Data Privacy Day is an international annual event which raises awareness and promotes privacy and data protection best practices. We hear from experts about the importance of the day as we focus our attention on our data protection habits and the way we manage data.
Whether it’s the shockwaves of the SolarWinds attack, the loss of thousands of UK police files, the controversy around the WhatsApp privacy update, or yet another ransomware attack, each day brings a reminder of the vulnerability and the value of our data.
Today marks the annual European Data Protection Day which is a vital opportunity to focus attention on the steps that organisations must take to protect their company data.
Aron Brand, CTO at CTERA, has compiled his five top tips for keeping company data safe.
- Build high walls around data you store in the cloud:
- Ensure that you generate and own your data encryption keys and no one – not even your cloud provider – can access or control them. Completely protecting your data from any third party will ensure your data is not exposed in the event of a hack.
- Understand options for multi-cloud deployments and for developing a private cloud that can be fully deployed in your data centre where critical assets can be stored.
- Instil a secure Zero Trust culture internally
- Email security: Enable advanced phishing protection enabled in user mailboxes and remind users often not to click on suspicious links in email
- Patching VMs: For technical teams, take extra care to install security patches on your virtual machines and cloud instances, focusing especially on Windows machines and Active Directory. If you own server machines that have not been updated recently, run Windows Update ASAP.
- Zero Trust: Assume there are malicious actors in your internal network and do not assume your networks are secure. Local networks, traditionally considered a ‘trusted haven’ for storing data with lax levels of internal isolations, are now proving to be dangerous places – with local threats lurking and attempting to spread laterally, attempting to steal or encrypt your data. Enforce the use of strong passwords and have users update them regularly, even for their own laptops.
- Backup, backup, backup
There is no excuse for not backing up files. But not all backups are the same. Simply copying files to an external drive is not an effective data protection strategy. For secure and reliable protection, organisations should:
- Retain at least one previous version of their files for a specific retention period (minimum of 30 days)
- Keep these files in a read-only repository that is physically separated from the main copy
- Question your IT providers
When choosing a new IT provider, organisations must make sure to ask specific questions to ensure prioritised security during the engineering and design of the product. This has become particularly critical given the current landscape of massive ransomware and supply chain (e.g. SolarWinds) attacks. Ask your provider:
- Are they performing periodical security assessments by a third-party penetration testing lab to identify system vulnerabilities? And if so, can you see their latest report?
- Have they implement stringent supply chain security, using certifications such as Open Trusted Technology Provider Standard (O-TTPS)?
- Do they have FIPS 104-2 (Federal Information Processing Standard) certification?
- Are there references from customers to back up their expertise?
- Do they offer an SLA for time between a vulnerability being discovered and providing a security patch?
- Secure your remote file access
Remote work has become the new normal, and providing fast data access to remote and home offices has become a top priority. Becoming more distributed creates higher demand for data protection. Whether you enable remote access via laptop, VDI, or in increasingly popular global file systems, ensure your preferred method respects corporate security policies and, even better, delivers consistent access control from any user device or location.
Lucia Milică, Global Resident CISO for Proofpoint
“Data Privacy Day plays an important role in spotlighting a topic that will only intensify as technology advances. Protecting digital privacy is vital in today’s ever-connected global society and fortunately there are several ways both consumers and enterprises can proactively shield digital information.
For consumers, it’s all about trade-offs. There are serious privacy risks when interacting online, which is why it’s important to map your digital data footprint, actively discuss digital privacy with your network, remain vigilant for email and mobile cybercrime and protect your web surfing activities.
In the UAE, the government has set in place legislations to protect the data and the privacy of the citizens and the companies. In fact, UAE’s Telecommunication Regulatory Authority (TRA) has launched a 2020-2025 National Cybersecurity Strategy which includes crucial aspects of data privacy.
Safeguarding sensitive data should also always be a top priority for organizations. One of the greatest challenges facing organizations is ensuring data privacy, proper governance and achieve compliance while staying successful. It’s a delicate balance as both the security and privacy sides of the business overlap. Focusing on one cannot come at the expense of the other.
For many forward-thinking organizations, an effective data privacy strategy means combining their IT investments around both cybersecurity and information protection, as good governance and compliance results in your best security posture.
While data privacy trade-offs will be an ever-present reality, increasing awareness surrounding the issue of data privacy will be necessary for years to come.”
