Data Privacy is a global educational initiative focused on raising awareness about the importance of protecting the privacy of personal information online, it is a collective effort by international organizations, individuals and business to respect privacy, safeguard data and enable trust.
Data Protection Day commemorates Jan. 28, 1981, with the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is celebrated annually on January 28th and is designed to “inspire dialogue and empower individuals and companies to take action” on the way personal information is collected, stored and used. (Staysafeonline)
Data security is one of the most difficult tasks for IT and infosec professionals and refers to the processes and practices that protect data from unauthorized access.
Similar to other approaches like perimeter security, file security or user behavioural security, data security is one method of evaluating and reducing the risk that comes with storing any kind of data.
Each year, companies of all sizes spend a sizable portion of their IT security budgets protecting their organizations from hackers intent on gaining access to data through brute force, exploiting vulnerabilities or social engineering.
The core elements of data security, also known as the CIA triad, are confidentiality, integrity, and availability. This is a security model and a guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration.
According to a report by the Ponemon Institute and IBM Security, the average cost of a data breach in 2019 was calculated at $3.92 million and in 2020 at $3.86 million. Having a remote workforce was found to increase the average total cost of a data breach of $3.86 million by nearly $137,000, for an adjusted average total cost of $4 million.
While the average cost of a data breach in 2020 for big businesses was more than $150 million. (BigCommerce).
High-profile companies such as Capital One, Evite and Zynga experienced data breaches that exposed more than 100 million customer accounts each (Techtarget). The average security incident in 2019 involved 25,575 accounts, according to the report. This is information that must be disclosed to customers, and organizations could potentially wind up as cautionary tales. In 2019, data breaches cost companies a total of 2 trillion dollars. (Juniper).
Ransomware and phishing also are on the rise and considered major threats and are becoming more creative every day.
That is why companies must secure data so that it cannot leak out via malware or social engineering. Breaches are often costly events that end in multimillion-dollar class-action lawsuits and victim settlement funds. Cybercrime is estimated to cost the world $6 trillion annually by 2021 (Cybersecurity Ventures).
Sherri Davidoff, author of Data Breaches: Crisis and Opportunity, listed five factors that increase the risk (Techtarget) of a data breach: access; the amount of time data is retained; the number of existing copies of the data; how easy it is to transfer the data from one location to another – and to process it; and the perceived value of the data by criminals.
With the adoption and enforcement of the GDPR in 2018 and the possible “ePrivacy Regulation,” companies and institutions have increased their data awareness.
But COVID-19 has reshuffled the procedures for handling and processing of personal data and has posted new systemic cyber risks in the working from home environment. Increased system stress and gaps in collaborative tools have led to increased vulnerability, as witnessed in numerous reports of higher levels of cyberattacks, including malware-laced email phishing, scammers posing as corporate help desks, and malware in COVID-19 information sites.
Many people are now using unsecured devices and internet communications with lower protection levels than those maintained in corporate or institutional networks. With workplaces closed and employees working from home, the IT departments of public and private institutions, SMBs, SMEs, and Large Enterprises have had to set up remote operations rapidly, have faced completely new challenges, struggling with rapid and unplanned scaling-up of infrastructure and less time to conduct risk assessments.
To ensure business operations, employers must provide security guidelines, restrict the use of private devices, recommend particular software applications, supply adequate password protection, as well as formulate instructions for protecting hardware and hard copies of documents. Employees need to be informed of the special technical features enabling secure remote operations and trained as needed in their use. The importance of security in working remotely needs to be stressed, and the VPN made mandatory.
At Avangarde Software we had to maintain the security of our systems, software, and data outside the centralized, well-controlled corporate network, while also meeting GDPR requirements.
We are providing our employees with laptops, mobile phones, and other necessary equipment to secure virtual-private-network (VPN) connections so that they may work remotely. We also provided employees with an array of other technical features to secure their networks. This includes patch and configuration management for relevant systems, multifactor identification and secure-access management, on-premise application security for remote access, device virtualization, capacity and security monitoring, and contingency resources (to limit the effects of failures and breakdowns).
Whenever an organization creates a new way of accessing its data, it puts that data at greater risk. By necessity, many remote workers will have to move data (or devices that can access that data) into public spaces. And for hackers, stealing data off of home or public computers is a low-risk, high-reward operation.
Research shows that these are the main causes that affect data security:
Did you know?
Looking back at 2019 and all the challenges it brought, productivity has been steady in Avangarde Software, and we want to keep the work from home policy in place for the long term, naturally transiting to a cultural mix of working remotely and coming back safely to the office (read more about this).
One of the issues that remains most important to us is data security when working from home. Maintaining good data-security practices from the home office to avoid some very real consequences.
Here are some tips about data security best practices that everyone can apply at home, to add more security to their remote work:
Each year, companies of all sizes spend a sizable portion of their IT security budgets protecting their organizations from hackers intent on gaining access to data through brute force, exploiting vulnerabilities or social engineering. Throughout this article are links that will help you learn more about the challenges related to securing sensitive data and maintaining customer privacy.
While working remotely may be convenient and even necessary, it creates some entirely new security challenges. Training a remote workforce on how to properly use videoconferencing technology, VPNs, and encryption is crucial to managing those risks. This is because the home environment and the tools to streamline remote work only makes things easier for hackers.
A recent example is the 2020 Zoom attacks in which hackers stole 500,000 Zoom account passwords and sold them on the dark web. (CPO Magazine)
Cyberattacks and phishing are as common now as they have ever been, and new phishing methods arise every day.
That is why it is so important for companies to have a proactive security strategy in the workplace and to invest in security awareness training so that their employees are informed and know how to protect themselves and their organization’s assets from loss. Users working remotely must stay vigilant and follow security best practices.