With ransomware and phishing attacks hitting the news, working to ensure data privacy is more important than ever. Data Privacy Day aims to educate, and bring awareness to the importance of data protection and cyber security. We spoke to a variety of IT professionals to get their take on what organisations can do to enhance and protect their key assets – data.
"Coming off a year of numerous high profile data breaches and with ransomware still running wild, businesses need to not just prepare for an attack, but ensure they can maintain critical business operations in such an event. While IT security efforts largely focus on defending the perimeter fence, there are too many opportunities for hackers to get past these defences to not have a well-constructed and easily implemented “plan B” in place. That plan B must include being able to quickly and as completely as possible recover critical data using proper tools and processes to help significantly reduce, if not nullify the impact of the intrusions. Traditional backup is nice, but it is critical to implement and successfully test a rigorous business continuity and disaster recovery strategy.” Rob Strechay, VP of Product, Zerto.
“Data privacy is not optional. Mandatory standards and controls should be in place across all businesses. Data Privacy Day is another reminder that personal and company data is critical and should be given the utmost protection. Organisations of all shapes and sizes need to realise that business-critical data is being generated on a daily basis and if this becomes inaccessible, they no longer have a business. This is why deploying safeguards such as software that enables disaster recovery, data migration and the ability to backup is fundamental. All organisations, from small businesses to large enterprises, need to be taking steps towards making data safer.” Gary Quinn, CEO at Falconstor.
"Last year, it seemed that big name data breaches were constantly hitting the headlines; social media giants Tumblr and LinkedIn were hit, as well as Yahoo – which infamously saw hackers steal over one billion customer accounts. This shows businesses are vulnerable. As data becomes the world’s most valuable commodity, it is imperative that organisations guarantee data privacy for their customers. More organisations are moving data to the public cloud in order to reduce costs, increase capacity and deliver on access demands. However, organisations could be risking highly confidential data and this is a huge concern. Data Privacy Day should act as a reminder that the public cloud can not provide the enhanced security and data protection measures required for critical information. Fundamentally, the only way to absolutely guarantee data privacy is by ensuring it remains on-site through an on-premises solution.” Victoria Grey, CMO, Nexsan.
"It is estimated that between 30 to 50 per cent of all fraud incidents are initiated with a phone call, meaning telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. I think it’s reasonable to say that it won't be long until we see the first major voice-initiated cyber breach. Secure phone payment solutions can completely eliminate the need for this information to enter the contact centre environment in the first place, making them a far less appealing target for criminals and removing the associated risks to the organisation. With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR and MiFID II coming into play, organisations must give voice security the attention it deserves, by following the correct measures to ensure privacy and data protection." Matt Bryars, co-founder and CEO of Aeriandi.
"Despite huge publicity around data breach incidents, hackers are continuing to exploit often well-known vulnerabilities in order to get hold of large databases of personal information. Web applications is now one of the key vectors targeted by hackers looking to steal data; roughly 40% of all data breaches occur at this level. These applications are really the front line for data protection, as they often gather and store sensitive customer data. Those in charge of securing websites and mobile applications need to be proactive and build with security in mind. It may take a bit more time or cost a bit more money, but it’s a solid investment to prevent media embarrassment and loss of trust from users. The easiest, most dangerous vulnerabilities in the flagship application, or applications that contain private information, should be dealt with first, regardless of how difficult they are to fix. Finally, the remediation of any serious flaws must be done in a timely fashion." Ryan O'Leary, VP Threat Research Centre at WhiteHat.
"With such a high volume of data flowing into most businesses every day, IT security professionals need to quickly identify which is the highest priority for protection. After all, security costs time and money, and not all types of data are as sensitive or vulnerable as others. It's for this very reason that data discovery and classification techniques are making a resurgence.
The first step in keeping customer information protected is to understand what value the data has, where it is being used, whether it needs to be encrypted and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately. It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property." Thomas Fischer, threat researcher and security advocate at Digital Guardian.