Get to grips with cyber security and compliance

The age of Big Data and cyber security is here, and with it comes both opportunity and risk for procurement.

Many public sector organisations have automated their procurement processes using eProcurement solutions, and in most cases this has been accomplished safely. However, in some cases mistakes can slip through the net.

Good cyber security protects the ability to function while exploiting the opportunities that technology brings, making it central to an organisation’s digital health and resilience.

New regulations such as GDPR, as well as high-profile media coverage on the impact of cyber incidents, have raised the expectations of partners, stakeholders, customers and the wider public. Quite simply, organisations – and board members especially – must get to grips with cyber security.

To celebrate Cyber Security Month, we’ve teamed up with Cyber Essentials to discuss why the public sector and third sector organisations are investing in their cyber security strategy.

 

What is GDPR?

On 25 May 2018 the EU implemented a new data privacy and security law across Europe, the General Data Protection Regulation (GDPR).

The GDPR documents include hundreds of pages worth of new requirements, leading organisations around the world to reassess their data protection strategy.

Many would argue that GDPR is the toughest data privacy and security law in the world. Though it was drafted and passed by the European Union, it imposes obligations on organisations anywhere, so long as they target or collect data related to citizens in the EU.

 

Sensitive information

The public sector has access to vast amounts of personal data, much of which is of a sensitive nature. The European Commission considers the following information ‘sensitive’:

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • trade union membership;
  • genetic data, biometric data processed solely to identify a human being;
  • health-related data;
  • data concerning a person’s sex life or sexual orientation.

Source: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en

 

The public sector is responsible for protecting the privacy of sensitive data in all circumstances; therefore, your organisation must have policies and procedures in place that adhere to the new rules.

Many public sector organisations have faced a range of challenges to ensure that the software and third-party services they use are compliant with GDPR as personal data is often shared throughout the procurement process.

This can be a time-consuming task; however, Delta eSourcing users can protect the data gathered during their contract exercises and remain compliant with our contract management software.

 

Stay compliant with Cyber Essentials

One of the main benefits of being GDPR compliant is that your organisation will remain cyber resilient.

Having Cyber Essentials certification is now a standard part of the public procurement process. This Government-backed scheme is a simple way to protect your organisation, whatever its size, from over 80% of common cyber attacks.

Learn more about Cyber Essentials and how you can gain certification below.

 

What is Cyber Essentials?

Cyber Essentials certification is an excellent place to start if you want to safeguard your organisation from common cyber security threats.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a burglar trying your front door to see if it’s unlocked. Our advice is designed to prevent such attacks.

 

Why is cyber security important to public and third sector organisations?

In a recent blog, Delta revealed that “63% of organisations have a designated cyber security lead and 60% say they have stricter controls in place than previously with regard to monitoring, handling and processing data.”

Having a cyber security strategy in place is vital and should be high on the public sector’s agenda. Organisations have been warned of the possibility of a major cyber attack in the UK in the near future; it is a matter of “when, not if” according to the head of the UK’s National Cyber Security Centre.

There have been several events in recent years which have boosted cyber security awareness within the public and third sectors.

The WannaCry cyber attack in May 2017 was a major blow to the public sector. During this ransomware attack, over 30 NHS trusts were infected and professionals across the public sector were locked out of their devices.

The ‘Investigation: WannaCry cyber attack and the NHS’ report which was released a year after the attack stated that the NHS has accepted that “there are lessons to learn” from WannaCry and is committed to working on cyber security improvements.

As for third sector organisations, according to the ‘Cyber Security Breaches Survey 2019’, a survey by the UK Government detailing business and charity sector action on cyber security and the costs and impacts of cyber breaches and attacks, 36% of third sector organisations say they have made changes to their cyber security policies or processes as a result of GDPR.

Findings from the survey suggest “that GDPR has encouraged and compelled some organisations over the past 12 months to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes.”

 

Cyber Essentials certification

Cyber Essentials will not only protect your business but also demonstrate to your suppliers that your organisation is dedicated to staying cyber secure and has the latest recommendations in place to counter the latest threats.

Show your stakeholders and partners that your organisation holds itself to a high standard of cyber security in accordance with the UK’s National Cyber Security Programme.

Learn more about the Cyber Essentials scheme by downloading our scheme summary.

 

Free Cyber Security webinar

If you have any questions about cyber security and GDPR, join us at our next webinar.

Cyber security expert Cleo Hartness from Cyber Essentials Online will be discussing many of the topics mentioned above and you will get the chance to ask her any questions you have about Cyber Essential certification during a live Q&A session.

Register for this free webinar here.