Data Protection Day serves as an annual reminder for businesses to reflect on the importance of data protection and re-evaluate how best to protect their data from destructive breaches, hacks, and leaks. As the world’s information becomes increasingly digital, ensuring data privacy is maintained is paramount to ensure customer trust and protect valuable data against growingly sophisticated cybercriminals. Whilst there is no easy solution on how to securely protect information, educating and immersing oneself in data protection practices is a good place to start. And what better time do it than on Data Protection Day? IT Pro Portal spoke to six industry experts to get their opinion on the key steps to take when defending data.
Education is the first line of defence
The challenges of data protection don’t have a single-bullet solution, but the individual is a good place to start. As Steve Nice, Chief Technologist at Node4, comments:
“Every organisation has the ability to raise their game in a number of key areas, and succeeding in this is less about cost and more about making an active, long-term commitment.
“The first step is to treat your staff as your human firewall, educate them in the threats they may be exposed to and ensure they are active and aware of those threats – after all, they are your intelligent line of defence. On top of this, completing regular vulnerability scanning and penetration testing will provide crucial intelligence that your security is up to the job of handling the threats. Test again and again, because the threat landscape is an ever-moving beast. Finally, should a disaster occur, Disaster Recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”
Agata Nowakowska, AVP at Skillsoft, agrees:
"Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for data protection, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences.
“Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats."
Nigel Tozer, Solutions Marketing Director EMEA at Commvault also discusses the importance of educating individuals on the complexity of modern data:
“As individuals, this means we have to be aware of our own rights with regard to privacy and data protection, and take steps to protect our data from misuse or abuse. Simply reading privacy policies (I know!) is a good start – what you find might surprise you enough that you think twice about ticking those consent boxes.
“For business, ignorance and complexity are not excuses. While data at scale, built up over years, is too much for any kind of manual compliance effort. That said, getting visibility of all of your data – on-premises, in the cloud and on laptops – and automating the actions needed clean up your act isn’t anything like as difficult as you think. So, this coming January 28th, Data Protection Day, make a note in your diary to investigate doing just that. You never know, it might save you money as well giving your data governance program the shot in the arm that it needs.”
Protect your customer
Protection is at the forefront of customers’ minds too, with the General Data Protection Regulation (GDPR) approaching its two-year anniversary. Gary Cheetham, CISO at Content Guru, explains:
“Beyond the ubiquitous ‘privacy notice’ pop ups and the need to give consent we now face online, we have seen some real changes in the way businesses are approaching data protection. With this, consumer expectations have also risen - trustworthiness and transparency are becoming priority considerations for consumers, who increasingly want to form long term relationships with brands they trust. With customer experience now the key differentiator for many businesses, demonstrating the proper handling of customer data and information has to be front of mind.
“One area where this is particularly important is in the contact centre, which is often the front line for organisations when it comes to engaging directly with customers. A whole range of personal information is shared, stored and acted on during a contact centre engagement - including sensitive information such as payment and medical data - and this is necessary to give agents the ability to deliver an experience today’s consumers expect. However, it’s not enough for your contact centre to deliver a great customer experience, it must also provide the highest levels of data protection and comply with the increasing regulation in this area.”
Matt Aldridge, Co-founder and CEO at Mango Solutions, comments:
"As well as advising our clients on how to best make data-driven decisions, we also provide recommendations regarding best practice for securing their personal data when their processes may not be fit for purpose. So, by creating and supporting ‘fit for purpose’ processes, our clients can operate effectively and consistently without needing to panic about whether they are GDPR compliant – one of the biggest obstacles companies have been facing in the past couple of years when it comes to ensuring data protection. This means that none of our clients have encountered GDPR incidents and other data protection regulations at all, and also any data required for ‘know your customer’ projects is anonymised on principle in order to ensure regulatory compliance.’’
Why technology is the front line for data protection
“Public sector IT professionals are working every day to ensure the data their department holds is kept secure—government and healthcare organisations store vast amounts of very sensitive data, and therefore the risks posed by a potential data breach are extensive,” describes Sascha Giese, Head Geek at SolarWinds.
“What’s interesting is how there’s been a change in value in credit card information, for example, which is lower, compared to personal information and identities, which has become more valuable to cybercriminals. U.K. government IT professionals are entrusted with keeping citizens’ personal data secure, so organisations must implement, and then adhere to, strict security policies. The key point organisations should take into 2020 is it’s everyone’s responsibility to keep data safe.
“While technology is of course the most solid defence against security threats, senior public sector IT professionals should also consider how leading by example, training their teams, and ensuring policies are updated regularly can make a huge impact on how well their organisation prevents any security headaches.”
Alan Conboy, Office of the CTO at Scale Computing, concludes:
“Data Privacy Day serves as a reminder to the technology industry that protecting your data is of utmost importance. This has been increasingly true with the recent implementation of the California Consumer Privacy Act (CCPA), which is shining a light on the rising regulation of data protection and privacy. With more organisations moving their workloads to edge computing and hyperconverged environments, businesses are looking to protect and recover these workloads, in addition to complying with data privacy regulations like CCPA. With this in mind, it is essential that these platforms include a variety of backup and disaster recovery features such as snapshots, replication, ransomware protection, failover and failback, so that organisations can help safeguard their digital assets today and in the future."
With an array of data breaches and leaks having already flooded the news in 2020, Data Protection Day serves as the perfect opportunity for all organisations to raise awareness. It also acts as a reminder for businesses to proactively immerse themselves in data protection processes and practices throughout the year. After all, successful data protection builds a business’s reputation and maintains customer trust, which is paramount in today’s threat landscape.