2018 is underway and as we all settle back into work mode one can’t help but ponder what the year ahead may have in store for us. There’ll be expected events that will impact our industry such as the GDPR in May, the issue of Brexit that no one can escape and no doubt we’ll witness more data breaches and cybercrime hacks. With all that in mind, here’s our take on what the year ahead holds for businesses in the UK.
GDPR on the horizon
We ran a survey on this topic back in February last year, and found one in three businesses had not heard of GDPR. Worryingly, a more recent survey by Close Brothers, (featured in Computer Weekly), reported that SMEs are still struggling to get to grips with what ‘personal data’ really means and what their customers new and extended rights are.
Whilst Article 30 does say that companies with fewer than 250 employees don’t need to employ a Data Protection Officer (DPO), both the EU’s legislation and the Information Commissioner's Office (ICO), the UK's data watchdog responsible for enforcing GDPR, have confirmed the new rules apply to all companies.
Even micro businesses need to retain internal records of processing activities, especially where the data being handled could put somebody's rights and freedoms at risk. Other areas small businesses need to consider in relation to GDPR include: consent to be contacted for different purposes (marketing vs support etc.), consumer rights to have personal data erased, consumer rights to ask for copies of personal data, reviewing and improving their data governance obligations and procedures for notifying the ICO of data breaches.
Our advice is that as a bare minimum, ALL businesses should go through the ICO’s “12 steps to take now” guide and run through their “data protection self-assessment toolkit”.
Brexit and uncertainty
The second issue that will continue to deliver uncertainty for British businesses is Brexit. Much like the passporting rules in the financial services sector or the Open Skies agreement in the aviation sector where both industries will suffer badly from a ‘no-deal’ Brexit, rules surrounding the storage and free flow of data between the UK and Europe may also be under threat. What the real-world implications of this might be, is a subject industry experts are still trying to unpick, but one thing is for certain, major companies are already planning for the worst. Data sovereignty will almost certainly be a hot topic for 2018.
There will be very little we can do with Brexit other than lobby our local MPs and impress upon them the impact the uncertainty is having on our businesses. Talk to your clients (especially international ones) and keep them informed of the latest Brexit news which should help to prevent them from making any rash decisions.
2017 was a record year for data breaches and cybercrime hacks. Dun & Bradstreet, Saks Fifth Avenue, Gmail, Brooks Brothers, Equifax, Deloitte, Yahoo!, and Uber are only a handful of names that were breached last year. And this year started with news that the ICO had handed down a hefty fine to Carphone Warehouse (£400,000) for a breach back in 2015 and in the US VTech was fined $650,000 over a major breach in 2015 too.
Who could forget the impact of ransomware, Wannacry and Petya (or NotPetya) across the globe. And already this year businesses have been affected by processor bugs, Meltdown and Spectre x86/x64 architecture. Unfortunately, in many cases the patches to fix these vulnerabilities are causing more harm than good.
Our advice at the moment is to:
- Make sure you’re updating your anti-virus and browser software daily
- Make sure your Operating System auto-updates are enabled
- For any other patching, either seek professional help before applying an update or carefully review other peoples’ experiences first
For more information, check out our landing page which will be updated regularly:
So, if 2017 was bad for security what can we expect for 2018? There’s no doubt that criminals are becoming more sophisticated and are well equipped to invent new ways of keeping us on our toes. We expect to see a continued rise in ransomware, whale phishing and social engineering attacks.
The Bitcoin bubble
And finally, we couldn’t look back on 2017 without mentioning the astounding developments on the bitcoin front, where the price grew to over 1700% since the beginning of 2017. While there were hacks (Parity Technologies) and bans (China banned all cryptocurrency exchanges in September) there was also a broader, albeit reluctant, acceptance of bitcoin as a new asset class (JPMorgan).
The increased value of bitcoin has led to a flood of interest in the business of cryptocurrency mining – something we wrote a whitepaper on towards the end of last year.
The underlying technology behind bitcoin, ‘blockchain’, is also in the ascendant, with start-ups promising to change the world with it. Whilst blockchain will be useful in transaction verifications and providing immutable audit trails, the technology is still relatively nascent and is unlikely to have a major impact on the financial services world in the next 12 months.