This year, Data Protection Day (28th January) took a special significance. In less than six months, the EU's General Data Protection Regulation (GDPR) will come into force. The UK Government is also reviewing the Data Protection Bill, designed to bring the UK’s data protection laws in line with the landmark EU Regulation.
Vigilance Security Magazine sourced a team of technology experts to give insights and offer advice on what organisations need to prioritise and consider when it comes to keeping data safe.
“Data Protection Day is the perfect time to remind organisations about protecting data that moves beyond the network perimeter. Organisations have a responsibility to safeguard customer data, wherever it might reside. Anyone with a credit card can now purchase and deploy cloud apps, so IT leaders must look for ways to continue to protect data in light of this new reality. Being able to identify rogue cloud application usage is just one piece of the puzzle – acting on this information is often more challenging. Businesses need to rethink their approach to data protection in the case of cloud applications – if you’re not able to control the application, make sure that you have measures in place to track and manage the traffic and data itself. In a similar vein, too many companies focus on prevention, malware detection and remediation capabilities instead of properly securing the data itself. If companies have the appropriate data protection technology installed in their environment, it can prevent data from being accessed or leaked by malicious attackers.”
Thomas Fischer, Global Security Advocate at Digital Guardian
“While initiatives like Data Protection Day and the emergence of new regulations such as the GDPR are making businesses more aware of their own data protection, many still do not place enough emphasis on the threat posed by third parties. Nowadays, a wide variety of third parties come into contact with corporate data. From contractors and external professional services companies to companies providing IT services such as cloud storage systems. The growth in outsourcing, complex supply chains and new computing platforms has created threat vectors that simply would not have existed even a few years ago. Many believe that if third party suppliers and contractors are compliant to one security standard or another, they can be trusted with sensitive data.
But being compliant at one point in time is not a true indication of security posture, as it doesn’t take into account any changes in the company’s infrastructure or advancements in attack techniques. It is key to understand how internal employees and external contractors are using data and where they’re accessing it. This means putting in place a single, consistent data protection policy and other controls to ensure that data is shared in a secure manner. This should include authentication, encryption and access rights, according to different roles and data types – segmentation is critical to a secure information supply chain.”
Peter Godden, VP EMEA at Zerto
“We are less than one month into 2018, and already it's becoming difficult to overstate the threat that an out-of-date approach to data protection poses. The recent discovery of two major security flaws, Meltdown and Spectre, as well details of the Equifax and Wannacry data breaches in the past twelve months, have proved that the whole world is vulnerable to data loss of theft.
As applications continue to become the most vital assets of businesses everywhere, the threat landscape continues to grow too. Hacks, ransomware and other types of cyber breaches will continue to become more intricate and extensive – put simply, our data is at risk. We need to assume that complex attacks will happen, and unfortunately, sometimes succeed; although it may not be the direct fault of a CEO or CIO, it is still their responsibility to be prepared for and deal with its aftermath.
Having an up-to-date, rigorous IT resiliency plan in place can prevent any lasting damage that could occur. The challenge when an unavoidable attack hits is less the intrusion itself, but rather the protection against valuable data loss and the ability to recover immediately. Ultimately, the end goal is to maintain regular business operations so that customers and end-users alike will not experience any interruption to their services and data.”
Jake Madders, Director at Hyve Managed Hosting
“There really is a day for everything. Whilst Data Protection Day may not get the juices flowing as much as National Yorkshire Pudding Day (5th February for anyone wondering), this year it is more relevant than ever. Coming off a year of massive cyber attacks (think WannaCry and Bad Rabbit) we now have GDPR on our backs. You have to be more careful than ever when it comes to sharing personal data. Businesses can no longer blame sub-par technology for data hacks – especially as they will soon come with a pretty hefty fine.
Now is the time to think about the next step. Invest in a solution that ensures customer data is as secure as can be. Place your company’s data protection into the secure and comfortable hands of an MSP who can provide a hassle free security solution. When GDPR finally comes into play, you can sit back and relax.”
Rowan Troy, Security Solutions Director at Six Degrees
“As data across all business sectors continues its growth trajectory, so do the security challenges for CTOs, which are further amplified by the introduction of the General Data Protection Regulation (GDPR) on 25th May. Data Protection Day presents an ideal opportunity for businesses and CTOs to take a close look at their data and determine the best approach for ensuring security and compliance. In the face of an evolving regulatory climate, many businesses are choosing to outsource these needs to a multi service provider (MSP) with the facilities and expertise to provide the appropriate data security and management in accordance with current and future legislation. This can be done very cost effectively, with additional benefits including peace of mind and the freedom to focus on core business goals."
Mat Clothier, CEO, CTO and Founder at Cloudhouse
“An element to data protection that is often overlooked is the need to run up-to-date operating systems. Security best practice will always advise organisations to move away from legacy, unpatched versions that are vulnerable to data theft or loss – users of Windows XP, Server 2003 and, soon enough, Windows 7, all face this challenge. However, it’s easier said than done; organisations of all industries often find themselves having to rewrite legacy apps not built for modern platforms, which can be both time-consuming and costly. Thankfully, compatibility containers can now help any business looking to take a comprehensive approach to data protection in 2018, enabling the mobility of mission-critical, legacy apps to the safety of a support OS.”
Gary Watson, CTO and Founder at Nexsan
“With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR coming into play, organisations must use events such as Data Protection Day to give voice security the attention it deserves. Secure phone payment solutions can completely eliminate the need for sensitive payment information to enter the contact centre environment in the first place, making them a far less appealing target for criminals and removing the associated risks to the organisation. Whether for analytics, training purposes, compliance adherence or other business processes, the volume of call recordings being generated today is growing at an exponential rate. Organisations that fail to take securing this data seriously are not only risking the safety of their customers’ most sensitive information, but also gambling with their own reputation.”