If there’s one thing 2016 proved, it’s that cyber threats are constantly and persistently evolving. With ransomware and phishing attacks hitting the news, working to ensure data privacy is more important than ever. Data Privacy Day aims to educate, and bring awareness to the importance of cyber security and data protection. IT security experts from Hyve Managed Hosting, Commvault, Nexsan, Scale Computing, Maintel and Axial Systems commented below.
Jon Lucas, Director at Hyve Managed Hosting:
“Last year saw individuals and businesses suffer at the hands of hackers due to sub-par security measures when storing personal or corporate information. The Yahoo hack – which put over one billion customer details at risk – is a prime example. In order to combat this issue, it is vital that both consumers and companies put data privacy and protection at the top of their priorities. Though consumers must be selective about where they choose to share their personal information, it is important that organisations choose secure methods of data storage to ensure their customer privacy. Security breaches such as the Yahoo hack can be protected against in multiple ways, and businesses who collect their data online have a responsibility to offer the highest level of protection available to them, including – but not limited to – intrusion protection at the hosting level.”
Nigel Tozer, Product Marketing Director EMEA at Commvault:
“On data privacy day 2017, companies will be reminded that they need to be working towards the new General Data Protection Regulations which will come into effect as of May 2018. Despite the uncertainty of Brexit, UK companies must prepare by ensuring that they fully understand their exposure, and put in place the right processes and technology to deal with change. GDPR mandates that companies over a certain size (250 employees; smaller ones too in some circumstances) must employ a Data Protection Officer, and part of their role is to put in place a breach notification policy. One of the biggest challenges for this person will be to classify unstructured data and the processes around it. Unstructured data is disparate; scattered over endpoints, hard drives and the cloud, and is therefore far more challenging to keep tabs on. Technology that can identify, manage and automate policies based on its content, will ensure that organisations can move swiftly towards meeting these new regulations in less time, with less stress, while gaining business benefits as bonus.”
Victoria Grey, CMO at Nexsan:
“Last year, it seemed that big name data breaches were constantly hitting the headlines; social media giants Tumblr and LinkedIn were hit, as well as Yahoo – which infamously saw hackers steal over one billion customer accounts. This shows businesses are vulnerable. As data becomes the world’s most valuable commodity, it is imperative that organisations guarantee data privacy for their customers. More organisations are moving data to the public cloud in order to reduce costs, increase capacity and deliver on access demands. However, organisations could be risking highly confidential data and this is a huge concern. Data Privacy Day should act as a reminder that the public cloud cannot provide the enhanced security and data protection measures required for critical information. Fundamentally, the only way to absolutely guarantee data privacy is by ensuring it remains on-site through an on-premises solution.”
Johan Pellicaan, Managing Director EMEA at Scale Computing:
“Data Privacy Day acts as a reminder for businesses to re-evaluate their approach to safeguarding data. Many organisations will look at the first line of defence but it is also essential that organisations have a strategy in place to recover critical information in case of a failure in their IT Infrastructure.
“More organisations are moving selected applications towards the cloud, but there will still remain some level of concern when it comes to, compliance, latency and sovereignty concerns. Organisations need to ensure they have the agility and scalability of the hybrid cloud whilst maximising data protection. Businesses can achieve this by ensuring key applications and sensitive data remain onsite through a private cloud hyperconverged solution.”
Jean-Frederic Karcher, Head of Security at Maintel:
“The cybercrime epidemic will only get worse with a projected of cost to the global economy of £1.7 trillion by 2019. Cybercrime does not discriminate; it affects businesses of all shapes and sizes. A breach sends shockwaves throughout an entire organisation. In today’s data driven world the need for senior executives to comprehend threats and identify risks has intensified. Data risk is now the top concern of executives, and if we all adopt the mind-set that a breach is inevitable, the best course of action for security teams is to better manage data risk. This can be done by conducting a security audit. This is a way to assess key IT security related infrastructure, processes and technical management capabilities, and balance these against the cyber threats that are more relevant to your organisation.
“Besides identifying risks and areas of exposure, a security audit will also get the ball rolling in terms of General Data Protection Regulation (GDPR) preparedness. The impending regulation has the ICO on hand to distribute major fines for non-compliance which means boards and senior management can no longer afford to ignore this security framework. In a GDPR world, there will simply be nowhere to hide for an organisation that suffers a breach.”
Mike Simmonds, Managing Director at Axial Systems:
“The data security landscape has undergone seismic upheavals in recent times with the advent of Bring Your Own Device (BYOD) and the Internet of Things (IoT) revolutionising the way company data is accessed and moved from location to location. Many businesses have achieved enhanced productivity and greater operational efficiency as a result but it’s also critically important that they keep their eye on the ball when it comes to the security of their data. The pending GDPR legislation is helping here, with significant fines for non-compliance and the threat of reputational damage helping to concentrate minds.
No business can afford to neglect the key issue of keeping their data secure. Data Protection Day has played a key role over the last decade in raising the profile of this vital topic. It is a great idea to use a single day to highlight the crucial importance of keeping data secure (both when at rest and when in motion). But my message to businesses is never let your guard down no matter what the time of year – remember data security on the day itself, of course, but don’t forget about it on the other 364!”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.