How GDPR Can Help Against Phishing Scams

By Paul Greaves, Independent Technology Author

Source: Pixabay

There are no letters more on IT and business professional’s lips at the moment than GDPR. The General Data Protection Regulation comes into force in May 2018, giving businesses the first half of the year to ensure they are compliant across the board. Companies could foot landmark fines for mishandling sensitive data, which accounted for a rise in cybercrime since 2015. While the general public won’t notice too much difference, there could be an unexpected benefit in the new data laws: the stopping of phishing scams.

Phishing scams refer to emails that appear to be from credible sources, yet ask for personal information which can be used for identity theft and fraud. Phishing scams have grown in efficacy in recent years, to the point where fake emails are almost identical to genuine emails, and major corporations, such as banks, are issuing huge marketing campaigns in order to teach people to defend themselves against them. While there are methods to protect from phishing scams, such as web application firewalls, companies could still be at risk.

So, how will GDPR wed itself to phishing scams? GDPR aims to ensure companies that deal with customers’ data do so in a way that minimises any data theft, or corruption, and gives some of the power back to consumers. While consumers should be wary of companies, and it is down to companies to be as transparent and protective of potential data collection, companies themselves can also be the intended victims of phishing scams.

Spear phishing refers to high-level employees of a company being subjected to phishing attacks to collect the data that they themselves have saved. Larger companies can be more susceptible as not all mid-level employees will know the rest of the chain of command. By ensuring data is saved and stored in a way that would prevent any such spear phishing attack from taking place, GDPR is already working for the general public in keeping their valuable personal information safe. Reports from 2017 state that phishing scams cost companies around $1.6bn, which furthers the need to tighten regulations in order to protect corporations and the data they hold on the public.

Source: Pixabay

By ensuring data is stored more securely, the likelihood of a phishing attack is lowered, especially with such a heightened state of watchfulness for such crimes. The onus falls more strongly on businesses to protect data they may have and are benefitting from having, so will present a more transparent and open front for the public.

While GDPR warrants a great deal of work from corporations involved in the short term, the benefits felt from the heightened level of transparency and company protection will be felt in the long run. Companies will be urged to report data breaches within a strict deadline, meaning the public will know if their data could be compromised sooner. The tightening of security will also bring with it a more alert populace, who will be on the lookout for phishing scams. Overall, GDPR will aid in protecting those at risk from cybercrime.