When running an organization that is based on the use of IT systems or other applications, you should always consider cybersecurity and personal data protection issues. One negligence can have a number of negative effects and even lead to the collapse of the company. Find out if your business can be targeted by hackers and how to ensure the cyber security of your company and its resources.

From the article you will learn:

  • why you should not underestimate the issue of security in the company;
  • if your business is protected against hacker attacks;
  • whether security measures once implemented can become obsolete;
  • what kind of support your cyber security specialist can give you.

Every day new methods and techniques are emerging that are used by hackers. Their number is rising so fast that once implemented business security solutions do not guarantee security continuity and 100% certainty that you are protected against hacker attacks. Therefore, it is worth to remember that maintaining a high level of protection of company resources for a long time requires an interdisciplinary approach and also that the IT system is as secure as its the weakest link.

Is business security important?

There is so much talk about surveillance issues in the company and cyber security threats to business today. Every now and then we hear in the media about situations in the form of cyber attacks, such as the famous "WannaCry" attack or Petya ransomware infection. For this reason, services related to ensuring company compliance with GDPR, personal data protection, network auditing, penetration tests and security audits for companies are becoming increasingly popular. Even very well secured IT systems can be attacked by hackers and this is often caused by so-called "weak links" in the organization. Very often the weakest link in the security system is... a human being. Thinking seriously about security in our company, we must consider not only critical systems, but also potential weak links in the form of people. It is worth considering implementing appropriate security procedures and security measures in the form of e.g. blocking email with unaccepted attachments, realizing a more restrictive password policy or, above all, educating, i.e. staff training in personal data protection. Thanks to security training in the company, you can be sure that the staff will fulfill their obligations in accordance with security standards, and that every employee will react quickly and responsibly in an emergency, e.g. during a hacker attack or data breach. Then we can talk about the protection of our organization resources and this is what closes in the concept known as the system approach to security.

When do the company's security measures become obsolete?

Can you diagnose when technical or organizational security measures become ineffective? What are some good cyber security habits? It is difficult to answer this question unequivocally. For a long time, SSL was thought to be secure and indeed it was. On the other hand, Windows security patches come out literally every moment. Therefore, it all depends on how the specific IT solution was designed and developed. It should be verified whether already at the stage of its designing system architects and developers adhered to such standards as OWASP, NIST, ISO 27000, or whether they focused only on the functionalities of the application in terms of business. Forgetting security standards at the design stage may result in additional and necessary modernization work on IT systems so that they do not violate the GDPR guidelines, prevent leakage of personal data and that they are completely safe for its users. Cyber security specialists emphasize one thing at every opportunity - there are no applications that cannot be broken; there are only those that can be harder to break. That is why performing networking audit or penetration tests, conducting security audits results in having current status of application security. This, in turn, forces hackers to look for new vulnerabilities, and this is a much more difficult process. To sum up, it is worth educating on these issues and supervising application security updates, implementing active security testing in the organization, conducting black box tests or white box tests and choosing innovative security measures for business recommended by cyber security companies.

How can a cyber security specialist support you in terms of company security and personal data privacy?

It is clear that lawyers are not developers, auditors are not lawyers, while developers are not any of the groups mentioned above. It is extremely important for these three worlds - developers, auditors, lawyers - to be able to work together and “speak a common language”. It is not enough to design a business solution well in terms of business, because it is necessary to guarantee its consistency with legal requirements and with modern technical security standards. And when lawyers define how the system should act from a legal point of view, architects and IT designers must ensure that these requirements are properly implemented from a technology point of view, taking into account best practices, system design patterns and many technical controls. The main task of application security auditors is to control the system during its development and during its operation, as well as to ensure that legal conditions and digital protection are constantly met. For this reason, if the issues of information security standards and privacy of personal data are to be comprehensively addressed, cooperation between law firms, companies dealing with penetration tests/security audits and software house that develops applications is necessary.

This article is part of the e-book "Expert guidebook – Three approaches to cyber-security", taking into account the views of three specialists on the issue of cyber-security. Download the e-book and learn, among others: who can be targeted by cyber-criminals, what techniques are used by hackers, how to ensure cyber security in business organizations and detect its weak points. Take care of your company's security and responsible business operation of your employees, because hackers do not wait, do you?

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to hello@sagiton.pl, or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: hello@sagiton.pl.

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact