In recent years, information and data security have become one of the most discussed topics. The adoption and application of the General Data Protection Regulation (GDPR) have put data breach management, data protection impacts assessments and other tools relating to the so-called ‘risk-based approach’ to the forefront of the European system of data protection. Data subjects are keen to protect their privacy from adverse interventions and supervisory authorities are ready to issue serious fines to controllers that unlawfully or negligently process personal data. And finally, the media is keen to investigate, publish and draw the attention to mass data leaks or data breaches worldwide.
In this scenario, KERUBIEL was established in 2017, aiming to provide complex, personalized, and rapid assistance and counsel to organizations wishing to comply with the standards and rules concerning IT, information security, data protection and data security. “Compliance in these fields may require a great amount of time, dedication, expertise and other resources that companies often lack. With the help of KERUBIEL, an ever-growing number of satisfied clients are ready to process information and personal data securely and following the relevant rules,” says Laszlo Gyorgy Dellei, CEO, KERUBIEL.
Laszlo believes that one of the most important aspects of information and data security is negligence and harmful attitudes. Even though most companies apply up-to-date solutions with the best technical and organizational measures to protect the information processed, bad habits or the actions of an ignorant employee sometimes cause an adverse event, such as a data breach where loss, destruction or damage of personal data or other forms of unauthorized or unlawful processing occur. To manage the situation, organizations generally fall prey to legal and financial consequences resulting in the loss of public trust and damaging company operations. To help its clients avoid such situations, KERUBIEL focuses on shaping attitudes rather than simply providing counsel to its clients. This helps them overcome negative or harmful attitudes, making them realize competitive advantages via compliance.
KERUBIEL primarily provides counselling to its clients in a unique way, merging expertise from the field of information management, information security, and data protection. The company assesses the information and data management frameworks of its clients, aiding them to define measures, propose solutions to improve the security and compliance of its products or activities. This involves the utilization of the most advanced, high-level IT standards, such as the ISO 27000, focusing on the state of the IT infrastructure, identifying IT system availability, potential risk factors, and security or operational failures; or the NIST 800-53 that controls assessment which helps identify gaps within IT systems and focus on controls, time and budget to minimize deviations and redundancies.
Based on the information gathered, KERUBIEL provides the client with information on the IT system, its risks and errors, and with detailed suggestions on how to address these deficiencies. By providing complex services, KERUBIEL ensures protection against adverse events, such as information or a data breach, and comply with data protection and information management standards. KERUBIEL also works on the management of such unwanted events. Since most companies’ primary assets are data, a breach may seriously affect the operations and thus the income of the company. This mandates controllers to take all necessary measures to prevent and manage these risks by examining and reacting rapidly to the data breach and look for experts who can fix it.
KERUBIEL takes care of it all and thorough its services it helps effectively cooperate and contribute to the successful management of data breaches. KERUBIEL worked with a multinational company in Budapest, helping them manage their security issues. The breach involved a couple of hundred people, but the misuse of the relevant information could have been harmful to the individuals. As the controller rapidly convened the data breach response team consisting of the CSO, the DPO, the head of legal and informatics, developers as well as all relevant actors, the team analyzed the incident and reported it to the supervisory authority. Finally, all measures implemented to mitigate the effects of the data breach were successful, thus the authority discontinued its procedure finding no further violations of data security rules.
KERUBIEL perceives the development of technologies as opportunities to further improve its services in terms of the level of counselling provided to its clients. The company seeks to bring together open-minded, curios people willing to commit themselves to lifelong learning, to innovation and new knowledge. “The information provided to our clients prepares them for current as well as future challenges,” adds Laszlo. KERUBIEL seeks to establish direct contact with its clients while shaping and improving its services in accordance with the feedback received.