Implementation Posts

If you are in an organization that has any clients, partners, or employees in Europe, you've almost certainly heard of GDPR -- but how familiar are you with the Data Protection Officer role?

When we think about the cybersecurity changes that organizations make as part of their GDPR efforts, we often think of the Data Protection Officer as being the driving force.  Under GDPR, the Data Protection Officer has very specific obligations that have much to do with cybersecurity.  The problem?  GDPR specifies the responsibilities in a manner that is very formal and unapproachable.  In this post, we'll turn the complex language of Article 39 of GDPR into plain language discussion of some of the factors that you should consider.

Part of our normal new-client onboarding conversation includes the prompt "tell me about your infosec policies" -- which is usually followed by either a long pause or a sigh.  Why? Clients joining the Havoc Shield family are often ones that have experienced recent growth causing them to have the realization that they can no longer "get away with" do-it-yourself cybersecurity.  Some have drafted rudimentary infosec policies on their own in their do-it-yourself era, some haven't, but almost none of them are confident that they've got the right infosec policies in place.  And that's a source of anxiety (one that we can help with).

Many Havoc Shield clients work with a Managed Service Provider (MSP) for their broader IT needs -- things like provisioning laptops, configuring telecom closet equipment, setting up VoIP phones, helping employees set up their bluetooth headset, etc.  We love it when a client works with an MSP for those types of needs -- it accelerates our ability to help on the cybersecurity front, with penetration tests, security awareness training, endpoint security, dark web scans, etc.  The collaboration between Havoc Shield and MSPs has been great, enabling each of us to focus on what we do best.

Most companies craft their Acceptable Use Policy from a starting point of an Acceptable Use Policy Template. That’s wise: there is no reason to reinvent the wheel when creating a new policy, especially when it comes to structure, formatting, and the basic policy elements that are relevant to almost every company. At Havoc Shield we have a Policy Manager section in our platform to help companies get exactly that type of jumpstart: a solid, battle-tested policy baseline that lets organizations go from “no policy” to “defensible policy” in no time at all.

At Havoc Shield, infosec dashboard best practices come up early and often in our conversations with technology leaders.  Often it's a lack of robust infosec dashboards that is the wake-up call that leads a CIO, CTO, or CISO to engage our team to get to a better place.  Here are our most strongly-held views about what works best in an infosec dashboard in 2020.