Plan. Create. Maintain for GDPR compliance 

With the deadline for GDPR compliance drawing ever closer, it is becoming critical for businesses to not only plan for compliance but evaluate their strategy for effective GDPR-compliant maintenance for the future. As enforcement begins on the 25th May 2018, the firms who are not compliant will soon become apparent when fines up to 4% of global turnover or €20 million start being issued.  

With failure for compliance coming with significant risk for businesses, now is the time to implement a strategy for effective GDPR compliance. From employing Data Protection Officers or enlisting the support of a virtual CIO, organisations need to plan for compliance, create a strategy and ensure ongoing maintenance with effective results.  

So, how does your business prepare for GDPR? 

Plan: How to prepare for GDPR compliance 

Conduct a data audit 

An audit can help you to determine all of the points where data is collected and held. From there, you can map where data is collected, how it is processed and the channels that information is shared. It is important to analyse all data relationships to make sure you cover every single process.  

At Cyan Solutions, we work closely with all our customers to conduct comprehensive reviews to help create a detailed insight. Through this process, we can integrate our strategic thinking as part of your team. With auditing and our expertise in GDPR compliance, we can help to create an actionable plan to cover all of the points that you need to review and can improve. 

Questions in an audit include; 

  • How long do you keep personal data? 
  • What mechanisms are in place to safeguard data? 
  • Who do we transfer data to and is this process safe? 
  • Who has access to sensitive data? 
  • Do third parties share the data we provide? 

Become familiar with legal basis 

With individual control being at the heart of GDPR, it is essential to ascertain the legal basis for each of the data processing activities. By understanding the legal requirements, you can start to plan to refine your data collection and processing technique. For example, businesses must demonstrate that they do not collect any personal data beyond the minimum necessary for each specific processing activity.  

An activity to complete at this planning stage is a Privacy Impact Assessment. This describes the data processing activity, an assessment of its necessity and use in processing purposes and how a data protection officer is involved. Through conducting this type of review, you can understand the areas you need to streamline and refine to be compliant.  

Create: Implement a GDPR solution 

Tailor a platform 

To ensure the business is fully compliant across all teams and departments, there needs to be a cohesive system in place. With a familiar interface that helps people to carry out their normal work activities while remaining GDPR compliant and having specific access controls, staff can have an efficient platform that ensures GDPR is taken care of.  

At Cyan Solutions, we use technical architecture to tailor a platform that is specific to your business needs. We not only design a compliant and easy to use solution but also implement the strategy to make it easy for your business to migrate to a familiar system but with added flexibility, accessibility and security.  

Maintain: Track changes with analytics 

Using technical software, it is possible to monitor all changes to data throughout its lifecycle. With this, you can highlight any areas of concern for GDPR compliance. Furthermore, you can compare data to highlight any potential threats and data breaches to ensure your system remains robust and your organisation retains its GDPR compliance.  

Systems can also help you to catalogue and search for personal data across data stores. Applications such as this can help you to delete and remove data after its specific use or required time period. At Cyan Solutions, we remove the burden of maintenance by monitoring your GDPR compliance through proactive managed IT services.  

Our helpdesk is available to answer any queries and concerns while you can trust our team to safely manage your IT systems with the necessary security and back-up to maximise productivity and reduce downtime. Working with your business, we can help your IT do the hard work for you by maintaining your GDPR compliance with a proactive response and reducing the time spent reviewing compliance activities and implementing new strategies.  

Plan, create and maintain with Cyan Solutions 

If you want to find out more about how Cyan Solutions can help you to plan, create and maintain an IT system that is ready for GDPR compliance, get in touch by calling our friendly IT experts on 02392 333 365.  

How to protect your business against phishing scams

Phishing is a form of online identity theft that has grown in popularity by hackers over recent years. It primarily affects home internet users, however a number of users have found themselves a victim at work, simply because they didn’t expect to see it within the confines of the office. Here’s how you can protect yourself, your colleagues and your business from phishing scams.

Phishing scams are one of the most common forms of cybercrime. In fact, it is now so widespread that it is commonly believed to be the most common form of cybercrime. It makes use of false emails and fraudulent websites in an attempt to steal a person (or professional’s) personal information. This often includes debit/credit card information and passwords.

For businesses, passwords are all the more valuable. When it comes to IT infrastructure security, information held by humans is often the weakest link, and what results in the majority of cyber attacks. Therefore, for business users, avoiding phishing scams is all the more important.

Clearly one of the most important ways to avoid phishing within a business is with high quality security rules and regulations. Be sure that these are always properly explained to new team members. Alongside this, be sure you have the finest security solutions possible installed across your systems.

Here are some of the things you should educate your team about phishing scams in order to protect your business:

Know how phishing emails work

Phishing scams occur from links in emails that appear to come from trusted sites, and often they link through to sites that mimic the actual site. Ensure your team know to be wary of anything that requests personal or business information, especially that which is financial or requires a password. Phishing commonly uses scare tactics. Luckily within a business setting individuals will usually report this kind of email.

Never click links you are uncertain about

Bad links within phishing emails can result in attacks of your IT infrastructure. While you should have the best possible security linked to your business email provider, some can get through. Be sure to let team members know that they should never click links just because they are curious.

