In relation to Data Privacy Protection Day next Thursday, cybersecurity experts have provided the below commentary around how businesses can improve their data privacy and remove sensitive data blind spots.
Experts Comments
Faced with a constantly evolving threat landscape, made even more complex by a rising number of cyber-attacks amid the global pandemic, organisations are under more pressure than ever before to keep their data safe and comply with regulations such as the GDPR.
The mass move to remote working last year led to a number of significant challenges for businesses, from procuring the right hardware for employees to enabling remote access via the cloud. While this acceleration to a digital-first
.....Read More2020 was a very tumultuous year and, in privacy, some good things happened, and some bad things happened. On the good side, we had the NIST Privacy Framework 1.0, and on the bad side, breach after breach, let alone things that aren’t directly privacy related. The problem with privacy programs is there is too much that comes under the category of privacy, and a lot of people don’t understand what that means. 2021 is a year starting with hope: privacy professionals finally have some simple tools.
.....Read MoreData protection takes on new challenges in 2021 with the rapid adoption of new technologies such as containers, microservices, and serverless functions. These technologies offer major business benefits in terms of automation, cost and scale, as well as rendering the logic to build and configure infrastructure as code (IaC). As IaC becomes the norm, infrastructure becomes immutable, paving the way for greater consistency, reliability and predictability.
While IaC makes it easier to develop
.....Read MoreIn the wake of an investigation revealing a cache of personally identifiable information (PII) for sale on the dark web, Which? appropriately calls for both businesses and individuals to pay closer attention to cybersecurity. The reality is that effective technologies and best practices are readily available which can thwart incidents like this, preventing peoples’ highly sensitive data from being exposed and leveraged by threat actors.
On this Data Privacy Day, businesses need to give
.....Read MoreThere are many layers to data privacy, but one of them centers around a fundamental need for governments to re-think and more aggressively protect our rights as citizens to own our own data if we so choose.
Major Tech has benefited and profited from the trust that consumers unknowingly placed in them to protect our data and hold it private, rather than commoditizing it.
We’ve inherently accepted that they are allowed to collect our data for their purposes, without disclosing how that data
.....Read MorePrivacy management today is complex, siloed and inefficient. Current privacy policies and privacy-management approaches lack the continuous and predictive insights that drive business growth, costing companies tremendous amounts of time and money with the introduction of each new regulatory change. Companies are not only responsible for understanding the changes, but must also react and align larger business objectives accordingly.
As the importance of data as a business enabler increases
Companies across all industries have a responsibility to protect data and ensure privacy. We are all in this pandemic together, but organisations that demonstrate responsible and transparent practices in the handling and protection of customer, partner, and employee data can differentiate themselves from competitors and maintain a competitive advantage in the market, while creating a relationship of trust.
BlackBerry operates based on four simple tenets. Employees of every company can learn
.....Read MoreCompanies that require access to our data need to take responsibility and ensure they are putting all the relevant measures in place to secure this data as much as they possibly can. Apps often hold the most amount of data and they are tools everyone around the world uses every single day so we need to start at the beginning of this process and consider how we can ensure data privacy when handling applications.
Any company that requires its customers to use an app needs to implement Agile
.....Read MoreWith this Thursday being named as a day to recognise data privacy or data protection, it’s a great reminder that data protection should be something that should be a top priority for organisations every single day. And a big part of that should be stopping the spread of breaches to prevent access to PII.
Ransomware is in the news almost daily, and that’s only going to continue for the foreseeable future. Organisations need to take the more pragmatic approach of assuming breach
.....Read More2020 was an incredibly impactful year for a number of reasons, one of which was data protection/data privacy. When I look at the work we’ve been conducting at Trustwave’s SpiderLabs, I see a specific emphasis on remote working solutions. While many organisations are being proactive with their assurance work, we’re seeing that this isn’t the case for all organisations.
When it comes to regulations, as we begin 2021, I believe that GDPR will still have an impact in the short term, regardless
.....Read MoreData privacy will, and already is, evolving into a Data Rights Management issue.
Citizens’ privacy will continue to be under the spotlight in 2021. The end of privacy as we know it is closer than you may think. Privacy definitions are very different between nation states and cultures, however, one thing that is common is that privacy is becoming less and less of an option for most citizens. In public and online, almost everyone is being watched and monitored 24/7 with thousands of cameras
.....Read MoreI can't stress enough the importance of parents teaching their kids about online safety and security. While parents may teach their offspring about offline safety - like telling them to never talk to strangers and to look both ways before crossing a street - many don't take the same care when it comes to online safety and security.
