GDPR compliance isn’t all about encryption: what other types of software can help you achieve compliance?
Encryption is often a go to when you start to discuss or read about GDPR and there is no denying that it is a crucial piece of the puzzle.
Encryption will help to ensure unauthorised actors do not gain the ability to read or remove data they should not have access too. For more information about encryption read this blog.
That’s all well and good, but there are other key pieces of software which don’t get nearly enough share of the spotlight.
Mark James, ESET IT Security Specialist, details three very important software types that all contribute toward GDPR compliance in their own way.
· Endpoint and server security products can both be used to stop malware entering and infecting machines that could be used to remove data. It’s crucial that, as a minimum, everything connected to your network is protected by endpoint security.
· Device control could also be used to limit files entering or leaving your internal networks. Device control is often a feature of endpoint software and can stop unauthorised USB drives and other removable media from being used to steal data.
· Two-factor or multi-factor authentication (2FA or MFA) can be used to authenticate the user when logging into your systems, this protects login credentials from being used by someone else if lost or stolen. 2FA and MFA provide an additional level of security for a login: alongside your traditional username and passwords you’ll need to provide a code which is usually generated by an app or SMS.
It’s important to emphasise than there is no panacea, no silver bullet, when it comes to GDPR compliance. The only way to ensure full compliance and be covered for virtually any eventuality is layering strong data policies and practices with trusted software solutions.