Friday 6th July may have been the night when Belgium took on Brazil to head through to the World Cup semi finals, but it was also the evening when 12 teams met at Bury St Edmunds Rugby Club in a bid to win the N2S Charity Quiz.

The quiz is part of a year long fundraising campaign to support the company’s pledge to raise £5,000 this financial year. With a fantastic range of raffle prizes, including a Microsoft Surface, up for grabs and the full price of the Quiz entry going to the charity, the final amount raised was £918.00.

With local businesses, Abbeycroft, Macfarlane Packaging, Carluccios, Homebase, Javelin, Bannatynes, Byron Burger, Glasswells and Adnams donating raffle prizes, N2S is extremely grateful for the support they have received in raising funds for such a worthy charity.

This is one of a number of events planned as part of the team’s fundraising efforts, with Christmas, Valentines and Easter raffles, bake sales and a team weight loss continually raising funds so far this year. Keep your eye on our social media accounts for the next event!

If you missed the quiz there is still time to donate to Macmillan via our Just Giving page here: https://www.justgiving.com/fundraising/network2supplies

Working alongside our existing client Investec, a specialist bank and asset management company, we carried out two data destructions and IT collections onsite at Investec premises. As part of these collections, we collected redundant IT equipment, ensuring all data was destroyed before auditing the equipment to determine whether it could be resold or recycled.

The equipment which was suitable for resale was sold off to our approved partners and the £450 profit made from these devices was donated to the School of Hard Knocks Charity.

In addition, we recycled 4.336 tonnes of IT equipment with 0% to landfill.

The School of Hard Knocks is a social inclusion charity. They use sport to tackle the issues surrounding unemployment, crime and health The charity works with individuals to help them take responsibility and take positive steps forward in their lives. For more information about the charity, please click here.

What is GDPR?

GDPR comes into effect on 25 May 2018 and introduces new obligations for any organisation that handles data about EU citizens regardless of location.

It will place a stricter emphasis on businesses to demonstrate they are managing and protecting personal data alongside introducing data breach notification into European law for the first time.

What does it mean for your business?

• All businesses will need to comply to these regulations, so you cannot avoid it
• From now all, pretty much all personal data will now fall under GDPR, including anything that can be used to identify an individual.
• It will affect the way you obtain consent to use personal data – including for your marketing
• If you are a public authority or a business which core business means you undertake “regular and systematic monitoring of data subjects on a large scale” you will be required to appoint a DPO (Data Protection Officer).
• You will now need to undertake mandatory Privacy Impact Assessments (like a data risk assessment) before undertaking a data project
• You will now be required to notify your Data Protection Authority if you suffer a data breach within 72 hours of finding it
• GDPR introduces the right to be forgotten, which you must delete all data if the data subject request you do so
• Data liability is extending beyond data controllers, so even if you are a service provider which processes data, you are now liable.
• Privacy will need to be included in systems and processes by design, including the ability to capability to completely erase data
• GDPR will allow any Data Protection Authority to take action against an organisation regardless of location. This will create a far more level playing field in comparison to today where companies choose to base their data where the Data Protection Authority may be more lenient.

Top tips for your business:

It’s about good admin
Make sure you can document the full process of data from the initial consent, through to where it is stored and how it is analysed and used in your business.

Build the right toolkit
Review which standards you already have in place, such as PCI DSS, COA, or ISO27001. These will be a good starting point and the accredited organisation should provide a framework for you to map your current processes against GDPR compliance.

Privacy by design and by default has a concept of minimisation at its core. This is that only the minimum amount of data is held to complete the task at hand. So, the first activity should be to

Highlight examples of where the processing of personal data or archived data is unnecessary and delete it. For example, home IP addresses in your web stats or individual names in market research data. Data erasure is a key tool here, ensure you are disposing of data securely and ethically. [Link to data service page]

Control and audit user access

Keep a tight control on user profiles for systems which can access personal data within your business. Ensure you have an update to date record of log in information as compromising user accounts is one way cyber criminals can gain access to your data. Consider setting up a single sign in system where you have staff accessing multiple systems.

Have the systems in place to detect if you suffer a breach

Make sure you have the right level of Anti-Virus and Anti Malware in place to protect you against a breach. However, with the landscape of cybercrime always changing a breach is never impossible, so ensure you have the correct procedures and systems in place to identify and highlight unusual activity in your systems.

With the enforcement date of 25 May 2018 looming, now is the time to start reviewing your processes and systems to ensure you are complaint!

However, Cyber criminals are becoming much more sophisticated and are now more targeted in their approach and this has led to the emergence of a new and dangerous phenomenon – spear phishing.

Unlike general phishing, with spear phishing the cyber attackers carefully research their intended targets, such as gaining information from their social media accounts or from any other information they put on the internet from their PC. For example, they might scan social networking sites to find a targets page, their email address and their friends list. Often spear phishers are not after money, there are more likely to target specific organisations to obtain high level confidential information such as business plans, corporate secrets or plans for sensitive technology.

You may feel you are far too sensible to fall for a trick of this kind, but these cyber criminals are a clever bunch of guys and gals. Using information they have found the spear phisher can pose as someone you know and send emails which appear to come from a trusted source such as your accountant, solicitor, your bank or work colleagues. They will then try to trick you into handing over confidential and sensitive information that they can use for their criminal purposes. Every individual at any business, corporation or organisation is a real target for the spear phisher and we all need to take action to protect ourselves.

So, how do we protect ourselves from these clever cyber criminals, you may ask. Well, here at N2S, we have spent years perfecting our data protection services, so we truly qualified to advise on this matter:

• The first step in protecting yourself is to be aware you and your organisation are a target
• It is advisable to limit the amount of personal or sensitive information you put on your social media      accounts or websites. This will make it more difficult for the cyber criminal to effectively research the  details they need to trick you
• Unless you are 100% sure of the emails origin avoid opening attachments or clicking on links
• If the email comes from a person or company you know, then use the contact details you already have for  them
• If you an employee or sub-contractor support the security efforts of the company you are working for by    following appropriate guidelines and policies which may be in place
• Use security tool such as antivirus software and encryption
• Think about your passwords. Always vary your passwords, do not regularly use the same one of different platforms. Do not make password obvious, for example by using your initials, make them difficult for anyone to workout. Have a different password for every site or platform you use and change them sporadically
• When you get notices from software vendors to update your software, do it. Most operating system and browser updates included additional security measures
• If an email seems strange in any way or you feel you may have fallen victim to a spear phishing attack then inform your help desk, security team or even the police immediately.