The collection and use of personal data have grown at an unprecedented rate in recent years, accelerating even faster during the pandemic amid the digital shift. Heather Paunet, senior vice president at Untangle, noted: “In today’s connected era, people disclose personal data during dozens of daily interactions, from online shopping, healthcare portals, social media, wearable devices to streaming services. This data is used to create profile-specific experiences across a multitude of devices and mediums, resulting in personalized, effective marketing campaigns.”
Unfortunately, this information is also viewed as highly valuable by those with nefarious intentions, from cyber-criminals motivated by financial gain to governments wishing to use this data as a means of surveillance and control.
Protecting this data has also become more challenging in the past two years. Terry Storrar, managing director of Leaseweb UK, explained: “Protecting data has become more complex during the pandemic with the majority of businesses moving to hybrid or remote office models. There is now a myriad of external and internal security threats to address, including new vulnerabilities resulting from security gaps in the rapid-fix infrastructures that were put in place to enable home working in the first lockdown.”
Therefore, during this year’s Data Privacy Week, it is vital organizations reflect on their data protection strategies and question whether they are sufficient for the current landscape. Here are three key areas they should focus on to ensure their customers’ privacy is respected.
Security Starts at Home
First and foremost, organizations need to get their own houses in order. Insider threats, be they malicious or negligent, is a significant and growing problem, and often puts sensitive customer data at risk. Anurag Kahol, CTO at Bitglass, a Forcepoint company, said: “Companies need to protect access to consumer information as well as the various systems that store it. This can become more challenging for improperly equipped organizations that adopt cloud technologies and other remote work capabilities, as consumer data can then potentially be accessed across numerous applications and on various devices.”
Organizations must take steps to ensure access to customer data is as restricted as possible, particularly with the growing use of third-party vendors. For example, “organizations can require that employees attempting to access consumer data are authenticated via single sign-on (SSO) as well as multi-factor authentication (MFA). This will aid in ensuring that only legitimate, authorized users can handle consumer information,” outlined Kahol.
To significantly reduce the risk of non-malicious insider breaches, employees should receive extensive security awareness training. This has become even more vital following the shift to remote working, with staff often without easy access to their IT team. Leaseweb UK’s Storrar commented: “Lack of education and human error are two of the largest causes of data breaches, and it is easy for an employee to unknowingly fall into the trap of poor security practices outside the office walls. This might be something as basic as storing confidential documents on a personal device, reusing passwords or forgetting to update software. The good news is that these are relatively simple to fix through training that encourages all employees to take responsibility for the safety of the data they use.”
