It seems like hardly a day goes by without hearing news of another data breach. Whether it’s government or healthcare organizations, retail giants, or social media sites, it’s beginning to feel like achieving data privacy is an impossible feat. And while 100% security will probably always be elusive, it can be greatly improved when organizations begin to think about it differently.
Here are three views on data privacy that need to change in order to achieve better data privacy protection.
3 Data Privacy Challenges Facing Organizations Today
1. Viewing Data Privacy as a Compliance-Only Necessity
Compliance is an important, driving force behind the adoption of data privacy solutions. In the United States, there are regulations such as HIPAA for healthcare, CJIS for government, and PCI for retailers and those managing financial transactions. Some countries have passed their own data privacy laws, most notably the European Union’s General Data Protection Regulation (GDPR) standard, “the greatest change to European data security in 20 years,” which also affects U.S. businesses.
But passing an annual regulatory audit should not be the only reason an organization creates data privacy defenses; after all, threats are constantly evolving and need to be continuously monitored. For the security of customers (and the well-being of the organization), protecting data privacy must be part of an overall corporate strategy that takes steps to ensure internal employees, and external partners and contractors, use smart privacy protection techniques; this includes malware detection and identity management.
2. Viewing Data Privacy as a Cost, Rather than an Investment
The impact of a data privacy breach can go far beyond regulatory penalties. Remember the Target breach of 2013? The retail giant is still reeling from the attack; legal woes continue to haunt it, and costs begin to approach $300 million due to lawsuits. Additionally, the cost of adopting new security procedures, mandatory comprehensive third-party security audits, and the loss of customer trust has resulted in declining sales quarter after quarter.
Rather than waiting until a disaster strikes, organizations need to take a proactive approach to security and invest in technologies that ensure resiliency, recovery, and restoration, as quickly as possible. Key securities include, maintaining a high-availability infrastructure with continuous updating, replication, and backups. Archiving should also be part of any organization’s data privacy infrastructure. Archiving helps to backup operations by prioritizing information to determine its criticality and its need to be produced more, or less frequently. This also eliminates the waste and expense of backing up unnecessary emails, attachments, video, social media, and other data contributing to data volume, but not vital to the organization. Had Target initially made more of a financial investment in data and identity protection—the lack of which ultimately led to the breach—it would likely have never suffered such financial devastation.
3. Viewing Data Privacy as an External Threat Only
Technology, and attitudes toward it, are changing quickly. From widespread social media sharing, to the flexibility of working anywhere (and on a personally-owned device), human error is giving malware a run for its money. What’s most frustrating is that it’s probably the most preventable data privacy breach, but the threat goes unseen as organizations focus on external threats only. But internal threats—the people who work FOR the organization—can inadvertently open organizations up to potential disasters. According to the Harvard Business Review, millennials—now the largest generation in today’s workforce—are more likely to keep their passwords in plain sight, store passwords on a shared drive or in a non-protected work document folder, and lose their devices; which can give whoever finds it unrestricted access to sensitive company data.
Organizations will have a hard time attracting new talent if they restrict usage of consumer devices, applications and services, and enforce a 9-5 in-office schedule to keep tabs on everything. They do, however, need to develop smart policies that reflect both the benefits to employees and the threats to data privacy. It’s important to make employees aware of best practices to ensure data privacy, and to do continuous vulnerability testing to surface unexpected problems. Organizations also need to be sure employees understand that new uses of technology—mobile devices, downloaded applications, public Wi-Fi networks, and on-demand services—often increase data privacy risks, and must be used carefully.
Making Data Privacy a Priority
It’s not uncommon for an organization to have some sort of data privacy plan in place, but it’s usually a piece to a broader disaster recovery, or business continuity puzzle. To be safe, data privacy needs to stand on its own, through strategic planning and testing (and testing needs to be ongoing). The strategy needs to be agreed upon by the C-Suite, business stakeholders, the IT department, and third-party cloud providers.
A reputable cloud provider can help develop the plan, test it to uncover vulnerabilities, and repair them before they become a problem. While internal IT staff and business leaders have the advantage of understanding the ins-and-outs of how data is captured, stored, and used within their organization, they can be isolated from the reality of external and internal threats that a dedicated cloud provider can deliver.
For many of today’s organizations, finding the right cloud provider to mitigate the risk of data privacy breaches may be the best option. You can learn more by contacting DSM today.