Data Privacy Day: Comments from the pros

Data privacy has been thrust into the spotlight in recent times thanks to a series of high-profile hacks and data breaches in 2014.

It's taken a while, but more and more people are thinking seriously about privacy, something which needed to happen as hackers and malware becomes more advanced.

To mark International Data Privacy Day, several security big-wigs have offered their thoughts on data privacy.

Mark Noctor, director of sales EMEA at Arxan Technologies

"As today marks Data Protection Day and organisations are ensuring the correct security measures are in place, it is important to highlight the increased risks on mobile platforms in the banking and payments sector.

"We predict that the security risks in the financial sector will be a key threat area for 2015 and with this in mind, it is vital that mobile application security takes priority as bank, payment providers and customers seek to do more on mobile devices.

"Findings from our recent State of Security report showed that 95 per cent of the top 100 Android financial apps and 70 per cent of iOS apps have been hacked in the past year.

"With this in mind, we would advise banking and payment customers who are considering the use of a mobile financial application to take the following steps to increase security:

  • Download banking and payment applications only from certified app stores;
  • Ask your financial institution or payment provider if their app is protected against “reverse engineering”
  • Don’t connect to an email, bank, or other sensitive account over public Wi-Fi. If that’s unavoidable, pay for access to a virtual private network that will significantly improve your privacy on public networks.
  • Ask your bank or mobile payment provider if they have deployed application self-protections for the apps they have released in app stores. Don't rely only on mobile anti-virus, anti-spam or your enterprise-wide device security solutions to protect apps that reside on your mobile device from hacking or malware attacks.

"Data Protection Day is more important than ever, with the app economy in the financial sector rapidly expanding and everything from payment transactions to brokering now occurring on the mobile platform.

"With mobile banking becoming a main fixture in the financial sector, it is important for application security to be a top priority so that data privacy protections are continuously upheld."

Antoine Rizk, VP Go-To-Market program at Axway

“A reactive approach to security breaches just won’t cut the mustard anymore. In an increasingly connected world, with the Internet of Things moving from buzzword to reality, businesses need to proactively monitor their data flows to prevent costly data breaches.

"However, many large organisations still wait for something to go wrong before addressing the flaws in their security strategies; a move that backfired in some of the most infamous security breaches of 2014.

"This year, connected devices will not only work their way into our daily lives but also our enterprises. BYOD will quickly evolve into BYOIoT, with employees bringing wearable devices into the work place.

"For such increased enterprise mobility to open windows of opportunities for businesses, without paving the way for hackers to access private data, security must evolve at the same rate as the devices themselves.

"Organisations also need to know what data employees are bringing into and taking out of the office to ensure that malicious attacks and conspicuous activity is blocked."

Tony Pepper, CEO of Egress

"In light of recent attacks on Sony and Xbox, it would be easy to make the assumption that ensuring data protection is all about managing external threats.

"However, this couldn’t be further from the truth. Our recent Information Commissioner’s Office FOI request revealed that 93 per cent of data breaches occur as a result of human error.

"Businesses must start looking closer to home if they want to prevent data breaches. Mistakes such as losing an unencrypted device in the post or sending an email to the wrong person are crippling organisations.

In fact, our ICO FOI data shows that a total £5.1m has been issued for mistakes made when handling sensitive information, whereas to date no fines have been levied due to technical failings exposing confidential data.

"Human error will never be eradicated as people will always make mistakes. Organisations therefore need to find ways to limit the damage caused by these mistakes.

"To address this problem, policy needs to be supported by user-friendly technology that enables safe ways of working without hindering productivity – while also providing a safety net for when users make mistakes.”

Erik Driehuis, vice president EMEA, Digital Guardian

"Recent research by the Online Trust Alliance found that almost one-third (29 per cent) of data losses are caused by staff – whether done maliciously or accidentally.

"What has become increasingly apparent is that a perimeter approach to data protection simply isn’t effective anymore. As work forces become more mobile and IT departments continue to be squeezed, it is crucial for businesses to ensure data is automatically protected no matter where it is or where it goes.

"When companies deploy technology that protects data at source (data-centric) then it removes the risk factor associated with human error and insider threats.

"Furthermore, staff quickly become aware of the impact of their actions, leading to rapid behavioural changes.

"Within just a month or two of deploying data-centric security solutions, firms typically see a dramatic drop in staff-related data breaches as a result."