Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Compliance
The Week the ICO Bared Its Teeth
Friday, July 12th, 2019
Up until now, the consequences for GDPR non-compliance have been gossiped about but perhaps not been taken particularly seriously. That all changed after the ICO imposed staggering fines of £183 million on British Airways and £99 million on Marriott, following data breaches that compromised the personal data of thousands of customers. The news clearly shocked the business world; this is the first time the ICO has bared its teeth since GDPR came into force last year and the EU regulators have made it very clear that failure to comply with the rules will result in genuinely significant penalties. At a number of customer events we hosted this week, the blockbuster fines were on everyone’s minds. In particular, people were keen to discuss why the ICO fines were so high, with many agreeing it was because there was a lack of “demonstrating diligence” around the risk prior to the breaches. Indeed, the ICO said in its investigations that Marriott should have “done more to secure its systems”, while BA reportedly lacked “appropriate technical and organizational measures to prevent such an attack”. The message from the ICO is clear – businesses have a legal duty to ensure the security of data else face fines of up to 4% of the company’s annual turnover. While BA’s imposed fine stands at 1.5% of its annual revenue, it is still a significant blow (though it could have been much worse). We must also remember that in addition to the eye-watering fines, BA and Marriott will now also face damaging long-term effects on customer trust, company reputation and its share price. With so much at stake, the news will have sparked discussions in boardrooms across the world, with companies urgently taking stock of the security measures they have in place and evaluating whether they are properly protecting the data they process and hold. Any ‘gaps’ will need addressing quickly, looking to cybersecurity solutions that protect networks, devices and people. I am certain this won’t be the last time we hear about ‘record-breaking’ fines from the ICO this year. Each will serve a reminder to companies that they cannot be complacent when it comes to compliance; protecting data must be a priority.
Read Blog Post
Compliance
GDPR’s Anniversary: What We’ve Learned and What’s Next
Thursday, May 23rd, 2019
The General Data Protection Regulation – or GDPR – sprang into life 12 months ago, on May 25th 2018. To mark GDPR’s anniversary, we sat down with Tessian’s Head of Legal and Compliance, to see what’s changed in the last year and discuss what’s still to come.
I’m sure you’re celebrating GDPR’s first birthday this week. In general, do you think it’s been a positive step? My general opinion is that GDPR’s been a very positive step in relation to the promotion of data subject rights. I certainly think that data protection legislation was ripe for change – developments in this field were long overdue. Importantly, our clients also see GDPR in a positive light, despite the potential for an increased administrative and compliance burden. So what do you think the biggest benefits of GDPR have been? In the last 12 months the GDPR has provided much-needed consistency when it comes to the protection of data across the continent (and beyond). Organizations used GDPR as an opportunity to “spring clean”, critically assessing their information security systems and processes and identifying opportunities for continued improvements. In my experience, organizations are taking these changes very seriously, as are regulatory bodies. We have seen more reports of breaches to the ICO in the UK, and the EU has started to levy some blockbuster fines. Looking ahead, I see no reason why this trend would stop. I also think that GDPR’s onset has been helpful in starting widespread debate in relation to data protection and privacy. Almost everyone now has at least some understanding of what GDPR does and what it means for people and business. Increased data literacy is enormously helpful, and this may have helped bump data protection and security up the priority list at board level. What were the biggest challenges for Tessian in the build-up to GDPR? As a relatively young company, Tessian was fairly fortunate in the run-up to GDPR as we didn’t have a huge archive of legacy data and systems. Mobilization and project management in larger organizations would likely have been much more difficult! That being said, businesses of all sizes can still find it challenging to understand every piece of data that they hold: where data is located, whether it’s compliant with each of the major GDPR principles, and so on. The difference now with GDPR is that the penalties are potentially much more severe if you get it wrong. To stay on the right side of GDPR, it’s so important to spend the time doing diligence on data flows and data mapping – understanding how data moves in and out of the organization, how it’s protected, and making sure that there are individuals taking responsibility and ownership of the issue internally. Even a year on, this requirement is still absolutely necessary. So is this it now as far as GDPR goes? Or is there more still to be done? It’s been fascinating to see the global impact that GDPR has had. So far, we’re still yet to see the true extent of regulators’ “teeth” when it comes to fines. While there’s still more to come, the progress made in a year has been really encouraging.  
Read Blog Post