After a year of GDPR, firms still don’t get it

GDPR’s one-year milestone is less than a month away, but organisations are still failing to protect personal data,  according to ESET researchers.

Unencrypted USB devices are still widely used by businesses despite the fact that unsecured data could lead to GDPR fines. New research conducted by global security company ESET, and Kingston Technology, a world leader in technology products, shows that 55 percent of business don’t encrypt their removable devices, leaving themselves exposed to data leaks.

The ESET and Kingston research surveyed over 500 British business leaders to investigate how they are protecting their companies from cyber threats that may be harmful to their organisations. The survey also revealed that 62% of executives admit to seeing USB devices in unsecured locations such as desks, drawers and exposed office spaces, where an employee or visitor could access without permission.

Speaking about the research findings, Jake Moore, a Cybersecurity specialist at ESET, said: “With GDPR one-year milestone just a month away, it is interesting to see what businesses are doing differently to protect themselves from cyber security issues and fines. The survey reveals that companies are still not adequately protected from data leaks as this level of unencrypted devices means anyone can access personal data without security clearances. This poses significant security concerns for firms that do not have the processes in place to ensure their data is safe. One of the ways to do this is through the use of encryption. However, the survey reveals that password protection is still widely used amongst businesses even though it lacks in sophistication.”

Robert Allen, European Director of Marketing & Technical Services at Kingston Technology said: “Using encrypted USBs will protect your sensitive data outside of the network firewall. Regardless of this, almost half of British businesses are not encrypting removable devices. However, encryption promotes and maintains a productive and efficient mobile workforce while complying with GDPR and other data privacy regulations. At the same time, it protects the business network from being infected or hacked by cybercriminals that implant malware to infiltrate personal data. Can corporations afford to take the risk?”

For a very small investment into encrypted USBs, companies can better protect their infrastructure and possibly their reputations.