sb-as logo
Story image

Data Protection Day finally gaining deserved recognition

26 Jan 2019

Article by KCOM information security consultant David Francis 

Data Protection Day falls on Monday 28th January this year. In previous years, this day has been overlooked. However, in 2019, we’re finally starting to see people and businesses give it the recognition it deserves.

So why is data protection so important in 2019? Last year we saw some immense upsets, from the BA data breach to the Cambridge Analytica scandal. The range of consumer-facing breaches in 2018 have truly proved that cyber security is the last line of defence for personal security. In addition, since the last Data Protection Day, we have seen the introduction of the GDPR.

The first question you should ask yourself today is: Do you know when you’ve been attacked?

It takes companies an average of 206 days to discover a breach, so the answer is ‘probably not.’ And the threat doesn’t just have to be external: you could have sleeper agents placing time bombs in advance. They don't necessarily need to be onsite at the crucial moment.

It could be a developer with a grudge placing a time bomb in the system to erase crucial intellectual property, or even an outgoing executive quietly deleting things in the background. If done quietly over a period of time, you could lose your backups as well, with no way of tracing the culprit. This is in addition to the huge GDPR fines you would face. Companies need to have measures in place to track data movement to prevent this kind of insider threat.

The next question to ask yourself today is whether you have been paying attention to the news around GDPR.

If 2018 was the year of compliance, 2019 will be the year of retribution for everyone’s favourite data privacy regulation. The period of grace is drawing to a close, and we’re already seeing the ICO taking its first high-profile scalp over treatment of personally identifiable information, with Google being the first to fall in France.

This has set the precedent by which all further cases are judged – letting companies know along the way just how strictly enforced the rules are going to be, and how heavy the fines. Now is the time to check your compliance levels.

If 2019 is anything like 2018, consumers are in the firing line. With these scenarios in mind, on Data Protection Day, it’s time to re-evaluate your security plans and consider: Does this plan put the customer first? Is your security system tracking insider threats? Are you aware of which employees have access to what data? Are you GDPR compliant?

If your organisation can safely answer yes to all these questions, congratulations, you have had a successful Data Protection Day. However, that doesn’t mean it’s time to stop evaluating your systems, in today’s security landscape, you can never be too safe.

Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More