Commemorating Data Protection Day, we offer four tips and reminders to keep data safe this year.
Did you know that 28 Jan is Data Protection Day? For what it is worth, the day commemorates an annual global effort to generate more awareness of data protection, and to educate organizations about the importance of respecting data privacy, safeguarding data and enabling trust.
While that date on 2020 was still not plagued by the COVID-19 pandemic, this year’s event has got to be especially relevant after months of cyberthreat turmoil.
To help readers take stock of the dangers and challenges of remote-working affect data protection, Anurag Kahol, CTO and co-founder of cloud-security firm Bitglass, shares his thoughts and perspectives here.
- WFH is here to stay: deal with IT
Now that we have begun to see distribution of the various COVID-19 vaccines, some may think it is only a matter of time before ‘normal’ in-office work resumes.
However, that is not likely to be the case. Instead, we are going to see a permanent blend of remote and in-office work, as well as mobile employees whose workspaces are constantly changing. Organizations must be prepared to continue to operate in this manner while ensuring that data is secure no matter where or how it is accessed.
Unfortunately, many organizations lack the ability to achieve the above, and are relying on outdated tools that are designed for predominantly on-premises operations and lack the granularity needed today. Pro tip: change this weakness immediately.
- Inventory your data
To address the challenge of being ready for hybrid working, there are a few steps that must be taken. First, organizations must have an accurate inventory of data. This step is critical for adhering to data privacy regulations, because if companies do not know the information they have or where it is going, then they cannot properly protect it. What is needed is a set of comprehensive activity logs that track all file, user, app, and web activity to reveal everything that is happening with consumers’ data.
- Limit and control access to your data
After inventorying the data, companies need to protect access to consumer information as well as the various systems that store it. This can become more challenging for improperly equipped organizations that adopt cloud technologies and other remote work capabilities, as consumer data can then potentially be accessed across numerous applications and on various devices. To address this problem, organizations can require that employees attempting to access consumer data are authenticated via single sign-on (SSO) as well as multi-factor authentication (MFA). This will aid in ensuring that only legitimate, authorized users can handle consumer information.
- Understand data protection legalities and penalties
Finally, organizations need to have a thorough understanding of data jurisdictions and any security challenges they may present, especially after migrating to the cloud. With respect to certain data privacy regulations like CCPA, data may only be stored or transferred where the state has jurisdiction or an agreement is in place. Similarly, under the EU’s GDPR all personally identifiable information must be secured with policies and processes in place which allow for audit and compliance.
To ensure compliance, organizations should look for security solutions that allow them to encrypt cloud data (wherever it resides) while maintaining local control of encryption keys. Additionally, solutions that dynamically allow or deny access based on contextual factors like a user’s location, device type, or job function are highly helpful, along with data loss prevention (DLP) capabilities. For ease of management and cost-effective, consistent security, organizations should look for a single security platform that integrates all these capabilities into a single offering.
Data Protection Day serves as a reminder of one of the most important responsibilities for any organization: keeping sensitive data secure. Consumers are constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk.
Consequently, to maintain consumer trust (and remain compliant with regulations), it is imperative that companies make data security a top priority, or face the far-reaching legal, reputational and existential consequences.