GDPR Extortion: Protect Your Business and Customers

0
83 views

Share on LinkedIn

Remember what your email inbox looked like some months back, precisely the month of May?  For some time, some of my peers expected every email subject line in their inbox to begin with a “updates to (insert company name) privacy policy.” Maybe you felt that way too.

While the Facebook/Analytica scandal caused widespread contention about data privacy, GDPR has caused its fair share of debates and issues as well.

For example, a recent report by Europol shows that the new data protection laws may worsen cyber extortion. But more on this later.



Still, no matter the drawbacks or potential drawbacks, GDPR hopes to give customers more control of their data and help businesses control and collect customer data effectively in a way that benefits both parties.

GDPR extortion

Even with the avalanche of emails you may think you received from businesses a week or two to the GDPR compliance deadline, you may be surprised to discover that not all companies today, at the time you’re reading this are GDPR compliant. This is a great opportunity for cyber criminals.

If they notice you’re not compliant, they may hack into and steal your customers’ data. Now GDPR compliance means businesses are supposed to notify customers and the general public of data breaches. Non-compliant companies may, for the fear of a fine from data protection authorities, negotiate with these cyber criminals to keep the breach and the company’s non-compliance to GDPR a secret.

The problem here is that such negotiations and subsequent payment of a ransom to cyber criminals will lead to further criminal activity. That is, you may be forced to keep paying a ransom for as long as the cyber criminal deems fit. Certainly not an appealing thought.

Then again, data breaches can still occur on GDPR-compliant companies’ data. That could attract a penalty from the Data Protection Authority too. So cyber criminals may try to make companies pay a ransom or hush fee in exchange for their silence and cover up.

In both cases there are no guarantees the criminal will not ask for more money in future. And you can’t be certain they’ll stay true to their end of the deal and keep the data breach a secret.

This is definitely a tight spot to be in. Fortunately, you don’t have to find yourself in it.

How to protect your business/customers

First, if it’s any consolation, you may be exempt from an attack if you are GDPR compliant. So if you’re not, you can take steps now to ensure you’re compliant before you’re discovered. But there are no guarantees you won’t be attacked anyway.



In case you’re breached, always try to determine the scope of the breach, how it happened, and what you need to do to secure your software and hardware. Additionally, you may need to change passwords or lock credentials while investigating the breach. Sometimes these cyber attacks occur because of compromised passwords or credentials.

Work hard to secure your data and all digital systems your business uses. If you have nobody on your team with the necessary skills, you may need to hire a cyber security expert in-house or as a contractor to help you out.

Alternatively, and this is probably your best bet: You can adopt an IT management software that would help you oversee your entire cyber security mission from one organized platform. Tools like Cloud Management Suite can help you keep your software and hardware safe from harm.

Their real-time security solution enables you to secure your IT inventory and notifies you of any malicious activity in real time. This notification is accompanied by a “kill process” button that terminates said activity in a single click, thus ensuring maximum security for your IT assets with ease and preventing any malicious activity from making rounds online right under your nose.

Remember, if you’re thinking of negotiating with criminals just to avoid the GDPR fine, keep in mind that in the long run, the money you’ll pay as ransom may eclipse the one-time amount you would have paid for GDPR fines. And if you’re unable to meet with the demands of the cyber criminals, it can still bring unwanted exposure. In the end, you may find yourself paying money to a criminal or group of criminals, and then eventually paying the GDPR fine anyway.

Customer security is essential for good customer experience. Can you begin to imagine what your customers would do when they find out? In this age of social media, be sure that your infamy would spread like wildfire, causing a considerable number of your customers to lose their trust in you and boycott your business. So much for taking shortcuts!

Future outlook

It’s fair to say that some businesses were already applying GDPR requirements long before it became mandatory to do so. Constant threat of data breaches and cyber attacks, dealings with savvy customers, and immense competition from other businesses makes it a prudent move.



Hopefully more businesses will become GDPR compliant and not fall prey to cyber criminals. Regardless, whether you’re compliant or not, secure your software and hardware. In the end, getting your customer data hacked into will have a tremendously negative impact on your business, whether you are GDPR compliant, or not.

Handling your customers’ private information is a trust. They’re counting on you. Don’t disappoint them.

LEAVE A REPLY

Please enter your comment!
Please enter your name here