The digital age we live in has heightened the need for data protection, for businesses and individuals alike.
Businesses are operating in a highly digitalized world. Digitalization has helped make internal operations smoother and faster as well as enhancing the delivery of services to customers, but at the same time the risk of data breaches has increased.
Data breaches are critical issues for businesses to handle, and complex to solve. According to Deloitte’s “Data breaches and incident response” report, the biggest reason for businesses to fear breaches is because of the amount of sensitive information such as intellectual property, product specifications, manufacturing techniques, or Personally Identifiable Information (PII), that may be exposed.
Likewise, the response is complex because it can involve the specific needs of multiple stakeholders in your organization. These stakeholders, such as business operations, IT, Legal and Human Resources all have a contribution to make to the incident response.
It is crucial for businesses to assess how well their data is protected and to have strong network security measures in place, emphasized John Yang, Vice President, Asia Pacific and Japan, Progress.
CybersecAsia sought out more insights from him concerning how a proper incident response program should be implemented with a multi-faceted approach and unified coordination:
Do businesses have their data protected well enough?
Yang: The digital age we live in has heightened the need for data protection. The APAC region is seeing an increase in cybercrime, including ransomware attacks and actions by malicious insiders. This is due to the increasing internet connectivity, the growth of the digital economy, and the shift to remote working combined with insufficient cybersecurity investment and low awareness.
In addition, businesses must ensure their customers feel safe and secure. In today’s economy, this sense of security has become a key part of customer experience. Consumers have also become more wary about where and how their data is used and how it is protected.
The trend seen is that companies are adapting to the digital era, but they are still not fully equipped or trained to protect the amount of data they are handling. Although organisations tend to believe their networks and systems are secure, this is not always the case as we have seen with the various breaches across various industries in the region. The deployment of data protection measures also should not be treated as a once-only, finite process. It is a continual process and businesses must dedicate the necessary resources to ensure the security of their customers and their operations. Hackers are constantly developing new ways to target businesses, and unless organisations stay one step ahead of cyber criminals they will always be at risk.
How can we ensure that large companies do not mishandle customer confidential information?
Yang: As firms become larger, it becomes almost impossible for them to fully control how all their data is handled. Most employees use shared documents in the cloud, and e-mails to send various files within the firm. Such services are not secure enough for sensitive data. As a result, companies are trying to figure out a more secure way of sharing files, but it can be very expensive to develop and switch to more secure systems.
Companies should ensure their IT department has a cybersecurity specialist on their team, who can help prioritise data protection and implement easy and secure ways of sending files within the firm. When companies have their own functional IT system with multi-factor authorisation to send files, they will have better control of personal data.
Employees must use their business and personal accounts separately. Too often employees use their personal accounts for business tasks, which brings the firm into even more risk.
Technologies and solutions are available to consolidate all file transfer activities into one easy to use system, allowing for management control over all the processes in the entire business. It also allows secure access control with Multi-Factor Authentication (MFA), securely share folders for simplified collaboration, and most importantly it allows you to achieve compliance with data privacy laws and regulations.
How can business better handle data protection?
Yang: The growing number of data protection regulations also include the requirement to identify and report data breaches, and financial penalties have become extremely severe. If your company is breached, it is a major problem.
Here are some ways business can better handle data protection:
- You need a detailed protection plan for your data assets. This requires commitment by the board and a thorough audit, the implementation of best practices and training of all employees.
- Implement a discovery process. Companies must know what data they possess, where it is held, and how it is protected. Is sensitive data stored in the right place? Who should have access to it, and who should not?
- Implement best practices – Once you have a plan, and know where the secrets lie, you need to implement best practices. These include a mixture of general access permissions, conditional access rules to take account of risk-based attributes for each access session, and multi-factor authentication when necessary. Protection for back-ups is also essential.
- Adhere to the best practice of encryption, that means adopting solutions with strong and easy to use encryption. Such solutions encrypt data in ways that maintain data format and integrity so that it can be used in its protected state without requiring decryption.
- Pay attention to external file transfers. Sending of files can be seen as a simple process but by default, all files sent outside of the company should be handled in a secure and trackable way. Many companies try and secure external data transfers using file sharing solutions they believe to be secure, or even FTP (File Transfer Protocol) systems. None of these offer the security needed to cater to the rising regulatory demands. By using solutions such as MOVEit Managed File Transfer, your end-users can stop relying on insecure methods to share your company’s most precious and regulated information.