Data has always been a critical part of the way businesses operate. As technology has progressed, the amount of data has increased. With the great landscape of data that exists today, there is more on the frontier to process, produce and store than ever before. That also means there is more to protect.
With great amounts of data comes great responsibility. In honor of Data Privacy Day, experts weigh in on why and how securely protecting an organization’s data is crucial to business today.
Josh Odom, CTO, Pathwire
As we look towards Data Privacy Day on January 28, this is a time to examine and raise awareness around the importance of protecting personal information. Privacy and security are always top of mind when it comes to consumer data and that is especially true with email marketing. According to a recent survey by Mailjet by Sinch and Ascend2, ”privacy/security” is a top priority for best-in-class email marketers, with 43% of respondents in this segment selecting it among the email marketing trends for 2022.
With big players such as Apple and Google announcing plans to phase out third-party cookies, the days when you could deploy a cookie and track people are ending. We think this will make channel marketing way more relevant, but it will also pose new challenges. The Apple Mail Privacy Protection update, for example, is forcing senders to rethink the way they measure success in their email campaigns. The ability that marketers have had until now to easily track people’s behaviors is dwindling quickly.
According to the United Nations, cybercrime is on the rise – with a 600% increase in malicious emails during the pandemic – and users are demanding more control over their personal data. Now more than ever, we need to put data privacy and security at the forefront of our email marketing strategies to establish trust and protect personal information.
Steve Cochran, CTO of ConnectWise
“The concept of data privacy may never have been more important than it is today, on this Data Privacy Day. And never before has the concept of Data privacy been more under threat. It behooves all of us technical professionals to use this day to reflect on the growing threat and our response to that threat over the last year and prepare ourselves for the coming year. Data privacy and the effort that is required to protect it will continue to change at an accelerated rate this coming year and the years to come. Our company and our partners are doing their part and leading the charge in keeping our community safe and secure against these growing threats.”
Ryan Abraham, virtual CISO of Wisetail
“Data privacy is incredibly important in the HR industry. HR professionals are entrusted with employees’ sensitive data—from social security numbers to phone numbers to home addresses and more—so it’s vital that every company takes the proper steps to ensure that data is safe.
One important step here is to certify your organization as SOC 2 compliant. SOC 2 is based on five factors—security, availability, processing integrity, confidentiality, privacy—and the certification tells users that your organization maintains a high level of information security and handles their data responsibly. Additionally, SOC 2 compliance ensures that your organization has implemented security practices to defend itself from cyberattacks and breaches.
Another great way to honor Data Privacy Day this year is to start regular employee training on data privacy best practices, which can be easily created and assigned to your team through a learning experience platform (LXP). These training courses can educate employees on how to spot a phishing attack, create strong passwords, avoid suspicious and dangerous websites, and more. Your employees are your first line of defense against data privacy threats, so it’s essential that they are equipped to keep themselves and your business safe.”
Dottie Schindlinger, executive director, Diligent Institute
“Today’s workplace is no longer limited to traditional definitions or boundaries. Companies are constantly adapting to new working models and exploring innovative ways to tailor them to the needs of their organization. The adoption of collaboration tools has skyrocketed as companies try to ensure that productivity and efficiency remain high, whether in a remote, in-office, or hybrid work environment.
Many of these tools are general-purpose solutions that meet the requirements of employee communication and collaboration well enough. But they may not be appropriate for the top layer of your organization — the board and executives.
Boards and executives deal with information that is often highly sensitive and that consequently has higher costs of exposure. Think of the reputational, legal and financial repercussions if a classified document leaked because it was shared by executives on a general-purpose communication tool. The impact could be catastrophic. Additionally, recent cyberattacks have highlighted — not just for shareholders, but for all stakeholders — the importance of protecting an organization’s most sensitive data. General-purpose collaboration tools are unable to offer the level of protection that stakeholders expect.
“Organizations need secure environments and workflows that allow the board and executives to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps.”
