverage leaked information to orchestrate crippling fraud tactics.
Disclosing a Data Breach
In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches and will also be held liable for such accidental leaks. The Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimisation of impact.
The global standards for data protection may be rising, but so have the solution sets for Server Message Block (SMB). By partnering with Ever Nimble, who provide proactive Dark Web monitoring solutions (such as Dark Web ID), you can future-proof your company from facing GDPR fines or dealing with business process interruptions.
Ever Nimble and Dark Web ID makes Dark Web monitoring affordable enough for small business to take advantage of enterprise-level actionable intelligence. We know that small businesses need Dark Web monitoring for the current cybersecurity risks out there.
Dark Web ID is designed to help both public and private sector organisations detect and mitigate cyber threats that leverage stolen email addresses and passwords. Dark Web ID leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black-market sites 24 hours a day, 365 days a year to identify stolen credentials and other personally identifiable information (PII). We report back to you with anything we find and take the necessary steps to ensure your business is safe.
Free Cyber Threat Review
We offer a free cyber threat review for your business which can help you better understand your current data risks, threat protection and security compliance requirements. We look at real data collected from your network captured by our smart, modern security tools including a preliminary Dark Web scan. Contact us today to find out more.