sb-eu logo
Story image

Data Protection Day finally gaining deserved recognition

26 Jan 2019

Article by KCOM information security consultant David Francis 

Data Protection Day falls on Monday 28th January this year. In previous years, this day has been overlooked. However, in 2019, we’re finally starting to see people and businesses give it the recognition it deserves.

So why is data protection so important in 2019? Last year we saw some immense upsets, from the BA data breach to the Cambridge Analytica scandal. The range of consumer-facing breaches in 2018 have truly proved that cyber security is the last line of defence for personal security. In addition, since the last Data Protection Day, we have seen the introduction of the GDPR.

The first question you should ask yourself today is: Do you know when you’ve been attacked?

It takes companies an average of 206 days to discover a breach, so the answer is ‘probably not.’ And the threat doesn’t just have to be external: you could have sleeper agents placing time bombs in advance. They don't necessarily need to be onsite at the crucial moment.

It could be a developer with a grudge placing a time bomb in the system to erase crucial intellectual property, or even an outgoing executive quietly deleting things in the background. If done quietly over a period of time, you could lose your backups as well, with no way of tracing the culprit. This is in addition to the huge GDPR fines you would face. Companies need to have measures in place to track data movement to prevent this kind of insider threat.

The next question to ask yourself today is whether you have been paying attention to the news around GDPR.

If 2018 was the year of compliance, 2019 will be the year of retribution for everyone’s favourite data privacy regulation. The period of grace is drawing to a close, and we’re already seeing the ICO taking its first high-profile scalp over treatment of personally identifiable information, with Google being the first to fall in France.

This has set the precedent by which all further cases are judged – letting companies know along the way just how strictly enforced the rules are going to be, and how heavy the fines. Now is the time to check your compliance levels.

If 2019 is anything like 2018, consumers are in the firing line. With these scenarios in mind, on Data Protection Day, it’s time to re-evaluate your security plans and consider: Does this plan put the customer first? Is your security system tracking insider threats? Are you aware of which employees have access to what data? Are you GDPR compliant?

If your organisation can safely answer yes to all these questions, congratulations, you have had a successful Data Protection Day. However, that doesn’t mean it’s time to stop evaluating your systems, in today’s security landscape, you can never be too safe.

Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Misinformation on the rise, organisations consider how best to respond
The increase in misinformation and fake domains have left organisations perceiving the threat level to be ‘very significant’, with a third planning greater emphasis on their ability to respond in coming months.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More