Jeff Sizemore, chief governance officer, Egnyte
“Data Privacy Day reminds us of the mission-critical requirement to safeguard data amid rising cyberattacks and companies’ adaptation to longer-term, hybrid-work models. Due to increased cyber-risk and a strong consumer desire for privacy protection, there continues to be a steep rise in state-by-state data privacy requirements, with movement toward a potential federal privacy law anticipated later this year. By 2023, it’s predicted that 65% of the world’s population will be covered by privacy laws.
Increasingly, with personal privacy viewed as a human right, how vendors manage consumer and employee data will determine how much the public trusts and wants to do business with them. To comply with governmental requirements during the global pandemic, organizations may need to store employees’ Protect Health Information (PHI) like vaccination statuses for their employees, which creates its own privacy impact.
Additionally, protecting unstructured data will likely be one of the biggest challenges in 2022. If you can’t see it, you can’t govern it. If you can’t govern it, you definitely can’t manage privacy. Organizations need to have visibility into structured and unstructured data to build out effective data governance programs. Thankfully, there are data security and governance solutions available to protect that information holistically. Expect to see ongoing privacy assessments become more common in the days ahead. Those who put privacy at the forefront and ensure they are solving the problem comprehensively will be the ones who come out on top.”
Avi Raichel, VP, Zerto GTM, a Hewlett Packard Enterprise company
“Data Privacy Day serves as a critical reminder that data privacy and protection are increasingly challenging matters and organizations have no other choice than to take them seriously. Ransomware attacks are here to stay as they continue to rise in both volume and severity and as cybercriminals keep developing new and unexpected methods to encrypt data. It is estimated that by 2031, ransomware is expected to attack a business, consumer, or device every two seconds.
According to research from IDC, 95.1% of organizations suffered a malicious attack in the past 12 months and 43% of those organizations have experienced unrecoverable data loss, proving the devastating impacts of ransomware and other cyberattacks. Organizations must understand that protecting your data from ransomware is no longer about if you can recover, but rather how quickly you can get your business back up and running.
Since no single solution can offer protection from ransomware attacks with 100% certainty, having a disaster recovery and backup solution based on continuous data protection (CDP) offers companies the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can resume operation at scale in minutes and recover to a state a few seconds before an attack. Ultimately, having continuous data protection will put the power back in the hands of the organizations who are prepared.”
Gorka Sadowski, chief strategy officer, Exabeam
“Every year, Data Privacy Day is a timely reminder that organizations are custodians of our private information and that they must do everything in their power to protect our data from misuse and unauthorized leaks. Right now, information exfiltration via ransomware and insider threat seems to be rampant. The security community must better work together and prioritize innovation and collaboration above competition to fight our shared cyber enemies.
As global ransomware payments skyrocket, it proves that cybercriminals are willing to collaborate and pool resources with other threat actors to develop new ways to breach organizations around the world. Our greatest hope in defeating such highly coordinated cyberthreats is to become united in fending off their multifaceted attacks. To that end, I’m pleased to see governments finally mobilizing against cyber adversaries to prevent devastating consequences on companies in both the public and private sectors.
In addition to the various laws and mandates that preserve privacy and data standards for individuals, we remain committed to showing the world that cybersecurity is really a team sport. Our XDR Alliance was created to foster an open approach to extended threat detection, investigation and response (TDIR) for security teams everywhere. As the founding organization, we believe that a unified approach to fighting cybercrime is the future to stopping the adversaries from gaining new ground.”
Lex Boost, CEO, Leaseweb USA
“IBM recently reported that 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from $3.86 million in 2020 to $4.24 million. As a result, data protection has been getting more attention than it ever has before. The headlines consistently permeating the news might be a source of dread for IT administrators and their teams, but luckily, they are not alone. Choosing the right hosting provider can help tremendously.
Many hosting providers are picking up their proverbial swords and helping the fight against cyber adversaries. The right hosting provider can deliver extra protection by offering 24/7 security-related support services to act as an extra set of eyes against attackers. In addition, hosting providers can also provide standard security training for employees so that they can become more cyberaware.
Data Privacy Day should serve as a reminder to choose hosting providers who are willing to enter the battle against adversaries and safeguard your data.”
