The Harvard Business Review has published an article listing the 7 pressing cybersecurity questions that Boards need to ask, and this applies no matter the type of organisation or country in which you operate.
You can read the article here https://hbr.org/2022/03/7-pressing-cybersecurity-questions-boards-need-to-ask (it looks like you can access one article a month at no charge and without subscribing). You might like to join them in asking:
- What are our most important assets (not just physical) and how are we protecting them?
- What layers of protection and security have we put in place?
- How would we detect a personal data breach if it took place?
- In the event of an incident, such as a ransomware attack, is our written and tested incident plan good enough?
- What role should be Board play in any incident?
- Are our business recovery/continuity plans good enough, and do they cover cyber risks?
- Are we investing enough in cybersecurity including hardware and software, services, training and awareness raising?
This should all be covered by your UK GDPR policies, where you are required to have appropriate technical and organisational measures in place, to demonstrate compliance with the principles of integrity and security.
But if you are not sure, or if these haven’t been looked at in the last 12 months, then join the increasing number of organisations opting for an annual Data Protection Review – contact us for more information at https://zorva.info/about-us/contact-us/ or book a free 20-minute insight call https://zorva.info/free-insight-call/