First Assange, then Snowden and now Heartbleed - over the last year, the issue of data security has been thrust into worldwide consciousness and stuck there.
In 2013 alone, companies including Facebook, Microsoft, NBC, Evernote and Twitter were targeted by hackers. Google hasn't escaped unscathed. On many of these occasions no private data has been obtained, but data security has become a very real concern for businesses.
The move in the last twenty years to mass digital file storage coupled with connecting internal company networks to the internet has created a significant threat to the integrity of companies' private data, regardless of the company's size.
Some argue that the evolution of security solutions for online data protection is akin to the development of aviation, in that every accident, each mishap, is a significant learning experience and accelerates the development of online security. In the case of Heartbleed, developers are already working on a new version of the flawed OpenSSL software.
Yet many companies don't realise that there are technologies readily available which greatly diminish the risk of company data being inadvertently exposed. With a few straightforward tweaks to their data security and management strategy, companies can ensure that their data is being kept as securely as possible.
You wouldn't wait until someone breaks into your house to install a burglar alarm, so why take the same approach with private data?
Insist on the highest levels of security from software providers
It might seem painfully obvious, yet many on the buyer-side sign up to SaaS cloud services without ensuring that their data will be protected by the highest security standards available. Companies need to be asking their software providers about the security they provide. Even if the software's functionality is perfect for your company, data protection isn't something to scrimp on.
Companies requiring high levels of security should work to secure the ISO:27001 accreditation and other security certificates, which cover staff as well as secure data rooms. Receiving third party endorsement for your security can also be vital in demonstrating a commitment to helping keep extremely sensitive private data secure, and reassure your customers.
Train your staff
Although a recent data breach report suggests that the oft-cited idea that employees are a company's greatest security threat could be grossly exaggerated, it's still paramount to ensure that staff are well-trained in best practice when it comes to data security. Some 39 per cent of IT professionals have dealt with a situation where an employee has accessed parts of the network without authorisation.
IT departments must do more to support their employees' need to do their job, often outside the office. Research shows that 81 per cent access work on the move, yet 72 per cent resort to using unauthorised, unsecure file sharing software. Employees need to be made aware of the security risks this poses. Companies must also do more to ensure they're providing employees with secure, easy-to-use environments in which to share files and other data.
Know where your data is being stored
Far and away the most common answer I hear when I ask companies where their data is being stored is simply "no idea". That's not good enough, and here's why. Data being stored in the EU is protected by the Data Protection Directive.
There are no comparable data protection laws in countries outside the EU. Astonishingly, 99 per cent of cloud service providers either lack enterprise-grade security, or store their data elsewhere, in places like US, Russia or China, where data privacy laws are less stringent.
To keep data as secure as possible, companies should ask their service-providers two questions:
- Firstly, do you offer enterprise-grade security?
- Secondly, will our data be stored in the EU?
If the answer to either of these questions is no, find out whether their competitors would answer yes. Data security is an issue that will continue for as long as breaches occur, and until companies start taking it more seriously, that day isn't getting any closer.
Torgny Gunnarsson is CEO of Imprima