The arrival of the States of Guernsey public report on the recently performed review of the state of Cyber Security, and the timely finalisation of changes to the EU Data Protection Legislation, highlight some key points that apply to all organisations in Guernsey.
Firstly, it is recognised that we need to do more Cyber education across all levels. This needs to start at primary school, but all organisations need to do their part. Employee education and awareness of Cyber risks is key to defending against the majority of attacks. This point cannot be overemphasised. Unless all employees are fully aware of what can happen, your expenditure on firewalls, anti-virus and other technologies will not be enough to protect your organisation.
I would welcome a move to a similar scheme as the Cyber Essentials in the UK, with a possible certification or standard being introduced. Whilst introducing a minimum standard would not defeat all attacks, it makes things much harder for the Cyber criminals and they may 'move on' to those that haven't implemented the basic controls.
As a differentiator I can see a huge advantage to the island in being able to demonstrate that local business takes Cyber Security seriously, and backs up the messages being given by many including, Locate Guernsey, that we are a safe and trusted place to do business.
The last point I wish to stress relates to the recently finalised EU Data protection legislation, which will apply to all organisations processing the data of EU nationals regardless of their location. I welcome that it is not mandating Data Protection officers for all size organisations, but local companies doing business in the EU will face a potential fine of up to 4% of global turnover for data breaches. On top of the costs associated with dealing with the aftermath of a data breach, this could cripple many local organisations if they get it wrong.
Now is the time to take your security seriously and prepare for these changes as there will be a need to identify all the relevant data involved, which may be a considerable task.