Data Protection Day marks its 10th anniversary this year and it is as relevant as ever with new regulations and cyber security set to be hot topics this year. 2015 saw cyber security in the headlines with large-scale data breaches at TalkTalk and Ashley Madison to name but a few. With this in mind, there is plenty for organisations of all shapes and sizes to consider when it comes to protecting data and below is a collection of ideas on how they can do this.
Wieland Alge, VP & GM EMEA, Barracuda Networks:
“One of the key themes for Data Protection Day is safeguarding data. All businesses have a duty of care to ensure that they have robust security systems in place to protect their own and their customers’ data. This is especially relevant given the increasing reliance on the Cloud, both for the storage of company data and to host software that may contain sensitive customer information. Companies must be honest with employees and customers about how they collect and store personal information and must ensure that they are doing everything in their power to place layered protections around the Cloud, above and beyond those offered by the Cloud service vendors.”
Geraldine Osman, VP of International Marketing at Nexsan:
“Anything that highlights the evolving issues around data protection is a good thing. Data breaches and attacks are commonplace as bandwidth, cybercrime and continuity all present constant challenges to the accessibility and integrity of business data. The continued exponential growth of data combined with the compliance requirements of its long term retention is pushing the capabilities of some data protection solutions to their limits. As companies store more data, they need to adapt their strategies to cope with the associated risks. Organisations need to future-proof their data protection plans as much as possible and this means evaluating their data and applications to determine where and how best to store it at the most cost effective rate. Without a data protection strategy in place companies pose leaving valuable information at risk or paying a premium for data kept in their primary storage when it could be kept securely and more cost effectively elsewhere. Data protection is not just an IT problem, it’s a corporate policy level decision that is a growing part of board discussions all over the world.”
Kent Woodruff, Chief Security Officer at Cradlepoint:
“As data breaches keep stacking up businesses now appear to be reacting in a positive way by focusing on risk. However, what companies should be learning is that they need to be prepared in advance for these attacks. Security has to be continuously updated and tested and data protection day will help to reinforce this, reminding organisations of the evolving risks. Given the tasks are large and the resources are thin, decisions about prioritisation must be made with regards to business operational risk. It’s about knowing which threats could cause a loss or downtime of business processes and how that will impact your revenue. The key is to be prepared.”
Robert Hansen, VP WhiteHat Labs, WhiteHat Security:
“The aim of Data Protection Day is to create awareness about the importance of protecting personal information. It’s a great opportunity for organisations to help educate their employees on good data protection practices. The best type of training is what we call “teachable moments”, where you leverage someone’s vulnerability against them in a mock-hack. If an employee believes they have been compromised, even if only for a moment, they are far more likely to remember the series of events that brought them to that point. It’s almost certainly an evolutionary issue – almost get eaten by a tiger and you are more likely to remember not to go by that set of tall grass again! It’s a win-win situation – not only does it benefit organisations to have a more cyber-aware workforce, but it can also help individuals know how to spot a phishing attack in their personal lives.”
Luke Brown, VP & GM EMEA, India and LATAM, Digital Guardian:
“One of the simplest ways to boost data privacy and security is to avoid oversharing on social media. Criminals often use social profiling and harvest information from social media sites to launch customised attacks that capitalise on victims’ trust while exploiting their emotions. Online users can cut the risk of this happening to them by filtering what they say on social sites more carefully – even if tight privacy settings are in place, attackers can still see the information if they have control of someone else’s account. For instance, there’s no reason to announce travel plans, post about being away from home, or include geo-location tags of immediate whereabouts. Each time users do this, they are raising their chances of being the next target.“
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.