fbpx

IT Security & GDPR

IT SECURITY & GDPR COMPLIANCE

THE RISKS ARE REAL

Protecting your business is more important than ever. Not only are there legal requirements to adhere to in order to avoid compliance breaches, but the risk of cyber-attacks and data theft is a harsh reality that cannot be ignored.

HOW SECURE IS YOUR BUSINESS?

We will work with you to conduct a risk audit of your business, highlighting where the compliance and security challenges are, and recommending a strategy to mitigate the risks and ensure legal compliance.

FULLY PROTECTED

Our expertise extends across a range of security solutions including GDPR, web filtering, authentication services, mobile device management, penetration testing and threat assessment, ensuring your business is fully protected.  

IT security and threat protection London, Surrey and UK
The Tech Broker of London, Kent, Surrey and UK
network-it-security
The Tech Broker - impartial advice

Our Security and Compliance Services

The impact of cyber-attacks, data theft and compliance breaches has never been higher. Major reputational damage, customer flight, operational breakdown, reduced sales and even prosecution; has inevitably increased the attention of chief executives and their boards.

At The Tech Broker we understand the compliance and security challenges facing our customers and work with them to mitigate the risks, implement appropriate defences and reduce the compliance burden.

We work to take the problem away so that organisations can focus on their customers and people. So for instance, in the payment card industry our solutions can reduce mandatory PCI data security standards controls in contact centres from 354 to just 5 and minimise the impact of data theft, where the average breach runs at £2.8 million. Our wider breadth of security expertise extends across managed firewalls, web and email filtering, distributed denial of service protection and authentication services; and delivers 360 degree holistic solutions that protect the organisation and its clients.

Our partners acknowledge that they are responsible for the security of cardholder data that they store, process and/or transmit on behalf of our customers.

EXPLORE YOUR OPTIONS

GDPR

If you process personally identifiable information (PII) in the UK, then you should already be complying with UK legislation – Data Protection Act 2008. The General Data Protection Regulation (GDPR) just tightens up data control and processing for all EU citizens whether you are in the EEA or not. So if you control or process any EU citizen’s data then you will have to meet these regulations, no matter which country your business is in!

Additionally, the GDPR also has teeth. Whereas the UK Information Commissioner could currently fine a company up to £500k, if you make a disclosure. The GDPR requires mandatory notification on breach and penalties for a breach could be up to 4% of global turnover or €20 million – whichever is larger. Custodial sentences will also still be possible for data protection breaches under other UK legislation.

The Tech Broker - impartial advice

There is limited information and guidance that is available today on the implementation of changes between the UK data protection act and the General Data Protection Regulation (2016/679). The ICO in the UK has published limited information at the current time and this identifies the areas of change and what you need to think about.

Whether you are a Europhile or a Brexiteer is largely irrelevant to these changes. If you process data from any EU citizen, then you will have to comply with the GDPR. Even if the UK does leave the EU then it will take at least two years to exit, so the regulations will have been passed in the UK parliament and will be in force. As such this regulation is coming and you need to consider the implications to your business.

As with all regulations these are written into law without full consideration of the size of the organisation, the complexity or the practical application of how you as a business will implement, monitor or maintain compliance. There is no overarching standard like you have in the payment card industry (with the PCI DSS), or defined auditable process. As such you usually have to come to the conclusion yourself about what the right and best thing to do is.

The Tech Broker - impartial advice

If you are a Small to Medium Business (SMB) then our services are designed to clear up this confusion for you. If you are an enterprise customer, then see our guide on our GDP Enhanced service.

As we see it, there are two aspects that you need to consider in relation to successfully securing privacy information. These are the management system you use to govern the data and the controls that you put in place to ensure the Confidentiality, Integrity and Availability of that data.

Therefore, we designed the GDP base service and the GDP Plus service. These build on top of each other and are complementary to both the UK Data Protection Act and each other: 

The Tech Broker - impartial advice

The base level service has two main goals in mind. Understanding your business and providing you with the paperwork that you will require. Before you can undertake any form of control around the privacy information you have, you need to know where it is, what you use it for and by whom. For most companies they have some idea, but generally this is a challenge for customer data, let alone internal information. This is complicated if you have your own customer data or data from other companies on behalf of their customers.

Our GDPR partners have designed the GDP base service in line with the most well recognised international standard for the security of information – ISO27001. The premise of the GDP base product is to help you identify what information you have and how you use it. Once you understand this then a Privacy Information Management System (PIMS) and appropriate policies can be created to manage this data. The process that we use to do this is as follows:

When you complete this exercise you will have a workable Privacy Information Management System (PIMS) and will be able to address the 12 key points that the UK Information Commissioner’s Office (ICO) has recommended that UK businesses should focus on to ensure that they can meet the new regulation.

These areas are: 

Further GDPR protections are available (known as GDP+) and can be discussed in greater detail if required.

The Tech Broker - impartial advice

gdpr-data-protection-regulation
PCi Compliant contact centre

PCI Compliant Contact Centre

To avoid prosecution, UK Contact Centres are legally obliged to adhere to the legislation related to the protection of cardholder data. With over 350 controls in place, the achievement of Payment Card Security Compliance (PCI DSS) can be extremely time-consuming and disruptive to any organisation.