Teach your children to know that whatever is posted online is forever, this includes personal information, photos, videos, and more. Kids need to understand that
.....Read MoreToday is Global Data Protection/Privacy Day. It's a good opportunity to remind yourself of the data privacy and data protection principles that keep us all safe. Many people think data privacy just focuses on PII data and associated regulations such as GDPR and CCPA but it is significantly wider than that. In summary, it's all about only using the data for the business purpose that it is collected for. There is no doubt that Personally identifiable information (PII) is a core data set to
.....Read MoreIn an ideal world, we wouldn't need to be reminded of the importance of protecting customer data. Unfortunately, we all know too well that things can go wrong and, all too often, the security of user data comes as an afterthought for organisations. For this reason, it's still important to have conversations about how companies handle their customers' data, as well as to try and steer big tech to be more protective with the information they collect. Since a lot of their revenue originates from
.....Read MoreConsumers and businesses need to pay close attention to fraud techniques that have become increasingly common and Data Privacy Day is a good reminder to review these. Fraudsters likely need some amount of personal data on victims to carry out the bulk of their tactics to dupe users for their financial gain. And there are a lot of compromised accounts out there, with entire databases of stolen credentials for sale on the Dark Web.
This almost ubiquitous availability of compromised accounts
.....Read MoreAnd here are some of the worst offenders:
1. In the excitement of receiving a credit card, this Twitter user shared an image of their new card and accidentally revealed their account number, full name, card expiration date and CVV number.
2. The World Cup’s security center’s Wi-Fi SSID and password were printed across the front page of national newspapers in 2014 after the Head of International Cooperation was photographed in Brazil’s federal police headquarters with an image of the
.....Read MoreThink of how easy it is to delete a social post accidentally. That is how easy it is for hackers to infiltrate your organisation’s whole security system. Businesses need to find a way to identify gaps in their programme and the risks those gaps represent to the organisation.
Despite CISOs having more data on emerging cyber threats and vulnerabilities than ever before, CISOs are struggling to explain to their boards of directors how at risk their organisations actually are from cyber attacks.
Data privacy gets a lot of attention these days, and rightfully so. From GDPR to CCPA, regulatory frameworks have made it impossible for businesses to ignore the importance of protecting customer data. Whilst these regulations set out the basic requirements for organisations when it comes to data protection, they don’t necessarily address the root cause of the problem - that many breaches occur due to vulnerable code.
This Data Privacy Day is one like no other. Organisations have faced
.....Read MoreData privacy has changed dramatically over the last few years. Starting with the implementation of GDPR in 2018, new regulations have codified the responsibility of companies to provide adequate protection to their customers. Data privacy is now a human issue and losing customers’ trust and loyalty can result in significant damage to organisations.
Where things really got interesting was the overnight shift towards remote-working in 2020. This new requirement forced the network perimeter to
.....Read MoreIn our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. The GDPR ushered in a new paradigm that elevated awareness about the importance of privacy and the exploitation of data. Some of the largest countries around the world have responded by enacting or augmenting their privacy protections to closely mirror the GDPR. We see this in Brazil and recently in California through the recent passage of California
.....Read MoreThis Data Privacy Day, there are a few clear themes we are compelled to consider: the effects of a remote work environment on system and data security, and how to provide a secure work environment while respecting the constraints of the pandemic.
As a result of the abrupt shift to remote working over the past twelve months, sensitive data now exists outside of offices – specifically, in workers’ homes and on their personal devices, traversing untrusted networks and unsanctioned, or at
.....Read MoreAfter a year when digital services have played a more crucial role in our daily lives than ever, Data Privacy Day is a timely reminder that online service providers have a responsibility to keep their users safe, as well as connected and productive. There is room to improve how data is handled: although it's been more than two years since its implementation, fines levied under the GDPR increased by 40% last year as companies work to meet its principles of responsibility and transparency. As
.....Read MoreOver the last year, every business – regardless of size or sector – has faced challenges and needed to adapt in order to survive. With more interactions than ever before currently taking place digitally and the threat landscape continuing to grow, protecting personal data has never been more important or more challenging. This year’s Data Privacy Day, provides us not only with a chance to reflect on how far we’ve come, but also to look forward to how we can improve in the future.
