Andrea Manning the Founder of Data Influence is based in Galway. Andrea talks to IIBN about GDPR and Cybersecurity. Whilst GDPR is about protecting all data (paper and digital), cybersecurity focuses on protecting any data online. Cybersecurity is very much focused on corporate and enterprise solutions and the microbusiness doesn’t have access to the same resources. Many microbusinesses form part of the supply chain so it’s vital that all sectors are served when it comes to cybersecurity.
You can visit Data Influence here
Are you finding any skills gaps in the market?
There is a great deal of talk about getting more women into cybersecurity and the shortage of skills and talent in the cybersecurity industry. As part of my role with Cyber Women Ireland we are looking to encourage the advancement and capacity of women involved in all aspects of the Irish security sector and security community, through the exchange of information and the cultivation of productive relationships. We want to create visible role models, and highlight the need for both the soft skills and technical skills required in cybersecurity roles today.
What are your main priorities and goals in your role?
To be a voice for the micro-business. In Ireland 98% of our business are SMEs but within that sector 90% are micro businesses with fewer than 10 employees. There’s a vast difference between a business with 3 employees and 30 employees. It follows that their resources, their needs and their priorities are going to be vastly different too.
What are your biggest challenges?
Winning business owners over to the benefits of GDPR. There’s a lot of myths and scaremongering out there. Yes, it’s a complex regulation but it can actually be a marketing tool. You can win customers over if you are ethical and you put empathy at the forefront of your data processing activities. Doing great GDPR is your way of showing your customers your professionalism and business ethics.
How has your business strategy been adapted in the context of the Covid-19 crisis?
Making Cybersecurity the main offering of my business with the view that GDPR will follow. With all the government supports for small businesses there was a rush to move businesses online. Thousands of businesses took advantage of the Trading Online Voucher and built new websites, setting up e-commerce operations. In many cases security got left behind. And GDPR got pushed even further to the back of the priorities queue – understandably. But I think as businesses settle into a rhythm now, they should be giving serious consideration to cybersecurity. In the first two months of lockdown, phishing and other Covid19 related scams were up 663%. The statistics show that a small business will close down within 6 months of being hit by a cybercrime.
What are the challenges facing your industry going forward?
In Cybersecurity one of the biggest challenges is the ease with which cybercriminals can buy ransomware and phishing scams as ‘off-the-shelf’ products on the dark web. They don’t even need basic coding skills. Equally business email compromise scams and spear-phishing are becoming more and more sophisticated so users can’t identify what is true and what is malicious. It’s a continuous onslaught and the effects on businesses can be devasting.
There are some really interesting security products being developed all the time but with 90% of data breaches down to human error the user is never going to be taken out of the equation. We need to ensure everyone is doing basic security hygiene but we’ve a long way to go because there are still people using the same simple password over multiple accounts.
What new trends are emerging in your industry?
Across the EU we’re starting to see big fines and small fines being imposed on companies for GDPR infringements. These range from companies holding on to data longer than they can justify or using individual’s contact details for marketing without their consent. There has been a number of fines for failure to implement adequate organisational and technical measures. For example, in the UK a pharmacy was fined £275,000 for leaving 500,000 documents that contained special category data in unlocked containers at the back of its premises. Concerns about the data protection implications of workplace surveillance is another one. As we see more data breaches and more of these fines start to filter down to the smaller Irish companies, businesses are going to have to adapt and take GDPR into the core of all their processes from the outset.
Are there any major changes you would like to see in your sector?
Greater recognition of the crossover between GDPR and Cybersecurity. Whilst GDPR is about protecting all data (paper and digital), cybersecurity focuses on protecting any data online. Cybersecurity is very much focused on corporate and enterprise solutions and the microbusiness doesn’t have access to the same resources. Many microbusinesses form part of the supply chain so its vital that all sectors are served when it comes to cybersecurity.
How will Brexit affect you, or have you started to feel the effects already?
The jury is still out on how Brexit will affect GDPR. Assuming all goes to plan, the UK will be a “third country” under the GDPR from 2021. GDPR restrictions will apply to personal data being transferred into the UK unless the EU establishes that the UK is an “adequate” country. This will require the European Commission to assess and approve the UK for adequacy. This is unlikely to get across the line by this time and so organisations should ensure that they have implemented appropriate safeguards for inbound data transfers, such as adopting the EU’s standard contractual clauses in its arrangements with EU based entities; and Irish businesses will need to update their privacy notices to reflect the change in status.
How do you define success and what drives you to succeed?
My favourite podcast is How to Fail by Elizabeth Day. The theme is that from failure comes success. Many things you do don’t go to plan or turn out the way you liked but you always learn and take those lessons forward into everything you do. Personally, I measure success as health and happiness and good relationships.
What’s the best advice you’ve been given, or would give, in business?
I went back to college as a mature student. The thought of doing a fulltime degree combined with a fulltime job and fulltime single parent was overwhelming. The best advice I was given was to look at it in 12 week chunks semester by semester. That strategy got me through 4 long years. I now apply it to all elements of my life and business. Indeed, when I teach GDPR I begin with “How do you eat an elephant? One bite at a time!”
What have been your highlights in business over the past year?
I’ve done some pro-bono work along with mentoring for the Local Enterprise Office. Helping small companies with limited resources is immensely rewarding. My business is still in the early stages but it’s exciting to watch how it evolves.
What’s next for your company?
I’m working on a subscription product that specifically helps the micro-business with their cybersecurity.
What opportunities or plans for growth do you see in 2020/21?
The pandemic has made many businesses question how they are doing things. New opportunities have arisen and it’s a case of fortune favours the brave. We’re all having to take a leap into the unknown but, this spirit of reinvention could be the making of a new economy.
Where do you want your business/brand to be this time next year?
Thriving! I plan to launch my cybersecurity subscription in the next 6 months, increase my team and continue to win businesses over to the benefits of good GDPR.