As January draws to a close, Data Protection Day (January 29th) encourages us all to be more aware of the security of our data, particularly with GDPR on the horizon. With ransomware attacks taking over the tech world last year, businesses need to ensure that they are far better prepared in 2018. We hear from industry experts who discuss the necessity of taking action before it is too late.
Rowan Troy, Security Solutions Director at Six Degrees:
“As data across all business sectors continues its growth trajectory, so do the security challenges for CTOs, which are further amplified by the introduction of the General Data Protection Regulation (GDPR) on 25th May. Data Protection Day presents an ideal opportunity for businesses and CTOs to take a close look at their data and determine the best approach for ensuring security and compliance. In the face of an evolving regulatory climate, many businesses are choosing to outsource these needs to a multi service provider (MSP) with the facilities and expertise to provide the appropriate data security and management in accordance with current and future legislation. This can be done very cost effectively, with additional benefits including peace of mind and the freedom to focus on core business goals.”
Jake Madders, Director at Hyve Managed Hosting:
“There really is a day for everything. Whilst Data Protection Day may not get the juices flowing as much as National Yorkshire Pudding Day (5th February for anyone wondering), this year it is more relevant than ever. Coming off a year of massive cyber attacks (think WannaCry and Bad Rabbit) we now have GDPR on our backs. You have to be more careful than ever when it comes to sharing personal data. Businesses can no longer blame sub-par technology for data hacks – especially as they will soon come with a pretty hefty fine. Now is the time to think about the next step. Invest in a solution that ensures customer data is as secure as can be. Place your company’s data protection into the secure and comfortable hands of an MSP who can provide a hassle free security solution. When GDPR finally comes into play, you can sit back and relax.”
Tom Harwood, Chief Product Officer and Co-Founder at Aeriandi:
“GDPR is just around the corner. Every organisation needs to be aware of the risks and get compliant. Businesses have a growing responsibility for their customer data. They will need to question the capability of their third parties and the platforms they are using to ensure compliance with a range of new rules and regulations. Alternatively, they can turn to the cloud. The power, security and flexibility offered by the cloud are impossible to ignore. It is arguably the most secure and most cost-efficient way of processing and storing customer data. The cloud can help close the gap between resource and requirement, offering an affordable and proven route to help companies achieve compliance with multiple regulations simultaneously. No business wants to damage its reputation or bottom line, but rules and regulations are changing. Organisations need to change with them, while looking ahead to the future, if they are to navigate the changing landscape. Data Protection Day provides a good opportunity to take stock.”
In contrast, our fourth expert believes that GDPR is not necessarily the biggest threat facing organisations this year.
Thomas Fischer, Global Security Advocate at Digital Guardian:
“While initiatives like Data Protection Day and the emergence of new regulations such as the GDPR are making businesses more aware of their own data protection, many still do not place enough emphasis on the threat posed by third parties. Nowadays, a wide variety of third parties come into contact with corporate data. From contractors and external professional services companies to companies providing IT services such as cloud storage systems. The growth in outsourcing, complex supply chains and new computing platforms has created threat vectors that simply would not have existed even a few years ago. Many believe that if third party suppliers and contractors are compliant to one security standard or another, they can be trusted with sensitive data. But being compliant at one point in time is not a true indication of security posture, as it doesn’t take into account any changes in the company’s infrastructure or advancements in attack techniques. It is key to understand how internal employees and external contractors are using data and where they’re accessing it. This means putting in place a single, consistent data protection policy and other controls to ensure that data is shared in a secure manner. This should include authentication, encryption and access rights, according to different roles and data types – segmentation is critical to a secure information supply chain.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.