Since the
.....Read MoreData Protection Day is particularly notable for the mobile advertising industry this year, falling amid calls for more stringent consumer data privacy regulations and pending changes to advertising platforms, including Apple’s new IDFA rules. The iOS 14 update will have a significant impact on the industry, as its new App Tracking Transparency (ATT) framework will prompt users to opt-in or, more likely, out of data sharing. In doing so, it threatens to weaken the targeted advertising models
.....Read MoreOur previous research found that 40% of large UK businesses expect to be cloud-only by the end of this year. This number is expected to accelerate because of the pandemic, which significantly increased the number of people working from home and as a result, the adoption of the cloud. With an increasing reliance on the cloud, companies need to ensure that they have complete visibility and control over data regardless of where it is, even when employees are using the same devices and services for
.....Read MoreData Privacy Day acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially during this time of crisis. In fact, with the current, necessary shift towards remote working – it has never been more important to look to experienced security and fraud solutions providers that demonstrate a strong track record of protection against cyber threats to security.
The sad truth is that fraudsters don’t stop their
.....Read MoreMany “hacks” exploit known vulnerabilities for which patches are available, so basic security hygiene is a must. Organisations should be vigilant making sure all software is updated and backed-up regularly. Tracking all applications that are being accessed should also be part of the cybersecurity program, as many threat actors target unattended apps.
Attackers can easily compromise shared information so organisations should be limiting information on shared channels. When sharing logins or
.....Read MoreHere are three top data privacy opportunities for businesses that my SailPoint colleagues and I have seen in the wider industry over the past year.
- Sharing passwords and devices at work and at home (yes, still an issue!)
- Neglecting identity as a key attack vector and why focusing on firewalls is no longer enough
- Ignoring the widening compliance gap in the post-Brexit and mid-Covid chaos
Data Privacy Day acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially during this time of crisis. In fact, with the current, necessary shift towards remote working – it has never been more important to look to experienced security and fraud solutions providers that demonstrate a strong track record of protection against cyber threats to security.
The sad truth is that fraudsters don’t stop their
.....Read MoreUser privacy has been crumbling for years. Each new security breach and data dump further chips away at what little privacy does remain. Adding to the challenge is the fact that connected devices are far more intertwined in our lives than ever before. We rely heavily on digital assistants such as Alexa or Siri, smart home management products, wearables, and more. While these technologies do make our lives easier, the privacy and security risks are undeniable.
Corporations use advanced machine
.....Read MoreHow do you think the area of data privacy and protection has changed in 2020 (due to the pandemic, shift to remote work or just generally)?
Changes to regulations are generally slow burning processes that lack the agility to react to fast changing situations such as those we have witnessed through 2020. If we split the two disciplines described into their constituent parts and focus on protection, then the IT landscape is a very different place to this time last year. A lot of attention has
.....Read MoreMuch of the focus around data protection involves securing large, database-driven systems. However, it’s still common for organisations to have what I call ‘sensitive data blind spots’. This is where important data & intellectual property is stored on ‘weak links’ in security like remote computing devices connected to the company network (endpoints).
With this in mind, organisations need to remember that data is likely to end up in places they don’t want or expect it to, so they need to
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
As businesses and their employees have adapted to the need to work from home, for many organisations the question on how to secure their networks and ensure the integrity and protection of their critical information and data is one that many may now believe they have solved through the implementation of a variety of tools and solutions such as SD-WAN, VPNs, 2FA and a myriad of other products. Yet, there is a threat that many won’t have considered and is, to a degree, slightly out of their
.....Read MoreAs businesses and their employees have adapted to the need to work from home, for many organisations the question on how to secure their networks and ensure the integrity and protection of their critical information and data is one that many may now believe they have solved through the implementation of a variety of tools and solutions such as SD-WAN, VPNs, 2FA and a myriad of other products. Yet, there is a threat that many won’t have considered and is, to a degree, slightly out of their hands – IoT and smart devices in the home that are all connected to the same WiFi.
While a connected fridge, for example, may not seem like the most obvious threat to data and an individual’s privacy, these kinds of devices don’t tend to have a high-level of security built in from the outset. This means that once deployed and installed within a home, they aren’t held to account in the same way our computers and mobile devices are with regular patches and software updates automatically being pushed through.
As a result, these devices are the equivalent of an open backdoor for even the lowest skilled hacker, providing them with the means to get onto the network and stealthily move laterally until they find the data they are seeking and a whole lot more. While some of the onus should be placed on manufacturers of smart devices to ensure security is a priority, it is also important for organisations to make their employees aware of the potential threat to their privacy and data. If employees are to host everything on the same home network, organisations must enforce stricter security policies and practices to ensure that the business network is sufficiently segmented and protected from threats.
Read LessLinkedin Message
@Sanjiv Cherian, Head of Business Development , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations must enforce stricter security policies and practices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/data-privacy-protection-day-thursday-28th-experts-comments
Facebook Message
@Sanjiv Cherian, Head of Business Development , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations must enforce stricter security policies and practices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/data-privacy-protection-day-thursday-28th-experts-comments