Procrastinating in the cloud? Relying on cyber insurance? On Data Protection Day you should look into your data security processes and reevaluate how you are protecting the hot commodity that is data.
January 28 marks Data Protection Day, known in the US as Data Privacy Day.
Designed to promote privacy and data protection best practices, the annual Data Protection Day has grown ever more important in a world increasingly under attack from cyber criminals.
Despite government action to regulate and protect citizens’ data with laws such as GDPR, data is a highly sought commodity by both criminals and enterprise. Consumers and businesses alike are urged to take stock of their data practices on this day, review processes and understand the what, where and how about their data.
To celebrate Data Protection Day, CBR reached out to the industry experts to get their advice and thoughts on what businesses need to do in this increasingly complex data world.
Trust Is Key
Doug Davidson, global head of cloud security offers and UK cyber security CTO at Capgemini
Trust is a key part of any relationship, particularly when between a business and its customer – which can have serious consequences if it’s broken. Protecting data should therefore be of paramount importance to every business that holds sensitive information. This not only means having the right security solutions in place, but also making sure everyone in the company that comes into contact with that data knows how to protect it. With the Government recently showing its commitment to boosting cybersecurity, the UK is certainly heading in the right direction. However, this needs to focus on improving the skills of those handling the data, as more often than not, it is employees that are found to be the weakest link.
Understand the Value of Data
Thomas Fischer, threat researcher and security advocate at Digital Guardian
The first step in keeping customer information protected is to understand what value the data has, where it is being used, whether it needs to be encrypted and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately. It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property.
With Great Data, Comes Great Responsibility
Jason Hart, CTO, Data Protection, Gemalto
In an age of convenience, consumers are more than happy to share personal data with businesses and organisations, as long as it enhances their online and offline experiences. Whilst this provides considerable benefits to the business receiving the data, it also comes with a huge responsibility – consumers expect that their data will only be accessed by internally authorised individuals, and be completely secure from external threats.
Businesses must implement encryption to ensure that the data they hold is secure, and can only be accessed by select individuals. Additionally, two factor authentication is crucial in helping mitigate any outside threats. By encrypting the data, and managing the encryption keys properly, the data is useless to the hacker, as well as any unauthorised personnel within the organisation. This means that, even if a breach takes place, consumer data remains private.
Cyber Insurance Will Not Protect You
Lillian Pang, Senior Director of Legal and Data Protection Officer, Rackspace
Towards the end of year we are likely to see more UK businesses turning to contingency measures such as ‘cyber insurance’ to protect themselves from data breaches. This is likely to be driven by businesses that wish to safeguard themselves against potential fines emanating from the upcoming GDPR legislation. In turn, we will have to wait until 2018 to see how sizable the pay-outs on cyber insurance claims are, and thus, how effective they will be for businesses. It’s important to remember that while cyber insurance may help with financially protecting them in the event of a data breach, it will not be sufficient to protect businesses from any costly reputational damage.
The sooner organisations work towards compliance with the latest regulations, the sooner they can be confident of their own security, and reassure the businesses and customers they work with. To help businesses understand the steps they should take to ensure compliance, they should turn to their Privacy experts or DPOs, CIOs and CSOs, or source additional expertise externally.