Data Security – Done Right
Over the last year, the issue of data security has been thrust into the spotlight, first Julian Assange, then Edward Snowden, followed by Heartbleed and now Shell Shock. It is a vicious cycle between releasing new software and fixing the inevitable problems.
Companies including Facebook, Microsoft, NBC, Evernote and Twitter were targeted by hackers in 2013 alone. Google is not immune to hacking attempts either. On most of these instances no private data has been stolen, but IT related security has become a very real worry for businesses.
The last 20 years has seen a move towards mass digital file storage as well as connecting internal company networks to the internet. This has created a substantial threat to the reliability of companies’ private data, regardless of the company’s size.
Some suggest that there are strong similarities between the evolution of security for online data protection and the development of aviation. What I mean by that is that in both industries things are learnt and improved upon with every accident or mishap. In the case of Heartbleed, developers were working on a new version of the flawed OpenSSL code before it became a big problem.
Companies do not realise that the risk of their data being exposed accidentally or otherwise, can be greatly reduced by using technologies available today. Companies can ensure that their data is being kept as secure as possible with a few simple tweaks to their data security and management strategy. Installing an alarm after your house had been broken into will not help recover your stolen items. Trying to prevent the problem from happening is a better approach regarding the security of your home and private data.
Use Secure Software
Many customers sign up to Software as a Service (SaaS) cloud services without guaranteeing that their data will be protected by the highest security standards obtainable. Businesses should ask their software providers about the security they include. The functionality of software is important. However, data protection should not be compromised just because the software does everything else you require.
Companies requiring enhanced and robust security should work towards obtaining ISO:27001 accreditation and other security certificates, which cover staff as well as secure data facilities. Receiving third party endorsement for your security can also be important to demonstrate that you are committed to helping keep extremely sensitive private data secure and reassure your customers.
Train Your Staff
It is still vital to ensure that staff are well trained in best practice when it comes to data security, even though a recent report suggests that employees are a company’s biggest security threat could be overstated. According to the report, 39% of IT professionals have dealt with a situation where an employee has accessed network resources without authorisation. However, is this the employees fault for snooping or the IT departments fault for not securing the network properly?
IT departments must do more to support their employee by providing the training for the technology that allows them to do their job, from anywhere. Research shows that 81% access work while travelling. It goes on to suggest that 72% rely on unauthorised, unsecure file sharing software. Employees need to know the potential security risks of doing this. Companies must also do more by providing employees with secure, easy-to-use environments in which to share files and other data.
Data Storage Awareness
Too many companies do not know where their data is being stored. That is not good enough and here is the main reason why. Data being stored in the EU is protected by the Data Protection Directive. There are no similar data protection laws in countries outside the EU. Surprisingly, 99% of cloud service providers either do not use enterprise grade security or store their data elsewhere, usually the US, Russia or China, where data privacy laws are not as strict.
If companies are serious about securing their data they should ask their service providers two questions:
- Do you offer enterprise grade security?
- Will our data be stored in the EU?
If the answer to either of these questions is “NO”, keep shopping around. Data security is an issue that does not look like being resolved any time soon.