Skip to main content

Protecting your data in a digital world

As the business world has become more and more digital over the last 24 months or so, data has been playing a larger and ever-more prominent role for companies of all sizes, within all industries.

From optimising business intelligence to creating personalised, omnichannel marketing campaigns, big data has quickly become the cornerstone of business success, without which organisations will fall behind their rivals.

Unfortunately, the threat landscape has also developed significantly, bringing cyber security to the forefront of conversations and meaning protecting the mass of data being collected is now harder than ever before.

The rise of data

These days, data is everywhere. Thanks to the rise of digital technologies such as smartphones and the Internet of Things, the amount of information that we are sharing every day is growing rapidly and showing no signs of slowing down.

'Big data' has progressed from being just a buzzword to an essential component of most business plans. Many analysts are predicting that 2016 will become known as 'the year of big data' and IDC believes the industry will be worth $41.5 billion by 2018.

For businesses, data collection and analysis has many benefits, including cutting costs, risk mitigation, providing a deeper insight into customer feedback and driving innovation to keep up with the rapid pace of the industry. However, a major sticking point of all this is that, due to the global nature of modern business, legislations have had to be strengthened to ensure customer data is not being misused. New General Data Protection Regulations (GDPR) have put an end to the patchwork of data protection rules currently in operation across Europe, ensuring that citizens get the same rights regardless of where their data is processed.

This has given data protection a renewed importance for businesses, which are now required to report any data breaches within 72 hours and can face fines of up to 4 per cent of global turnover for non-compliance.

A growing threat landscape

Despite all the rapid developments within the technology industry, no trend has dominated headlines more in recent times than cyber security. A series of high-profile breaches have driven the topic into the consciousness of IT professionals and consumers alike, with the likes of Ashley Madison, TalkTalk and Ofcom all suffering.

Indeed just this week, it was reported that the largest data breach in history had taken place. This time, the victim was financial services firm Mossack Fonseca, which reportedly lost eleven million confidential documents - around 2.6TB of data - exposing a range of high-profile clients including government officials and professional athletes.

The one positive to emerge from all these breaches is that the issue of data protection can now not be ignored and security professionals are finally paying this area the attention it deserves. A recent survey found that 57 per cent of businesses in the UK now expect to be breached at some point, with 20 per cent considering data security the "single greatest risk" to business.

And there are a lot of things for security professionals to think about. As well as the growing risk of ransomware, phishing attacks are still rife and insider threats are now more of a problem than ever, due to the financial gains on offer (as Ofcom found out the hard way).

Staying secure

Many IT professionals are currently saying that firms still aren't doing enough to protect user data, but there are some fairly simple things that can be done to boost security. For example, there is now an abundance of mobile devices being used in the business environment thanks to the rise of Bring Your Own Device (BYOD), so implementing an effective endpoint data protection strategy or solution is now a necessity.

Companies should also provide regular training sessions to educate employees on how to spot things such as phishing attempts. Not only will this make employees more aware of the threats, it will also help to create a culture of privacy and security.

Finally, 'rights' and 'permissions' need to be dealt with head on. Only give employees access to the information that they really need and ensure that the most important data is only accessible to a select few.

Image source: Shutterstock/Maksim Kabakou