We can assist by recommending solutions that will significantly reduce the number of controls to be considered, with minimum disruption, by:

  • Removing cardholder data entirely from your infrastructure
  • Retaining your existing payment service provider and telephony setup
  • Retaining your current payment process but securing it
  • Integrating into your CRM and existing internal systems
  • Providing intuitive applications that are easy to easy to use by your employees and customers

The Tech Broker - impartial advice

Web Filtering

Web filtering can support productivity whilst critically protecting your employees from accessing insecure websites. By filtering access to specifically categories of website, you can ensure employees can access the information they require whilst blocking the high risk websites and therefore reducing the risk of exposure.

A tailored solution for your organisation will:

  • Protect your business and improve security
  • Block access to malicious sources
  • Avoid malware downloads from hacked websites
  • Control access through intelligent filtering

The Tech Broker - impartial advice

IT security with web filtering
IT security authentication services

Authentication Services

A security breach of your network could result in damage to your reputation and loss of customers and profits.

Two Factor Authentication (2FA) is commonly used by organisations as a reliable security measure that is easy to implement with minimal disruption and burden to employees. Unlike static passwords, which have associated risks to security, centrally managed tokens can be auto-provisioned and provide employees with either hardware (fob) or software (app). In conjunction with a password, the fob provides peace of mind and high security across VPNs, networks, applications and thin client access.

The Tech Broker - impartial advice

Mobile Device Management (MDM)

Mobile Device Management enables you to control the use of devices by your employees, whilst keeping security at the forefront at all times. With many employees using devices for both personal and business use, your organisation needs to ensure the data and applications are secure.

We can support you to manage device usage by:

  • Ensuring authorised devices have secure access to email resources and accounts
  • Securing devices through activating encryption and enforced password policies
  • Securing against unauthorised use by locking down security, enforcing restrictions and wiping devices in appropriate circumstances
  • Tracking device usage including application downloads, voice, text and date use against thresholds, white and black lists
  • Easily managing all devices from a central console including updating policies, setting, certificates, software, applications and permissions

The Tech Broker - impartial advice

Mobile device management with IT security

IT Security

IT security is critical for any SME. Failure to adequately protect against a cyber attack could result in more than just financial loss – there’s the immediate disruption to your infrastructure, along with potentially negative effects on your reputation.

Prevention is definitely better (and more cost-effective) than cure, and we can help you to devise and implement a strategy to ensure your users and systems are fully protected. Once in place, we will recommend a strategy to ensure your IT security is maintained and keeps up-to-date with the fast-evolving risks.

The Tech Broker - impartial advice

IT security services UK
Social engineering IT security solutions

Social Engineering & User Awareness

Even with a secure infrastructure in place, cyber criminals can infiltrate your systems to gain confidential information by compromising your users.

Security breaches attributed to social engineering can be mitigated against via user training and awareness, along with the implementation of measures to protect against email and phone phishing.  

The Tech Broker - impartial advice

Penetration Testing

A simulated attack on your IT infrastructure can highlight weaknesses in your system before the hackers find them. Penetration testing is a hugely beneficial and safe method of exploiting vulnerabilities in systems, applications and end users, giving business the opportunity to rectify the issues and strengthen their security.

We work with accredited consultants who are experienced in conducting penetration tests, including Network Pen Test, Wireless Pen Test, Mobile App Pen Test, Application Pen Test, Denial of Service Test and Simulated Attack and Response.

The Tech Broker - impartial advice

security-penetration-testing
security-threat

Threat Assessment

We can highlight the cyber and digital risks that SMEs face and provide you with knowledge of the nature, context and likelihood of specific risks. By arming you with the information, we can work collaboratively to develop an appropriate security strategy that is tailored and relevant to your business.

Threat Assessment includes:

  • Establishing awareness of threats through continuous monitoring and assessment of sources to recognise threats as they emerge
  • Comparative analysis of logs and events in conjunction with known threat intelligence to provide prioritised alerts
  • Review of evolving threat trends and advising of the most likely threats that your business may face
  • Insight into how your open information may be used by cyber criminals, including the provision of an Open Source Intelligence report

The Tech Broker - impartial advice

TRIED AND TESTED KEY PRODUCTS

tried-and-tested-certified

What others say about us…

I’m really grateful for the advice offered by the Tech Broker team – and even better, it was in plain English so we could fully understand what our options were. I’m really happy with the network we now have in place. Thanks Tech Broker!

Operations ManagerLondon Restaurant Chain

I contacted the Tech Broker to upgrade our telephone system and was impressed with the level of service provided. They helped us find and install a new system that has functions we never knew even existed and has already made a huge difference to the way we work.

IT ManagerEvents Management Provider

Paul at the Tech Broker definitely knows his stuff! He was really approachable and on-hand to answer the many queries I had and nothing was too much hassle. I’ll definitely be using him again in the future.

Managing DirectorRecruitment Consultancy

Really happy with the input from the Tech Broker and appreciated the honest advice rather than the hard sell which we so often get. Very refreshing!

Managing DirectorElectrical Supplies

Not being a tech expert myself, it was so useful finding a consultant who was able to assist us across many technical aspects, almost like a one-stop shop for IT.

DirectorIntegrated Fire & Security Specialists

CONTACT US