BTRC Approved Tariff
  1. Home
  2. Data Strategy
  3. Guidance for Organisations on Phishing and Social Engineering Attacks

Guidance for Organisations on Phishing and Social Engineering Attacks

  • January 9, 2023

One of the main obligations under the General Data Protection Regulation (GDPR) for
organizations which process personal data (‘controllers’), is that they must do so in a
manner that ensures appropriate security of personal data, including protection
against unauthorized or unlawful processing (including theft, destruction or damage, or
disclosure) using ‘appropriate technical or organizational measures’. This is sometimes
referred to as the principle of ‘integrity and confidentiality’ or the ‘security principle’.


This obligation is an important one, which controllers should be cognisant of, particularly
those who utilize or store sensitive personal data. Whether or not an organization has
appropriate technical and organizational measures in place to ensure the security of the
personal data they process is one of the first questions the Data Protection Commission
(DPC) is likely to ask in the event of a personal data breach or the exercise of the DPC’s
investigative powers. Controllers can also consult our guidance for controllers on data
security when assessing the appropriate security measures they need to implement.


One way in which the risks regarding security of personal data can arise is through what
is known as ‘phishing’ or ‘social engineering’ attacks. Phishing is an example of a type of
social engineering which is commonly used to deceive users. Phishing is where someone
fraudulently attempt to trick users into disclosing sensitive information, such as
usernames, passwords, or credit card details, by disguising themselves as a trusted
source in an electronic communication. By using a trusted source, or name, or familiar
logo as ‘bait’, attackers can go ‘fishing’ for sensitive information, such as personal data.

This can be done in many ways, such as ‘email spoofing’ (where cloned or similar looking
email addresses or names are used) and misdirecting users to enter sensitive information
into a fake website (which looks very much like the legitimate one), or download harmless
looking but malicious software (often disguised as email attachments).


Download The Full Guidance for Organisations on Phishing and Social Engineering Attacks

Guidance-for-Organisations-on-Phishing-AttacksDownload

Categories

Latest Posts

JOIN OUR NEWSLETTER
And get notified everytime we publish a new blog post.
By subscribing, you agree with our privacy policy and our terms of service.

Calendar

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  

Adaptive AI Antivirus Build Resilience Cyber Awareness Cybersecurity Data as a product Data Fabric Data Leaked Data Mesh Data Strategy Email Spoofing Endpoint Security Firewall Incident Link3 malware Metaverse Phishing planning Project Management Ransomeware Ransomware Silently Tracking StopRansomware Superapps Technology Trends WhatsApp

paybill button