Member Article

Step by step to data security – 4 top tips this Data Protection Day

The importance of having data protection measures in place is common knowledge, and yet there are still businesses operating on a daily basis without sufficient protection. On this Data Protection Day, a range of IT professionals share their top tips for staying secure.

1. Understand your data to ensure profitability

Shannon Simpson, Cyber Security and Compliance Director at Six Degrees, emphasises the importance of understanding your data fully to ensure you stay protected.

“Effectively protecting data means employing a holistic strategy, looking at people, processes, systems and technology from the ground up. Understanding how every fragment of data is collected, where it is held, and how it is accessed and used can be the difference between having a profitable, secure business and succumbing to damaging breaches. Staying abreast of this is a tall order, which is why cyber security specialists like us have developed methodologies to understand the permutations. The key is employing Cyber Security Maturity (CSM) modelling, which allows organisations to understand their security posture with granularity, providing a roadmap to robustness.”

2. Prepare your people as well as your tech

One of the key defences that a business has in place is its people, according to John Williams, Product Manager at Node4.

“There is no silver bullet to the challenges of data protection, but there are a number of key areas that every organisation can employ to significantly raise their game. Success is less about cost and more about making an active, long-term commitment.

“Firstly, treat your staff as your human firewall, educate them in the threats they may be exposed to and get them active and aware of those threats – they are your intelligent line of defence. Added to this, regular vulnerability scanning and penetration testing provides vital intelligence that your security is matched to the threats. Do it again and again as the threat landscape is a moving feast. And, should serious problems occur, disaster recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”

3. Prioritise resilience and disaster recovery

Steve Blow, Tech Evangelist at Zerto, encourages businesses to focus on their resiliency plans to give their customers confidence.

“All businesses know by now that they need to prioritise data protection – there’s certainly enough headline scare stories of data leaks, outages and ransomware attacks that should have persuaded them over the past year. Adding to this is the modern consumer perspective of ‘there’s no excuse for downtime, or the loss of data’. Businesses need to be focusing on ensuring they are resilient against the many threats facing data today, to prove to their customers they are taking data protection seriously.

“The adoption of the latest technology, with innovative new approaches, has led to this number of both planned and unplanned disruptions in a business rising. Combating this means companies need to start looking outside of traditional backup capabilities to keep the business online; they need to choose a modern, resilience approach that can utilise continuous data protection.

“This, paired with the ability to orchestrate and automate the mobility of applications to the ideal infrastructure, will enable businesses to have more than just their customers’ data protected. Organisations will become completely IT resilient, protecting data, infrastructure and reputation – without the downtime.”

But in the event of a cyber attack, Alan Conboy, CTO at Scale Computing, advises businesses to invest in backup and disaster recovery sooner rather than later.

“Data Privacy Day serves as a significant reminder to the technology industry that securing your data is of utmost importance. As more organisations are moving their workloads to edge and hyperconverged environments, companies are looking to protect and recover these workloads. Backup and disaster recovery used to simply be good business practices. Now, for many industries, they are a big part of regulatory compliance. Data is more valuable than ever before and how data is managed and protected is increasingly being regulated by law. Platforms that include a variety of backup and disaster recovery features including snapshots, replication, failover, failback and cloud Disaster Recovery-as-a-Service are key.”

4. Know where your data is and how to access it

With GDPR now fully enforced, data hosting providers in particular need to keep on top of their data at all times to give customers peace of mind, explains Jon Lucas, Director at Hyve Managed Hosting.

“Almost a year post-GDPR and quite rightly, data protection remains firmly in the spotlight. Though the reminders might seem tedious, being confident in your data security is more crucial now than ever before. Hosting and cloud providers in particular need to prioritise security measures that can help prevent cybercriminals from taking advantage, thereby ensuring that their customers’ data is kept safe. It is now commonly accepted that it is a matter of if, not when, attacks occur – in the event of a breach, businesses need to be able to trust that their provider has suitable security and recovery measures in place, giving them peace of mind that no harm will come to the data placed in their hands.”

Neil Barton, CTO at WhereScape, emphasises the importance of this for all businesses handling customers’ data.

“Data Privacy Day serves as a reminder to remain proactive in protecting and managing your data. The only way to ensure that your business and customers are protected, and remain compliant with any regulations is to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to understand its usage. In addition, to further data protection and comply with subject access requests, data must be stored in a location with fast and adaptable extract capabilities.

“This is particularly challenging for organisations with a large number of data sets, where manually processing all of this information effectively can be time intensive, and error-prone. This is where automation comes in – data infrastructure automation can help companies ensure all data is adequately tagged, ensuring data is identifiable, auditable and quickly retrievable. This can help companies prove their level of data privacy compliance to regulators and customers.”

What does the future hold for data protection and privacy?

According to Stephen Gailey, Solutions Architect at Exabeam, the legislation we have seen so far is only the beginning, and the largest companies will need to prepare for further government intervention.

“Data privacy was a hot topic in 2018, and that trend is expected to continue in the coming months. Over the next year, I believe we will see the first sign of government control over large internet service companies. Organisations such as Google and Facebook still don’t seem to understand what privacy means. I think we will actually see some form of legislative control being put forward or even break-ups considered.”

Now that the GDPR dust has settled, it is time to take stock of your data protection processes and strategies, and ensure that it is up to scratch for the coming year.

This was posted in Bdaily's Members' News section by Industry Experts .

Our Partners