Carl D’Halluin, CTO, Datadobi
“No one can deny that unstructured data is growing exponentially. With the creation of so much data, a wide range of new management tools and processes to oversee it have emerged — from global data availability, data protection, data archival, and more. In this multi-vendor, multi-platform world spanning from on-premises to the cloud it cannot be denied that management, visibility, and reporting software are indispensable for a business to run efficiently and to optimize revenue. It is up to IT administrators and their teams to take on the important job of protecting its arsenal of data against threats by choosing the right data management software.
To safeguard data, organizations must use a platform that understands what data is stored where, what data needs to be relocated, be able to relocate that data, and ensure the validity of that data as it is relocated. On this year’s Data Privacy Day, I would like to issue a call to action for organizations across every industry to reevaluate what data management platform they are using in order to protect against today’s modern threats as best as possible.”
Michael Primeaux, chief architect, Umo, Cubic Transportation Systems
“In this digital age where people are more mobile and distributed than ever before, data privacy and the protection of their personal information are of paramount importance. In the mobility space, in particular, forward-thinking transit agencies are leaning on mobile applications to modernize and simplify their riders’ fare payment and reward earning capabilities. With consumer payment data cycling through these applications, it is essential that transit agencies and the technology providers involved protect that information to prevent potential fraud.
Rewards programs through transit mobile applications offer a unique challenge in that the riders have to relinquish some of their data in order to benefit from the perks. Umo Rewards, for instance, delivers real-time incentives, fare discounts, and loyalty rewards through the complementary mobility app. If riders embrace these programs, they will get an overall better travel experience, whether it be a smoother transit journey, discounts on goods or even money to use towards future trips.
To gain and keep rider trust, as we have at Cubic, we recommend that organizations handling transit rider data refine their agility and focus on adversarial threat analysis across every part of their business in order to detect and mitigate security events at a rapid pace. Often, transit agencies work with several technology partners to keep their fare payment systems and rider apps moving. Thus, supply chain security should be a key area of focus at all times. We hope this advice helps transit agencies and the technology partners that support them this Data Privacy Day and beyond.”
Danny Lopez, CEO, Glasswall
“Data Privacy Day serves as a reminder of how important the human element is in the world of cybersecurity. Without a proper understanding of online privacy risks, organizations can be left defenseless against hackers.
According to the IBM Cost of a Data Breach Report 2022, stolen credentials are the most common attack vector, leading to 20% of breaches costing an average of USD $4.37 million. In addition, the Verizon 2021 Data Breach Investigations Report stated that phishing attacks increased by 11% last year, with cybercriminals tweaking their scams to fit current events and grab attention.
The solution to fending off cyberattacks at both an individual and company level is twofold: training and technology. Training will arm employees to be alert to risks and follow best practices. This can be as simple as using strong passwords and multi-factor authentication, not opening links and/or attachments from unfamiliar sources, and using anti-virus software.
On the technology side, taking a proactive, zero trust (never trust/always verify) approach when it comes to security can not only protect the companies that implement them but their customers as well. Having these measures in place will not only assist with preventing attacks, but it’s also more cost effective and efficient than using employees as an organization’s first line of defense. By combining training and technology, individual, company, and client data privacy is significantly more achievable for organizations around the globe.”
Amit Shaked, CEO, Laminar
“Data Privacy Day is a critical reminder for every organization to ask: where is our sensitive data? In recent years, we’ve seen new security tooling and practices for cloud infrastructure emerge, but oftentimes, the usage and prioritization of such tools ignore the actual treasure that needs protecting – the data itself.
Compared to corporate networks and services, there is a massive amount of data in cloud application environments. When building a cloud application, data is still managed and housed in a single database during the early stages. However, as developers and data scientists advance the application and continue utilizing the data, where it resides and who has access to it can become uncontrollable. At this point, it is known as ‘shadow data.’
To combat these increasingly common cloud data protection challenges, security teams need a new set of cloud-native tools that are always on and continuously monitoring their environments. Trust is not enough. The solutions must allow a ‘trust but verify’ stance towards data security – this helps those handling the data get their jobs done while ensuring it is managed and protected properly.
These always-on and automated solutions allow data protection teams to finally shift left and adjust from being gatekeepers to being business enablers. This allows company productivity to be paired with data security and privacy.”