Today is Data Protection Day, and for the majority of businesses, data is becoming an integral part of day-to-day strategies.
With regulations like GDPR ensuring that companies meet high standards of data protection, it’s vital that business leaders integrate secure measures into their systems, and train employees to be on the lookout for any threats. Data Protection Day acts as a reminder for all businesses to follow these processes, and Verdict spoke to six technology experts for their advice on how best to do this.
Data Protection Day: Security skills are key
One of the biggest challenges created by the ever-increasing amount of data being produced and stored is how to keep it safe. Agata Nowakowska, AVP at Skillsoft, explains how businesses must ensure that their cybersecurity – and the employees implementing it – are up to scratch:
“Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for data protection, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences.
“Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.”
This is something that Andy Swift, Head of Offensive Security at Six Degrees also encourages:
“Two areas I’d like to highlight this Data Protection Day are your users and your backups. Security ends with your users – when all other technical controls have failed, they are the final control you should have in place to filter out malicious content. Investing in training to help users spot common phishing, smishing and other human-facing attack vectors is highly valuable, and helps promote buy-in from all users when your organisation introduces tighter technical controls.
“You should also consider the architecture of your file share and backup environments. Far too often we see backup servers configured without any segregation from the regular network, resulting in ransomware attacks infecting backups and rendering them useless. Ransomware is constantly getting smarter – if an attack can access your backups it has the potential to seriously damage your data integrity.”
Having security training in place is crucial across all sectors including the public sector, as Sascha Giese, Head Geek at SolarWinds, highlights:
“Public sector IT professionals are working every day to ensure the data their department holds is kept secure—government and healthcare organisations store vast amounts of very sensitive data, and therefore the risks posed by a potential data breach are extensive. What’s interesting is how there’s been a change in value in credit card information, for example, which is lower, compared to personal information and identities, which has become more valuable to cybercriminals. U.K. government IT professionals are entrusted with keeping citizens’ personal data secure, so organisations must implement, and then adhere to, strict security policies. The key point organisations should take into 2020 is it’s everyone’s responsibility to keep data safe.
“While technology is of course the most solid defence against security threats, senior public sector IT professionals should also consider how leading by example, training their teams, and ensuring policies are updated regularly can make a huge impact on how well their organisation prevents any security headaches.”
Choosing the right solutions
With so many different solutions available, Eltjo Hofstee, Managing Director at Leaseweb UK, reveals how businesses concerned about uncertainty in the future should consider multiple approaches to data protection:
3 Things That Will Change the World Today
“Data protection is an issue that has gone mainstream over the last few years, particularly with the implementation of the GDPR. For businesses in the UK, Brexit has added some uncertainty around data protection in terms of legal compliance and disaster recovery processes. Based on the current conversations between the EU and UK, nothing will change with regard to data protection laws after Brexit, however, it may be good business practice for organisations that have not reviewed their position before now to evaluate their data, assessing potential risks associated with current storage processes and locations, as well as DR practices and hosting options.
“Any uncertainty relating to hosting sites can be minimised by setting up a cloud hosting platform in a hybrid way, where data can be stored, protected and managed using at least two different locations and jurisdictions (i.e. EU + UK). Having said this, it might be a bit too early to already make these kinds of changes, and while we don’t believe the UK will move away from GDPR, it’s certainly top of mind for many of our customers. And, while the uncertainty remains, being prepared for any eventuality is probably the most sensible approach.”
“As well as advising our clients on how to best make data-driven decisions,” says Matt Aldridge, Co-Founder and CEO at Mango Solutions, “we also provide recommendations regarding best practice for securing their personal data when their processes may not be fit for purpose. So, by creating and supporting ‘fit for purpose’ processes, our clients can operate effectively and consistently without needing to panic about whether they are GDPR compliant – one of the biggest obstacles companies have been facing in the past couple of years when it comes to ensuring data protection. This means that none of our clients have encountered GDPR incidents and other data protection regulations at all, and also any data required for ‘know your customer’ projects is anonymised on principle in order to ensure regulatory compliance.”
Data Protection Day: Focus on the outcome
Tried and tested data protection is crucial to ensure a positive customer experience, as Gary Cheetham, CISO at Content Guru, concludes.
“The General Data Protection Regulation is approaching its two-year anniversary and beyond the ubiquitous ‘privacy notice’ pop ups and the need to give consent we now face online, we have seen some real changes in the way businesses are approaching data protection. With this, consumer expectations have also risen – trustworthiness and transparency are becoming priority considerations for consumers, who increasingly want to form long term relationships with brands they trust. With customer experience now the key differentiator for many businesses, demonstrating the proper handling of customer data and information has to be front of mind.
“One area where this is particularly important is in the contact centre, which is often the front line for organisations when it comes to engaging directly with customers. A whole range of personal information is shared, stored and acted on during a contact centre engagement – including sensitive information such as payment and medical data – and this is necessary to give agents the ability to deliver an experience today’s consumers expect. However, it’s not enough for your contact centre to deliver a great customer experience, it must also provide the highest levels of data protection and comply with the increasing regulation in this area.”
Now that almost every aspect of people’s lives is mapped out in a data trail, businesses cannot afford to let data protection fall down the list of priorities. For 2020 to be successful, businesses must ensure that all data – both customer- and business-focused – is kept fully secure and out of harm’s reach.