Report all dodgy looking emails to an IT admin

Having a reporting policy in place for any phishing email attempts is the best possible way to ensure education and awareness across the whole of your business. If you don’t already have a policy in place, create one and be sure to communicate it to everybody.

The best person to deal with phishing emails is an IT admin. They should be able to report the email to any web service provider that you use, and also educate your team about the attempt.

Does a lack of cloud computing standards compromise its use?

Cloud computing is now utilised by a large number of SMEs to the benefit of their respective organisations. We believe that every business should be benefiting from the cloud. However, many of the most common issues that new businesses have in utilising cloud-based technologies comes from misinformation.

In this article we look at one of the most commonly cited cloud computing myths.

Overcoming misconceptions about the cloud can be a big challenge when launching new projects. Understanding how cloud technologies work and what they can deliver can be difficult enough without the facts being distorted.

With misinformation comes false expectations. With false expectations comes false understanding. And false understanding can lead to projects being started with an incorrect direction. As with any new technology, it is of paramount importance to understand exactly what can be expected before you launch.

As cloud computing is in it’s (relative) infancy, it’s understandable that we have seen a fair share of myths and misinformation. These can distort your planning stages and, as a result, jeopardise projects. In order for you to better make an informed decision about what cloud services are right for your organisation, we want to look at one of the biggest cloud computing myths…

“A lack of cloud computing standards compromises its use.”

We have heard the above statement made on multiple occasions by a variety of different professionals from different backgrounds. At its heart is a very understandable concern. What these professionals all want to be sure of is that standards are in place that won’t jeopardise the viability of their project further down the line. But a lack of centralised cloud computing standards is unlikely to be as much of an issue as thought.

While it is right so suggest that with new technologies comes a lack of standards across the board, this doesn’t necessarily correlate to a compromisation of usage. For the majority of SMEs, the lack of cloud computing standards shouldn’t be viewed as a barrier. The reason is simple – each cloud provider has their own specific tools that allows users to handle a portion of their platform.

At this point, when the user has access to a single cloud provider, adherence to standards doesn’t and shouldn’t matter.  What matters is that the user is able to use their cloud provider’s own management tools to handle, amongst other things, operating systems, hardware and application software.

Their may be some issues – but not so much that they can’t be overcome

It is important to note that a lack of cloud computing standards could become an issue for certain projects. In particular, if your project focuses on building applications that are tightly coordinated between your own personal data-centre and the cloud, or different cloud providers, you are going to need to tune your problem management practices for the cloud. But you’d need to do this if there were standards anyway.

Rather than dismiss the cloud on these grounds, it’s far better to weigh the potential pitfalls against the alternatives.

Essential time-saving apps for SMEs

Running a medium-sized business efficiently can be a daunting task, especially where your position means you have to take on many different roles. Luckily there are vast numbers of productivity apps devoted to helping SME professionals optimise their time resource. If you’re struggling to co-ordinate your business tasks and would like some inside information about which time saving apps are best, read on!

Managing a business can be a very time-consuming commitment. It requires a lot of time and energy to ensure that crucial tasks are not forgotten. Being able to prioritise is not an easy ask when the buck stops with you and you have to deal with all the little details of running your business. Knowing the right tools to keep track of your work, tasks and finances can make a world of difference.

There are many productivity apps that can help here. The irony is that you probably don’t have the time to try them all out for yourself. So to make it easier, here is our run-down of essential time-saving apps for SMEs.

Asana

Developed by Facebook co-founder Dustin Moskovitz and ex-engineer Justin Rosenstein this app focuses in on improving employee productivity using social networks.  Asana is a web and mobile application which allows teams to keep track their own tasks and those of their colleagues. At its heart is collaboration, allowing teams to create a custom workspace for different projects, each with separate tasks and due dates as well as a tick box function where users can follow, comment, tag and upload attachments and other resources.

Trello

Trello is a project management app that allows you to keep track team workflows. It uses “cards” which represent different tasks and shows their status. You can add users, attachments, comments, due dates and checklists as well as resources to these cards. It’s great for managers who want to manage but don’t want to pester their teams.

My Minutes

My Minutes is a real eye opener. This is a really simple app which brings transparency to what you do with your time and how you waste it. It helps you to take control of the amount of time you waste on other tasks when you should be focussed on something else. You can set simple, achievable goals in the shape of time-constraints, e.g. “research new prospecting techniques for 30 minutes”. A great tool for remote workers and freelancers who work alone and get distracted by tv or facebook!

Slack

Slack is the professional instant messaging platform that is used by teams across the globe. It is the ideal way to encourage communication between team members within your organisation, and allows you to organise conversations on certain points into public channels in one space. It also makes it much easier for team members to share files and images quickly and avoids having to check a load of other different apps and platforms for updates. Great for teams and remote workers alike.  Slack is one thing it’s not!

Pushover

Pushover is a great app for medium sized businesses who have multiple phones and devices to keep track of. It sends push notifications to a chosen smartphone that organises messages and notifications into one specific place. Great for those who are hotdesking and aren’t always in the office to keep in the loop.

RescueTime

RescueTime is ideal for SME professionals who find themselves getting distracted easily. It breaks down where you spend your overall time across applications and websites and holds you accountable. You can the set productivity goals and limits to the amount of time you spend on each of these. It’s great for remote workers and anyone who wants to get out the door at 4 as opposed to 5.30!