This is part 3 in a series for Data Privacy Day 2022. Don't forget to apply for our Cyber Top 20 List - recognizing the top companies in cyber!
Data Privacy Day occurs each year on January 28 and was created to raise awareness and promote privacy and data protection best practices. Data Privacy Day's educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking.
We heard from privacy and security experts from across the world about how far we've come in the past year in terms of data privacy understanding and implementation -- and how far we still have to go...
Steve Cochran, CTO of ConnectWise
“The concept of data privacy may never have been more important than it is today, on this Data Privacy Day. And never before has the concept of Data privacy been more under threat. It behooves all of us technical professionals to use this day to reflect on the growing threat and our response to that threat over the last year and prepare ourselves for the coming year. Data privacy and the effort that is required to protect it will continue to change at an accelerated rate this coming year and the years to come. Our company and our partners are doing their part and leading the charge in keeping our community safe and secure against these growing threats.”
Dottie Schindlinger, Executive Director, Diligent Institute
"Today’s workplace is no longer limited to traditional definitions or boundaries. Companies are constantly adapting to new working models and exploring innovative ways to tailor them to the needs of their organisation. The adoption of collaboration tools has skyrocketed as companies try to ensure that productivity and efficiency remain high, whether in a remote, in-office, or hybrid work environment.
"Many of these tools are general-purpose solutions that meet the requirements of employee communication and collaboration well enough. But they may not be appropriate for the top layer of your organisation — the board and executives.
"Boards and executives deal with information that is often highly sensitive and that consequently has higher costs of exposure. Think of the reputational, legal and financial repercussions if a classified document leaked because it was shared by executives on a general-purpose communication tool. The impact could be catastrophic. Additionally, recent cyberattacks have highlighted — not just for shareholders, but for all stakeholders — the importance of protecting an organisation’s most sensitive data. General-purpose collaboration tools are unable to offer the level of protection that stakeholders expect.
"Organisations need secure environments and workflows that allow the board and executives to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps."
Carl D’Halluin, CTO, Datadobi
“No one can deny that unstructured data is growing exponentially. With the creation of so much data, a wide range of new management tools and processes to oversee it have emerged — from global data availability, data protection, data archival, and more. In this multi-vendor, multi-platform world spanning from on-premises to the cloud it cannot be denied that management, visibility, and reporting software are indispensable for a business to run efficiently and to optimize revenue. It is up to IT administrators and their teams to take on the important job of protecting its arsenal of data against threats by choosing the right data management software.
To safeguard data, organizations must use a platform that understands what data is stored where, what data needs to be relocated, be able to relocate that data, and ensure the validity of that data as it is relocated. On this year’s Data Privacy Day, I would like to issue a call to action for organizations across every industry to reevaluate what data management platform they are using in order to protect against today’s modern threats as best as possible.”
Michael Primeaux, chief architect, Umo, Cubic Transportation Systems
“In this digital age where people are more mobile and distributed than ever before, data privacy and the protection of their personal information are of paramount importance. In the mobility space, in particular, forward-thinking transit agencies are leaning on mobile applications to modernize and simplify their riders’ fare payment and reward earning capabilities. With consumer payment data cycling through these applications, it is essential that transit agencies and the technology providers involved protect that information to prevent potential fraud.
Rewards programs through transit mobile applications offer a unique challenge in that the riders have to relinquish some of their data in order to benefit from the perks. Umo Rewards, for instance, delivers real-time incentives, fare discounts, and loyalty rewards through the complementary mobility app. If riders embrace these programs, they will get an overall better travel experience, whether it be a smoother transit journey, discounts on goods or even money to use towards future trips.
To gain and keep rider trust, as we have at Cubic, we recommend that organizations handling transit rider data refine their agility and focus on adversarial threat analysis across every part of their business in order to detect and mitigate security events at a rapid pace. Often, transit agencies work with several technology partners to keep their fare payment systems and rider apps moving. Thus, supply chain security should be a key area of focus at all times. We hope this advice helps transit agencies and the technology partners that support them this Data Privacy Day and beyond.”
Danny Lopez, CEO, Glasswall
“Data Privacy Day serves as a reminder of how important the human element is in the world of cybersecurity. Without a proper understanding of online privacy risks, organisations can be left defenceless against hackers.
According to the IBM Cost of a Data Breach Report 2022, stolen credentials are the most common attack vector, leading to 20% of breaches costing an average of USD $4.37 million. In addition, the Verizon 2021 Data Breach Investigations Report stated that phishing attacks increased by 11% last year, with cybercriminals tweaking their scams to fit current events and grab attention.
The solution to fending off cyberattacks at both an individual and company level is twofold: training and technology. Training will arm employees to be alert to risks and follow best practices. This can be as simple as using strong passwords and multi-factor authentication, not opening links and/or attachments from unfamiliar sources, and using anti-virus software.
On the technology side, taking a proactive, zero trust (never trust/always verify) approach when it comes to security can not only protect the companies that implement them but their customers as well. Having these measures in place will not only assist with preventing attacks, but it’s also more cost effective and efficient than using employees as an organisation’s first line of defence. By combining training and technology, individual, company, and client data privacy is significantly more achievable for organisations around the globe.”
Amit Shaked, CEO, Laminar