Strengthen Compliance Framework to Avoid Hefty Regulatory Fines
July 22, 2019 | Compliance, GDPR, Privileged Access
British Airways has been slapped with a record fine of lump sum £183m for last year's information breach of 380,000 customers. This aviation giant has already met with an irrevocable reputation damage last year having confessed to a major information breach of thousands of passengers whose name, email address and credit card information (those who booked flights by using credit/ debit cards from British Airways’s website) were compromised by hackers. It was revealed that more than 380,000 card details were compromised due to this breach. Even after one year of the incident, it is still not clear how did the hacker accessed British Airways’s IT systems and breached the sensitive information stealthily. However, it is quite obvious that the airliner was lacking adequate security measures to prevent unauthorized users from accessing confidential personal data of the customers/ passengers. Adding to the woes, they had to pay a hefty penalty of £183m as the airline failed to comply with the GDPR regulation.
How could organizations ensure robust compliance framework?
British Airways had to cough up this huge amount for not complying with the standard rules and policies of the GDPR (General Data Protection and Regulation). According to this global compliance standard, each and every organization from European Union, including the UK are supposed to follow the regulations as mentioned in the act book. After being effective from May, 2018, the GDPR has mandated organizations to maintain stringent security controls around people and IT systems. These safeguards are prerequisites to mitigate threats to confidential data stored in servers and applications. In other words, every access to sensitive data and confidential information needs a rule and role based access control that could not only document every session log but could also seamlessly monitor and control activities around information assets.
Therefore, Privileged Access Management (PAM) is likely to play a big role in complying with this regulation. ARCON Privileged Access Management practice enables IT security pros to regulate the IT environment through a set of rules and policies governing IT and privileged users, wherein access to confidential information is strictly based on IT users’ role and responsibilities and multi-factor authentication (MFA). Adhering to Privileged Access Management practice is a foundation to build a robust GDPR compliance framework. ARCON PAM, a robust risk control solution can build the security moat for an enterprise network.
Digital Trust is the cornerstone of today’s digital economy. It is highly crucial for all global organizations because there can not be any action sans trust factor. Be it a customer, supplier or even investor, the trust factor promotes a sense of reliability and dependability. Trust appears only when it is possible to verify and re-verify any action that provides a message of assurance. And this assurance comes only when there is a belief that someone’s confidential data is in a safe and secure digital environment.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.