Story image

Cybersecurity experts offer critical advice on eve of Data Protection Day

27 Jan 2018

Data Protection Day is fast approaching with the annual event due to be recognised on Sunday the 28th of January.

The day is acknowledged in the US, Canada and 47 European countries, and has been upheld for more than 10 years. It’s main purpose is to raise awareness and promote privacy and data protection – particularly among businesses.

This year the occasion has a special significance as in less than six months, businesses around the world are due to be rocked to the foundations when the EU’s General Data Protection Regulation (GDPR) comes into force.

The UK government is also reviewing the Data Protection Bill, designed to bring the UK’s data protection laws in line with the landmark EU Regulation.

In light of this, we have gathered insights from various experts to offer advice on what organisations need to prioritise and consider when it comes to keeping data safe.

Aeriandi CPO and co-founder Tom Harwood

"It is estimated that between 30 and 50 percent of all fraud incidents are initiated with a phone call. Telephone agents in contact centres are particularly vulnerable to social engineering and manipulation. 

Web based security measures have evolved much faster than those for voice and telephone in recent years.  For the web there’s always the option of multi-factor authentication.

There’s also behavioural monitoring as a preventative measure and identity based management – all improving degrees of data security. The same is not true however for phone-based contact, which is still a poor relation to online."

Bitglass CEO Rich Campagna

“Data Protection Day is the perfect time to remind organisations about protecting data that moves beyond the network perimeter.

Organisations have a responsibility to safeguard customer data, wherever it might reside. Anyone with a credit card can now purchase and deploy cloud apps, so IT leaders must look for ways to continue to protect data in light of this new reality.

Being able to identify rogue cloud application usage is just one piece of the puzzle – acting on this information is often more challenging. Businesses need to rethink their approach to data protection in the case of cloud applications – if you’re not able to control the application, make sure that you have measures in place to track and manage the traffic and data itself.

In a similar vein, too many companies focus on prevention, malware detection and remediation capabilities instead of properly securing the data itself. If companies have the appropriate data protection technology installed in their environment, it can prevent data from being accessed or leaked by malicious attackers."

Nexsan CTO and founder Gary Watson

"With fraudsters increasingly looking for ways to exploit telephone contact centre agents, and regulations like GDPR coming into play, organisations must use events such as Data Protection Day to give voice security the attention it deserves.

Secure phone payment solutions can completely eliminate the need for sensitive payment information to enter the contact centre environment in the first place, making them a far less appealing target for criminals and removing the associated risks to the organisation.

Whether for analytics, training purposes, compliance adherence or other business processes, the volume of call recordings being generated today is growing at an exponential rate.

Organisations that fail to take securing this data seriously are not only risking the safety of their customers’ most sensitive information, but also gambling with their own reputation."

Cloudhouse CEO, CTO and founder Mat Clothier

“An element to data protection that is often overlooked is the need to run up-to-date operating systems.

Security best practice will always advise organisations to move away from legacy, unpatched versions that are vulnerable to data theft or loss – users of Windows XP, Server 2003 and, soon enough, Windows 7, all face this challenge.

However, it’s easier said than done; organisations of all industries often find themselves having to rewrite legacy apps not built for modern platforms, which can be both time-consuming and costly.

Thankfully, compatibility containers can now help any business looking to take a comprehensive approach to data protection in 2018, enabling the mobility of mission-critical, legacy apps to the safety of a support OS."

Zerto EMEA VP Peter Godden

"We are less than one month into 2018, and already it's becoming difficult to overstate the threat that an out-of-date approach to data protection poses.

The recent discovery of two major security flaws, Meltdown and Spectre, as well details of the Equifax and Wannacry data breaches in the past twelve months, have proved that the whole world is vulnerable to data loss of theft. 

We need to assume that complex attacks will happen, and unfortunately, sometimes succeed; although it may not be the direct fault of a CEO or CIO, it is still their responsibility to be prepared for and deal with its aftermath. 

Having an up-to-date, rigorous IT resiliency plan in place can prevent any lasting damage that could occur. The challenge when an unavoidable attack hits is less the intrusion itself, but rather the protection against valuable data loss and the ability to recover immediately.

Ultimately, the end goal is to maintain regular business operations so that customers and end-users alike will not experience any interruption to their services and data."

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.