While GDPR is designed to force companies to pull their socks up, sort out their data collecting habits and make the online frontier a safer place to be – it’s by no means invulnerable. In our time in the business, Absolutely PC have found blackmail tactics like Ransomware are one of the favourite tactics in a cyber attacker’s arsenal, and the new legislation gives them a completely new avenue to take.
What’s the threat?
Ransomware is fairly well understood by businesses, extorting money from companies in exchange for stolen data is something experts have become much better at tackling (through methods such as data backups and remote servers as the tactic has become more popular. However, GDPR brings with it the threat of hefty fines for non-compliance, and a new kind of blackmail is taking hold – threatening to expose GDPR slip-ups if a ransom isn’t paid.
How does it work?
The criminal knows that businesses everywhere often hold a huge amount of information about people only tangentially connected to the company – something that GDPR is designed to correct in order to preserve individual privacy. By using the legislation to make requests to these companies for any information they hold about the criminal, they put pressure on that company to reveal what that data is. By catching companies out like this, the criminal exposes the company to potentially millions of pounds in fines, which they will make ‘disappear’ in exchange for cash.
What can I do?
While it’s unpleasant, the criminal is actually using a legal route to gather the information they need to commit blackmail, so it’s not possible to stop them requesting it. The best way to avoid becoming a victim is to ensure that your GDPR compliance plan is watertight. Ensure that you have a plan for what data to collect, and how it is wiped when it’s no longer useful to ensure that anyone thinking of blackmailing your organisation won’t be able to find any data skeletons hidden in your cupboards.
To be absolutely sure, you should consult IT professionals like Absolutely PC who will be able to help you plan and implement your strategy, so you can guarantee you won’t be caught out by cybercriminals.