Edwin Weijdema, Global Technologist, Product Strategy at Veeam, discusses Protecting Human Rights in the Era of Cyber Information Warfare
Disinformation is undermining the limitless potential of technology to be a positive force for industries, businesses and communities.
In the current global landscape, barely a conversation goes by without mention of ‘fake news’ and its ability to mislead critical discourse regarding events such as elections and current affairs around the world.
Combined with the fact that the definition of privacy is constantly being redefined in the age of ‘surveillance capitalism’, this means it’s a not-so-metaphorical minefield out there when it comes to safeguarding our data.
In light of this, the onus is increasingly on data protection and cybersecurity technologies to protect the integrity of our human rights in the face of cyber information warfare. But businesses too must ensure they remain on the right side of using data ethically, compliantly and securely.
Data Protection Dayis an opportunity to explore some of the technologies leading the way in the fight against cyber (dis)information and how businesses can take up arms to protect our rights as employees, consumers and citizens.
Data protection as a human right
Unbeknown to some, data protection is a human right. In Europe, it’s for this reason that we celebrate Data Protection Day, which this year marks the 40th anniversary of the Council of Europe’s Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data.
Or in short – Convention 108: the treaty that spawned the first European Union-wide data protection laws, which is today covered within the General Data Protection Regulation (GDPR).
Despite the significant financial and reputational damage for failing to protect this basic human right, it’s data protection, or rather a lack of, which continues to grab headlines.
Fortunately, data protection and cybersecurity technologies are striving to change this.
Technology: a vital weapon in the fight against cyber information warfare
A lot has been said about technology’s role as an enabler for spreading disinformation and inciting cyber information warfare. But more vitally, it’s our biggest weapon in the fight against cybercriminals.
This is particularly true with its role as a guardian against a choice weapon of cybercriminals. Ransomware is a maliciously created malware that encrypts files and storage. It is one of the most intractable and common threats facing organisations across all industries and geographies.
Predominantly, attackers use ransomware to extort money. But many attacks also seek out production and backup files, as well as documents. By encrypting those too, the attack leaves organisations with no choice but to meet the demands of cybercriminals.
By the end of 2021, the global cost of ransomware damage is predicted to reach US$20 billion, according to the 2019 Veeam Ransomware Study. But more damaging still is the countless violations of human rights as ransomware attackers increasingly threaten to leak stolen data.
To combat this – and the rising challenges of cybercriminals working together – it’s important for technology to form its own armies and alliances, such as the ransomware protection alliance Veeam has formed with a number of partners including: Cisco, AWS, Lenovo, HP and Cloudian.
But of course, cybercriminals are always seeking new and innovative ways to steal data and since the start of COVID-19, businesses haven’t been the only ones accelerating their Digital Transformation – with cyberattacks on cloud systems spiking 250% from 2019 to 2020.
In response, it’s more important than ever to work with technology partners that not only prioritise the data management needs of today but are also looking to the cloud and security solutions of tomorrow – all the while remaining one step ahead of cybercriminals.
Using data ethically, compliantly and securely
In this digital age, businesses have more responsibility than ever to use data ethically, compliantly and securely. Doing so is not a nice-to-have or something that sits atop a business agenda. It’s a human right!
But still, too many businesses are inadvertently aiding the efforts of cybercriminals with their lackadaisical approach to data security. In a recent article, Mohamed al-Kuwaiti, Head of UAE Government Cyber Security was quoted saying that ‘the Middle East region is facing a ‘cyber pandemic’ with Covid-19 related attacks skyrocketing in 2020’. Trend Micro recorded over 50 million cyberattacks in the GCC region during the first half of 2020.
Fines and reputational damage are of course deterrents. However, we’re still seeing too many data breaches and businesses must do more to curb the plight of data protection. To this end, technology is once again a key enabler.
Regardless of your business size, find a solution that ensures data security, compliance and customer privacy requirements are met. Don’t just take a vendor’s word that their solutions are secure – read customer testimonials, do your research and look to respected rewards bodies.
In the business year ahead, maintaining customer trust will be a core priority – there’s enough going on in the world for them to also be worrying about the welfare of their data, after all.
So, putting your trust in the right technology can help uphold our human rights and take giant strides in the war against cybercriminals.