Director of VORAS Consulting, Cyber Security Expert, Paulius Petretis Uses Recent Corporate Fine As Example To Inspire Businesses Into GDPR Compliance.

Paulius Petretis, leading cyber security expert uses Carphone Warehouse’s recent fine to motivate straggler businesses to take action to put cybersecurity measures in place before the upcoming GDPR deadline in May.

 Vilnius, Lithuania – February 10, 2018 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “The High Cost Of Compromising Customer And Employee Data.” Mr. Petretis makes his appeal to all the businesses that are dragging their feet or trying to avoid GDPR compliance.

Petretis writes, “If you need any more inspiration to bring your business into GDPR compliance let this be it. Carphone Warehouse was recently fined £400,000 for putting its customers data at risk and allowing ‘unauthorized access to the personal data of over three million customers and 1,000 employees’.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/01/carphone-warehouse-fined-400-000-after-serious-failures-placed-customer-and-employee-data-at-risk/

As Petretis points out, “It was without a doubt Carphone Warehouse’s casual approach to data security that ultimately brought them under the scrutiny of the Information Commissioner’s Office (ICO).” He continues adding, “Apparently the company had not taken sufficient action to protect their massive storehouse of personal information. In other words, Carphone’s cyber security was clearly outdated as the intruders accessed the Carphone system via obsolete WordPress software.”

Petretis quotes ICO.com which reported, “The incident also exposed inadequacies in the organisation’s technical security measures. Important elements of the software in use on the systems affected were out of date and the company failed to carry out routine security testing. There were also inadequate measures in place to identify and purge historic data.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/01/carphone-warehouse-fined-400-000-after-serious-failures-placed-customer-and-employee-data-at-risk/

 According to Petretis, “If you have a business in Europe or are doing business with Europeans and house personal information of customers and employees, you have a general obligation as stated by the GDPR to implement technical and organizational measures to show that you have considered and integrated data protection into your processing activities.” He elaborates further, “You must ensure that privacy and data protection is a key consideration in the early stages of any project, and throughout its lifecycle. This includes the following:

When building new IT systems for storing or accessing personal data;

When developing legislation, policy or strategies that have privacy implications;

When embarking on a data sharing initiative; or

When using data for new purposes.”

The entire article can be read at http://pauliuspetretis.freeua.agency/the-high-cost-of-compromising-customer-and-employee-data/

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

 

 

 

Cyber Security Expert, Paulius Petretis Keeps His Customers Data Safe With State-of-the-Art EU General Data Protection Regulation Compliance Suite.

Paulius Petretis, leading cyber security expert and CEO of VORAS Consulting alerts business community to his company’s new EUgrc Complai Engine offering to bring businesses into compliance in time for EUGDPR deadline.

Vilnius, Lithuania – February 10, 2018 – Paulius Petretis, CEO of VORAS Consulting posted a new blog on the company website entitled “VORAS Consulting Offers Fully Automated EU General Data Protection Regulation Compliance Suite.” Mr. Petretis has a single focus in his latest blog to spur companies into action before the EU GDPR deadline.

Petretis writes, “It is our mission at VORAS Consulting to stay on the leading edge in cyber security to provide the highest level of protection possible.” “To that end,” he continues, “we are proud to offer a fully automated EU General Data Protection Regulation Compliance Suite.”

“EU GDPR enforcement begins at the end of May,” Petretis reminds his readers. He continues adding, “You do not want your company to risk being non-compliant. The double whammy of being attacked and subsequently being fined could bring your company to its knees.”

According to Petretis, “The new Compliance Suite features the EUgrc Complai Engine, an expert system based on hundreds of live consulting projects and loaded with the EU GDPR requirements:

– ISO/IEC 29134 Guidelines for privacy impact assessment,
– ISO/IEC 29151 Information technology – Security techniques – Code of practice for personally identifiable information (PII) protection,
– and the ISO/IEC 27000 series Information security management systems.”
The entire blog can be read at http://pauliuspetretis.freeua.agency/voras-consulting-offers-fully-automated-eu-general-data-protection-regulation-compliance-suite/

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information Systems Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

The High Cost Of Compromising Customer And Employee Data

If you need any more inspiration to bring your business into GDPR compliance let this be it. Carphone Warehouse was recently fined £400,000 for putting its customers data at risk and allowing “unauthorized access to the personal data of over three million customers and 1,000 employees.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/01/carphone-warehouse-fined-400-000-after-serious-failures-placed-customer-and-employee-data-at-risk/

 

Casual Approach To Data Security Brings Downfall

It was without a doubt Carphone Warehouse’s casual approach to data security that ultimately brought them under the scrutiny of the Information Commissioner’s Office (ICO). Apparently the company had not taken sufficient action to protect their massive storehouse of personal information. In other words, Carphone’s cyber security was clearly outdated as the intruders accessed the Carphone system via obsolete WordPress software.

According to ICO.com, “The incident also exposed inadequacies in the organisation’s technical security measures. Important elements of the software in use on the systems affected were out of date and the company failed to carry out routine security testing. There were also inadequate measures in place to identify and purge historic data.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/01/carphone-warehouse-fined-400-000-after-serious-failures-placed-customer-and-employee-data-at-risk/

The ICO considered the inadequate security measures at Carphone Warehouse to be a serious breach of the Data Protection Act of 1998 Principle 7. According to Information Commissioner Elizabeth Denham, “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.” She added “Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/01/carphone-warehouse-fined-400-000-after-serious-failures-placed-customer-and-employee-data-at-risk/

 

Business’s Obligation For Data Protection Key Consideration

If you have a business in Europe or are doing business with Europeans and house personal information of customers and employees, you have a general obligation as stated by the GDPR to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. You must ensure that privacy and data protection is a key consideration in the early stages of any project, and throughout its lifecycle. This includes the following:

When building new IT systems for storing or accessing personal data;

When developing legislation, policy or strategies that have privacy implications;

When embarking on a data sharing initiative; or

When using data for new purposes.

If you consider cyber security something that can be added to your system as an afterthought or completely ignored, you are wrong. The new GDPR regulations will come into effect at the end of May. Keep in mind that it is your company’s responsibility to protect customer and employee personal information. Cyber attacks are happening more frequently every day. Having an effective layered security system will help to ward off any attack.

Procrastination Does Not Pay

Time is running out. Do not put your business at risk. Procrastination comes with a very high price. . If you are a business owner and have yet to come into compliance for GDPR, call our offices to set up a consultation. We now offer the most advanced level of cyber security, the new EUgrc Compliance Suite.