With Data Privacy Day coming up, we spoke to cybersecurity industry experts about the latest data privacy trends…
Allon Mureinik, senior manager, software engineering at the Synopsys Software Integrity Group:
“In today’s world of social media and open-source development, sharing seems to be the social norm. After all, we were all taught that sharing is caring. This is true not only for individuals but for companies too – whether intentionally on their social media accounts and company websites or unintentionally by the actions of their employees, companies might share more than they ought to.
In a world where information is the hottest commodity and any small sliver of data could be used by a competitor or even an unlawful attacker, companies would be well advised to prioritise the protection of their and their employees’ data.
The first step in any such effort is defining a set of policies about what can be shared, how it can be shared, and by whom. These policies should cover both the actions of the company’s employees (e.g., defining what work-related aspects can be shared on social media) and the technical measures taken to support these policies (e.g., blocking social media sites on work-issued laptops). While it may be compelling to create a “share nothing, hide everything” policy, this often isn’t advisable, or even possible. Any such policy should assess the risk any data exposure would create and weigh it against the potential benefit.
Second, having such a policy in place is all but useless if it isn’t shared with the employees, and training isn’t offered so they understand their role in protecting the company’s (and their own!) private data. The important part of this training isn’t just memorising rules and regulations, but having the employees truly understand the intent behind them, and what they are supposed to achieve.”
Eric Schwake, Director of Cybersecurity Strategy at Salt Security says:
“Data Privacy Day allows organizations of all sizes to reflect on their critical data and assess ways to ensure its safety and security. Customers and internal stakeholders trust organizations with their data, but the digital transformation has exposed it to more significant threats. As APIs are now touching this data more than ever, it’s essential to understand how they utilize it and promptly identify any potential risks. When considering data privacy, it’s crucial to consider the people, processes, and policies involved and leverage tools like the Salt Security platform.
Here are some tips for robust data privacy and security:
- Understand your APIs: Have processes in place to understand APIs used in your environment, including what data they access. Knowing this will allow you to apply policy governance rules to API’s across your organization.
- Embrace Access Control: Implement strong authentication and authorization protocols to ensure only authorized applications and users can access data. Use multi-factor authentication, API keys, and granular access controls.
- Encryption is Everything: Encrypt data at rest and in transit, rendering it useless to any unauthorized eyes that might intercept it.
- Vulnerability Vigilance: Regularly scan your APIs for vulnerabilities and patch them promptly. Proactive monitoring is vital to staying ahead of evolving threats.
- Transparency Matters: Open communication is vital. Clearly document your API usage policies and data privacy practices. Let users know what data you collect, why, and how they can control its use.
These steps allow organizations to build a robust data privacy ecosystem where APIs become guardians, not vulnerabilities. Commit to securing these digital gateways and ensuring data travels safely in the online world this Data Privacy Day.”
Darren Guccione, CEO and Co-Founder of Keeper Security, says:
“This Data Privacy Day, industry experts may warn about the new and novel ways attackers are violating your privacy and breaching your data. From the threats that come with generative AI to the rise of attacks targeting genealogy companies like 23andMe that hold highly sensitive personal information, it’s certainly clear the tools in a cybercriminal’s arsenal are growing more sophisticated. But the fundamental rules of protecting oneself in the digital landscape remain as relevant as ever. Basic cybersecurity measures, such as creating strong and unique passwords, enabling multi-factor authentication and keeping software up to date, are frequently overlooked. A recent study by Keeper found a quarter of IT leaders confessed that they even use their pet’s name as a password!
Take the following steps to proactively protect yourself in the evolving digital world:
- Use strong, unique passwords for every account
- Enable multi-factor authentication
- Regularly update software
- Employ strict privacy settings on apps and browsers
- Avoid oversharing on social media
- Back up your important data
Before finding yourself overwhelmed by all the ways cybercriminals can attack you, sit down and consider these basic cybersecurity measures and whether you are following them. Number one is critical, but difficult to achieve using just your memory, so consider using a password manager to safely and securely store and manage passwords. By taking these proactive steps, you can significantly strengthen your data privacy and reduce the risk of falling victim to both current and evolving cyber threats.”
Bhagwat Swaroop, President, Digital Security Solutions at Entrust, says:
“Data Privacy Week is a great reminder for organizations that privacy is personal. The so-called conflict between “seamless user experience” and security is over — the only answer is that security has to be welcomed as part of the experience. Breaches affect our livelihoods, reputations, and families, so a little friction is a feature, not a bug.
Challenges are rising. Even the most highly-trained security professionals may miss increasingly realistic AI-generated phishing scams. Phishing resistant MFA technology is critical because it requires more authentication than just a click or a compromised password to put you at risk. And phishing resistant MFA is a good foundation for implementing Zero Trust principles. Win-win solutions are here today so that organizations can offer the kind of user experiences people really want – fast, easy, and secure. ”
Steve Bradford, Senior Vice President EMEA, SailPoint says:
“Organisations need to get on the front foot with protecting their data – not wait to be led by government regulation or red tape. As more data is created, the attack surface grows.
“Ahead of regulation like NIS2 later this year, UK companies are making headway, but three-quarters still need to complete preparations to better protect themselves and their customers. As the threat landscape grows more sophisticated, the stakes have never been higher. The operational downtime, reputational damage, customer loss, and system restoration that follow any data breach can come at a huge cost for businesses. Protecting sensitive information and ensuring access is granted only to those who absolutely need it is essential.”