This is part 3 in a series for Data Privacy Day 2022. Don't forget to apply for our Cyber Top 20 List - recognizing the top companies in cyber!
Data Privacy Day occurs each year on January 28 and was created to raise awareness and promote privacy and data protection best practices. Data Privacy Day's educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking.
We heard from privacy and security experts from across the world about how far we've come in the past year in terms of data privacy understanding and implementation -- and how far we still have to go...
[part 3]
Steve Cochran, CTO of ConnectWise
“The concept of data privacy may never have been more important than it is today, on this Data Privacy Day. And never before has the concept of Data privacy been more under threat. It behooves all of us technical professionals to use this day to reflect on the growing threat and our response to that threat over the last year and prepare ourselves for the coming year. Data privacy and the effort that is required to protect it will continue to change at an accelerated rate this coming year and the years to come. Our company and our partners are doing their part and leading the charge in keeping our community safe and secure against these growing threats.”
Dottie Schindlinger, Executive Director, Diligent Institute
"Today’s workplace is no longer limited to traditional definitions or boundaries. Companies are constantly adapting to new working models and exploring innovative ways to tailor them to the needs of their organisation. The adoption of collaboration tools has skyrocketed as companies try to ensure that productivity and efficiency remain high, whether in a remote, in-office, or hybrid work environment.
"Many of these tools are general-purpose solutions that meet the requirements of employee communication and collaboration well enough. But they may not be appropriate for the top layer of your organisation — the board and executives.
"Boards and executives deal with information that is often highly sensitive and that consequently has higher costs of exposure. Think of the reputational, legal and financial repercussions if a classified document leaked because it was shared by executives on a general-purpose communication tool. The impact could be catastrophic. Additionally, recent cyberattacks have highlighted — not just for shareholders, but for all stakeholders — the importance of protecting an organisation’s most sensitive data. General-purpose collaboration tools are unable to offer the level of protection that stakeholders expect.
"Organisations need secure environments and workflows that allow the board and executives to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps."
Carl D’Halluin, CTO, Datadobi
“No one can deny that unstructured data is growing exponentially. With the creation of so much data, a wide range of new management tools and processes to oversee it have emerged — from global data availability, data protection, data archival, and more. In this multi-vendor, multi-platform world spanning from on-premises to the cloud it cannot be denied that management, visibility, and reporting software are indispensable for a business to run efficiently and to optimize revenue. It is up to IT administrators and their teams to take on the important job of protecting its arsenal of data against threats by choosing the right data management software.
To safeguard data, organizations must use a platform that understands what data is stored where, what data needs to be relocated, be able to relocate that data, and ensure the validity of that data as it is relocated. On this year’s Data Privacy Day, I would like to issue a call to action for organizations across every industry to reevaluate what data management platform they are using in order to protect against today’s modern threats as best as possible.”
Michael Primeaux, chief architect, Umo, Cubic Transportation Systems
“In this digital age where people are more mobile and distributed than ever before, data privacy and the protection of their personal information are of paramount importance. In the mobility space, in particular, forward-thinking transit agencies are leaning on mobile applications to modernize and simplify their riders’ fare payment and reward earning capabilities. With consumer payment data cycling through these applications, it is essential that transit agencies and the technology providers involved protect that information to prevent potential fraud.
Rewards programs through transit mobile applications offer a unique challenge in that the riders have to relinquish some of their data in order to benefit from the perks. Umo Rewards, for instance, delivers real-time incentives, fare discounts, and loyalty rewards through the complementary mobility app. If riders embrace these programs, they will get an overall better travel experience, whether it be a smoother transit journey, discounts on goods or even money to use towards future trips.
To gain and keep rider trust, as we have at Cubic, we recommend that organizations handling transit rider data refine their agility and focus on adversarial threat analysis across every part of their business in order to detect and mitigate security events at a rapid pace. Often, transit agencies work with several technology partners to keep their fare payment systems and rider apps moving. Thus, supply chain security should be a key area of focus at all times. We hope this advice helps transit agencies and the technology partners that support them this Data Privacy Day and beyond.”
