March 21, 2019updated 18 Jul 2019 8:31am

Data privacy doesn’t mean data security — Here’s how to protect your business

By Jason Howells

Following what have been some of data privacy’s toughest months, in which the German government faced its biggest data breach in living history; half a billion Marriott customers had their data compromised; and the Collection #1 breach exposed 20 million email addresses, there’s no better time to ask yourself, how secure is our data?

Not only are data breaches on the rise, but the volume of personal data at stake is growing exponentially. There is no better reminder of the scale and sophistication of cybercrime than when global companies fall victim. It’s a wake-up call for all businesses and individuals alike that, without security, personal data is vulnerable to cybercriminals.

Data privacy doesn’t mean data security

The UK’s Information Commissioner’s Office receives upwards of 500 calls per week in relation to data security and privacy since the General Data Protection Regulation [GDPR] laws came into effect last May, proving that the introduction of GDPR is no magic pill.

While the process of being GDPR compliant has improved the way businesses store and manage customer data, both security and people can be the weak links in the data management chain. You can’t ensure data privacy unless personal data is protected by technology and unless the people within that organisation play their part in protecting valuable company data.

Security and education are partners against crime

Staff education and the right security technology is the most effective combination to ensure company data remains safe. Educating your employees about cybersecurity best practices and offering them security awareness training can help protect your business against phishing and other social-engineering attacks that can slip through the security gateway.

The speed at which threats are evolving is pretty frightening. Ensuring you have robust, multi-layered email, data and network security is the best form of protection.

When it comes to safeguarding customer data, prevention is always better than the cure. But if the worst should happen and you do fall foul to a data breach, it’s important to gather and analyse information about the breach as quickly as possible. An automated incident response solution can help you efficiently find, investigate and remediate targeted attacks in a matter of minutes.

Security awareness training helps to transform employees from potential data breach victims into an added layer of defense for the business. By showing employees the latest attack techniques and how to recognise subtle clues in phishing and social-engineering attacks, data can be protected much more effectively.

While these steps may seem like common sense, often the resources and in-house IT expertise needed to implement and oversee them is not available to small and medium-sized owners. Getting expert advice from outside your organisation could help you encourage a healthy respect for data across your organisation and ensure effective data security in this age of mega breaches.

Data Privacy is an ongoing challenge that must be kept fresh in the minds of business owners and consumers alike. Without security and awareness, there is little more than a thin veil between our personal information and the world of cybercrime.


Read more: Over half of European companies have experienced a cyberattack in the last two years