All eyes are on GDPR, but don't forget about NIS
With all the buzz around GDPR, another important piece of legislation seems to have taken a back seat. Just like GDPR, the EU’s Network and Information Systems (NIS) Directive will also come into force in May. Rather than focussing on the protection of personal identifiable data like GDPR, the NIS directive sets out to improve the security of network and information systems across the UK, with a focus on essential services which could potentially cause significant damage to the economy, society, and individuals’ welfare if disrupted.
The NIS Directive
From May 9th it will be law for firms in the energy, transport, water, health, and digital infrastructure sectors to have systems in place to ensure they can keep services running should they be victim of a cyberattack.
Ciaran Martin, the National Cyber Security Centre’s (NCSC) Chief Executive, commented ‘Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible.’
As has been seen from numerous cyber security incidents, these systems can be an attractive target for malicious attacks and they can also be susceptible to disruption through single points of failure. Incidents affecting any of these systems could cause significant damage to the UK's infrastructure, economy, or result in substantial financial losses. The magnitude, frequency, and impact of network and information system security incidents is increasing.
Global events such as the 2017 WannaCry ransomware attack, which affected the Russian government, German trains, and automated monitoring of Chernobyl clearly highlight the impact these incidents can have.
In the UK, the severity and impact of cyberattacks was witnessed last year with the Wannacry attack on the NHS which affected over a third of NHS trusts. This meant that around 7000 NHS appointments were cancelled, pen and paper was resorted to, and patients were turned away. With basic security measures in place this attack could have been prevented, or at worst systems could’ve been restored in a matter of hours rather than the days it actually took.
The Directive is enforced on the grounds of a threat to public safety, and/or potential significant adverse social or economic impact due to disruptions. As well as cyberattacks, the Directive covers power outages, hardware failures, and environmental hazards.
So, what can we take from this? Having both preventative and reactive measures in place to deal with disaster scenarios is crucial. Having good cybersecurity measures is a fundamental aspect of any business, regardless of size, industry, and whether it’s required by law.
What can Risc IT Solutions do to help?
Alongside setting up systems and processes to ensure efficient steps are taken in the event of a cyberattack (speak to us about our consulting services), we recommend the following solutions.
Clunk Click Online Pro
With Clunk Click Online Pro you can backup critical data from desktops, laptops and servers, across physical and virtual platforms. Data is secured off-site or in local datacentres, whilst giving backup administrators full control of all processes. In the event of a disaster or compromise, InstantData provides access and restoration of your files through 3 methods: Permanent Recovery, Temporary Recovery and Full System Restore.
Having a backup of your data so you can restore it in the event of a disaster is essential for business continuity. However, this assumes that your servers are intact and available. To mitigate against instances where you have lost the very thing you need to restore your data to, Disaster Recovery comes in. We have a number of solutions available for both physical and virtual server replication meaning in the event of a disaster you can get your data, infrastructure and your business back up and running in no time.
ESET Endpoint Encryption
ESET's Endpoint Encryption offering allows you to encrypt your data so that if you do suffer a data breach, the confidential data will not be exposed. This can be implemented as a full disk encryption, encryption for removable media, across email, or on mobile devices.
SkyKick Office 365 Backup
Data can be lost, even in the Cloud, as it's still susceptible to human error. SkyKick can backup your Office 365 Email, OneDrive and SharePoint, providing an extra layer of security as well as the ability to restore your data instantly.
Mako Network Routers provide a secure firewall to keep your network safe from intruders. The Cloud-based management portal allows you to control your network easily through a single Cloud-based interface. Mako is the only network management service provider with end-to-end Payment Card Industry Data Security Standard (PCI DSS) certification.