Danny Lopez, CEO, Glasswall
“Data Privacy Day serves as a reminder of how important the human element is in the world of cybersecurity. Without a proper understanding of online privacy risks, organisations can be left defenceless against hackers.
According to the IBM Cost of a Data Breach Report 2022, stolen credentials are the most common attack vector, leading to 20% of breaches costing an average of USD $4.37 million. In addition, the Verizon 2021 Data Breach Investigations Report stated that phishing attacks increased by 11% last year, with cybercriminals tweaking their scams to fit current events and grab attention.
The solution to fending off cyberattacks at both an individual and company level is twofold: training and technology. Training will arm employees to be alert to risks and follow best practices. This can be as simple as using strong passwords and multi-factor authentication, not opening links and/or attachments from unfamiliar sources, and using anti-virus software.
On the technology side, taking a proactive, zero trust (never trust/always verify) approach when it comes to security can not only protect the companies that implement them but their customers as well. Having these measures in place will not only assist with preventing attacks, but it’s also more cost effective and efficient than using employees as an organisation’s first line of defence. By combining training and technology, individual, company, and client data privacy is significantly more achievable for organisations around the globe.”
Amit Shaked, CEO, Laminar
“Data Privacy Day is a critical reminder for every organization to ask: where is our sensitive data? In recent years, we’ve seen new security tooling and practices for cloud infrastructure emerge, but oftentimes, the usage and prioritization of such tools ignore the actual treasure that needs protecting – the data itself.
Compared to corporate networks and services, there is a massive amount of data in cloud application environments. When building a cloud application, data is still managed and housed in a single database during the early stages. However, as developers and data scientists advance the application and continue utilizing the data, where it resides and who has access to it can become uncontrollable. At this point, it is known as ‘shadow data.’
To combat these increasingly common cloud data protection challenges, security teams need a new set of cloud-native tools that are always on and continuously monitoring their environments. Trust is not enough. The solutions must allow a ‘trust but verify’ stance towards data security – this helps those handling the data get their jobs done while ensuring it is managed and protected properly.
These always-on and automated solutions allow data protection teams to finally shift left and adjust from being gatekeepers to being business enablers. This allows company productivity to be paired with data security and privacy.”
Josh Odom, CTO, Pathwire
As we look towards Data Privacy Day on January 28, this is a time to examine and raise awareness around the importance of protecting personal information. Privacy and security are always top of mind when it comes to consumer data and that is especially true with email marketing. According to a recent survey by Mailjet by Sinch and Ascend2, ”privacy/security” is a top priority for best-in-class email marketers, with 43% of respondents in this segment selecting it among the email marketing trends for 2022.
With big players such as Apple and Google announcing plans to phase out third-party cookies, the days when you could deploy a cookie and track people are ending. We think this will make channel marketing way more relevant, but it will also pose new challenges. The Apple Mail Privacy Protection update, for example, is forcing senders to rethink the way they measure success in their email campaigns. The ability that marketers have had until now to easily track people's behaviors is dwindling quickly.
According to the United Nations, cybercrime is on the rise - with a 600% increase in malicious emails during the pandemic -, and users are demanding more control over their personal data. Now more than ever, we need to put data privacy and security at the forefront of our email marketing strategies to establish trust and protect personal information.
Ryan Abraham, virtual CISO of Wisetail
“Data privacy is incredibly important in the HR industry. HR professionals are entrusted with employees’ sensitive data—from social security numbers to phone numbers to home addresses and more—so it’s vital that every company takes the proper steps to ensure that data is safe.
One important step here is to certify your organization as SOC 2 compliant. SOC 2 is based on five factors—security, availability, processing integrity, confidentiality, privacy—and the certification tells users that your organization maintains a high level of information security and handles their data responsibly. Additionally, SOC 2 compliance ensures that your organization has implemented security practices to defend itself from cyberattacks and breaches.
Another great way to honor Data Privacy Day this year is to start regular employee training on data privacy best practices, which can be easily created and assigned to your team through a learning experience platform (LXP). These training courses can educate employees on how to spot a phishing attack, create strong passwords, avoid suspicious and dangerous websites, and more. Your employees are your first line of defense against data privacy threats, so it’s essential that they are equipped to keep themselves and your business safe.”
###