As you are aware, the new GDPR data protection regulation took effect in May 2018, and it has highlighted the importance of key IT solutions required for all networks . The ICO are so focused on some of these IT data protection solutions, that they will even retrospectively fine an organisation should a data breach be experienced, i.e. This happened with The Carphone Warehouse from a breach in over 3 million clients data back in 2015.
Over the last 12 months, the various teams within ESP Projects have been advising clients about the End User Hardware and recommended security solutions for their network, in particular ‘Automated Patch Management’, Malware, Cyber Essentials, Window updates etc. ESP cannot stress enough the importance of these recommended updates and additional security software solutions and these are now reinforced by the ICO itself.
The purpose of this email is therefore to reiterate the importance of the simplest requirement from the ICO, ‘Automated Patch Management’.
“Failing to automated patch vulnerabilities now will lead to punishment under the GDPR”. This is the message from the UK IT Governance Department in conjunction with the ICO guidance with the ICO’s statement an acknowledgement of this.
The 88-page document from the European Commission makes it abundantly clear that both data “controllers” and “processors” must protect EU customer information through “appropriate technical and organisational measures.” And failure to do so could result in penalties.
So why is Automated Patch Management so important?
Staying up-to-date with patching is crucial to preventing data breaches in your network. For example, the WannaCry and NotPetya ransomware attacks were classic examples of the severe consequences of missing critical patches, as fixes were available for both before the attacks happened. AND When it comes to GDPR, a lack of patching is seen as negligence.
What Does Patching Do?
An Automated Patch Management solution will fully automate the patch management life-cycle for desktops, laptops and servers by identifying, testing & deploying operating systems as well as over 300 third party application service packs, security fixes and patches on a daily basis. It is for this reason that ESP Projects recommends the Atera Automated Patch Management Solution for all devices on your network.
For SME’s, manually searching for and applying software patches is an extremely and non-scaleable time-consuming task. Automated Patch management overcomes this challenge and automatically handles the update process for every node on the corporate network. All for £12 per license per year.
Really, it should be a part of every IT manager’s arsenal. Nowadays, even minor software bugs can lead to major headaches so the importance of implementing a regular patching schedule can’t be underestimated!
With the drive and focus from the ICO and UK IT Governance Department, ESP whole heartedly recommends the Atera Patch Management solution. If after careful consideration, you decide not to proceed with this ICO required solution, its important that you understand the potential consequences. Don’t hesitate to contact ESP to discuss further and find out how this can be implemented.
Further details around the GDPR cyber security requirements/recommendations can be found via the GDPR Security Outcomes whitepaper on the National Cyber Security Centre website (ncsc.gov.uk/guidance/gdpr-security-outcomes) and the attached GDPR overview document.
Units 7, 9 & 10 Edmund Road Business Centre,
135 Edmund Road,