Data Privacy is a compelling issue. Just last week, WhatsApp came under fire over a supposed ‘backdoor’ that could potentially be used to siphon confidential information. Without the proper security measures in place, data is simply not safe. With GDPR coming into force next year, the regulations and penalties surrounding data privacy will become more severe.
Data Privacy Day was created to highlight this problem and raise awareness about data privacy best practices. Protecting data is no easy task: some data is more sensitive than others, the cloud can be a security minefield, hackers are increasing in sophistication. In honour of Data Privacy Day, a diverse range of security experts has come together with advice for businesses about how to best protect their data.
Wieland Alge, VP and GM EMEA, Barracuda Networks on layered protection
“In 2016, the ICO issued more than £1 million in fines to British businesses that had failed to keep their customer or employee data safe. Alongside changes to our data protection regulations, policy makers have been sending an increasingly clear message that breaches of personal privacy are a very serious matter. The GDPR might seem a way off, but compliance will require businesses to make some significant changes to their privacy policies, culture and technologies. If one thing is for sure, data protection will have to become a cornerstone of security strategy.
One area especially relevant to this is the cloud, which is now widely being used both for the storage of data and to host applications that may contain sensitive customer information. Placing layered protections around cloud services, above and beyond those offered by the cloud vendors themselves, will help ensure that customer information is not being left open to cyber attack. The time for procrastination has passed, organisations should start looking for ways to future-proof their data protection policies now.”
Thomas Fischer, threat researcher and security advocate at Digital Guardian, on data classification
“With such a high volume of data flowing into most businesses every day, IT security professionals need to quickly identify which is the highest priority for protection. After all, security costs time and money, and not all types of data are as sensitive or vulnerable as others. It's for this very reason that data discovery and classification techniques are making a resurgence. The first step in keeping customer information protected is to understand what value the data has, where it is being used, whether it needs to be encrypted and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately. It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property."
Matt Bryars, co-founder and CEO of Aeriandi, on voice security
"It is estimated that between 30 to 50 per cent of all fraud incidents are initiated with a phone call, meaning telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. I think it’s reasonable to say that it won't be long until we see the first major voice-initiated cyber breach. Secure phone payment solutions can completely eliminate the need for this information to enter the contact centre environment in the first place, making them a far less appealing target for criminals and removing the associated risks to the organisation. With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR and MiFID II coming into play, organisations must give voice security the attention it deserves, by following the correct measures to ensure privacy and data protection."
Ryan O'Leary, VP Threat Research Centre at WhiteHat on Web App Security
"Despite huge publicity around data breach incidents, hackers are continuing to exploit often well-known vulnerabilities in order to get hold of large databases of personal information. Web applications are now one of the key vectors targeted by hackers looking to steal data; roughly 40% of all data breaches occur at this level. These applications are really the front line for data protection, as they often gather and store sensitive customer data. Those in charge of securing websites and mobile applications need to be proactive and build with security in mind. It may take a bit more time or cost a bit more money, but it’s a solid investment to prevent media embarrassment and loss of trust from users. The easiest, most dangerous vulnerabilities in the flagship application, or applications that contain private information, should be dealt with first, regardless of how difficult they are to fix. Finally, the remediation of any serious flaws must be done in a timely fashion."
Eduard Meelhuysen, Head of EMEA at Bitglass, on tracking data in the cloud
"Organisations have a responsibility to safeguard customer data, wherever it might reside. Anyone with a credit card can now purchase and deploy cloud apps, so IT leaders must look for ways to continue to protect data in light of this new reality. Being able to identify rogue cloud application usage is just one piece of the puzzle – acting on this information is often more challenging. Organisations find that controlling rogue apps is a seemingly impossible job; for every app that is blocked, two new apps can be instantly adopted. Businesses need to rethink their approach to data protection in the case of cloud applications – if you’re not able to control the application, make sure that you have measures in place to track and manage the traffic and data itself."
Simon Moffatt, Senior Product Manager at ForgeRock, on user managed access
People are becoming increasingly suspicious of the organisations they interact with and are demanding more control over their personal data. Just as governments are coming under fire from the privacy desires and demands from citizens, so should businesses seek out and implement solutions that can empower their customers with control over the personal information that they share. One of the most promising approaches to data privacy is user-managed access, where individuals are given control over the authorisation of data sharing and service access and where the individual can select which pieces of data to share with others. We are now well and truly in the "age of the consumer" and the consumer, as the true data owner, wants to see transparent, consent-driven privacy management and data sharing options, for every on line service they interact with. Businesses need to be in a position to provide consumer-centric solutions, not only for the new EU data protection laws, but also as a competitive differentiator.