Data Privacy Day: Security experts’ tips for 2022

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. Learn insights and tips from security experts on the front lines.

Multi-colored thumbprints

Image: Lightspring/Shutterstock

Data Privacy Day is Jan. 28. While in theory every day should be Data Privacy Day, having an annual day to focus on promoting these concepts can help build awareness and share useful information. 

In my experience data is best protected by utilizing encryption both for at-rest and in-transit information, multi-factor authentication, strong group- and role-based access permissions and strictly limiting data to company-owned systems that have been locked down to prevent the malicious or unintentional loss or theft of data, such as by blocking the use of flash drives and using data loss prevention software.

SEE: Hiring Kit: Security Analyst (TechRepublic Premium)

I received input from eight industry leaders regarding the focus companies should rely on to keep data private. Here are their insights.

Rajesh Ganesan, vice president of product management at ManageEngine, recommended on-premises applications to keep sensitive data within geographical boundaries and to facilitate better control of business data. He referenced the increased safety and regulatory benefits as well as cost advantages and recommended data protection to be built right from the design stages of all services and operations. 

“Moreover, data protection should be present as a strong, invisible layer; it shouldn’t hamper operations, nor should it require big changes or specialized training. It’s best to educate employees on the do’s and don’ts of data protection in a way that is contextually integrated into their work, as opposed to relying solely on periodic trainings. To do this, leaders should implement alerts in the system that pop up and inform users about any violations to data protection policies the users’ actions are causing. Such alerts help employees learn contextually, and ultimately, this training results in fewer data management errors,” Ganesan said.

Ricardo Amper, CEO and founder of Incode, cited facial recognition technology as a data privacy concern due to reported mishaps that have made businesses and consumers shy away from digital identity. 

“There are a lot of misconceptions about how facial recognition technology is currently used. However, despite the reported privacy mishaps and concerns, there is a true inclination among consumers to embrace this technology. Trust is essential and is often missing when consumers aren’t in the forefront of the conversation around privacy.

The individual must be put first, which means getting their consent. The more an individual feels that they can trust the technology, the more open they will be to using it in additional capacities.”

David Higgins, technical director, CyberArk, referenced the problems with software bots which can have sharing issues therefore requiring companies to better protect the data that these bots access from being exposed. He warned that if bots are configured and coded badly, so they can access more data than they need to, the output might be leaking that data to places where it shouldn’t be.   

“In the U.S. alone, there are several disparate federal and state laws, some of which only regulate specific types of data—like credit or health data, or specific populations—like children. Following the correct regulations stemming from the many different international laws that aim to ensure data privacy, such as GDPR, means that compliance for companies with global operations becomes an extremely complex undertaking,” said Keith Neilson, technical evangelist at Cloudsphere.

Given such complexity it behooves organizations to appoint a data privacy czar or even team to master the organization’s awareness of laws and regulations and ensure compliance.

Neilson stressed the importance of cyber asset management, pointing out that e-enterprises cannot ensure compliance and data security unless all assets are properly known, tagged and mapped in the cloud. It’s also a key priority to understand connections between business services, he said. “This includes identifying misconfigurations and automatically prioritizing risks to improve overall security posture, allowing for real-time visibility and management of all sensitive data.” 

Rob Price, principal expert solution consultant at Snow Software, touched on the significance of the dual concepts of data retention and recovery:

“When it comes to data protection, organizations need to understand what they are legally obligated to do. This is especially true when it comes to data retention, as organizations need to understand how long they must keep data. Once their data retention period ends, organizations should get rid of excess data they no longer need because it quickly becomes a liability as well an unneeded expense.”

Price said it’s a common misconception to think that offsite or cloud-based data is not your problem to secure. He cited two fundamental factors for data protection and security: the recovery point objective (how old data can be when you recover it) and the recovery time objective (how quickly you can recover the data). 

Bojan Simic, CEO and CTO of MFA cybersecurity company HYPR, talked about the threat of ransomware attacks to data privacy. He advised disconnecting impacted computers from the network to keep data from being seized and malware from spreading. It’s also crucial for end users to work with their IT departments to fully investigate (with help from law enforcement and a professional incident response firm) and remediate the attack, he warned.

Furthermore, he pointed out the risk to business reputation and finances in terms of notifying customers of a data breach and possibly providing them with services that help protect them beyond that. 

SEE: SMB security pack: Policies to protect your business (TechRepublic Premium)

Lewis Carr, senior director of product marketing at Actian, followed suit in discussing ransomware trends for 2021 and beyond.

“2021 was one of the worst years for cybersecurity ransomware attacks to date. The threat will only grow in the upcoming year as attackers become emboldened by their success and the lack of adequate responses against them. However, data privacy will be driven by changing perceptions of how important it is for public and private sector organizations to safeguard personal data and what exactly is considered ‘personal data.’ The need to protect personal data and information will impact where and how data is stored, integrated and analyzed in accordance with an expanding set of data privacy regulations, balanced against the need to better understand consumers, citizens, patients and employees working remotely,” Carr said.

Carr foresees that 2022 will offer more granular personal information and data sharing options as to how we control them—on our devices and in the cloud—specific to each company, school or government agency. He also predicts that companies will start to get some visibility into and control over how our data is shared between organizations without us involved.

“Companies and public sector organizations will begin to pivot away from the binary options (opt-in or opt-out) tied to a lengthy legal letter that no one will read and will instead provide the data management and cybersecurity platforms with granular permission to parts of your personal data, such as where it’s stored, for how long, and under what circumstances it can be used. You can also expect new service companies to sprout up that will offer intermediary support to monitor and manage your data privacy,” he said.

Rina Shainski, chair and co-founder of Dualiy Technologies, pointed out that two key questions to ask on Data Privacy Day are “How can we increase the business community’s understanding that privacy is a necessity for enterprises both large and small?” and “What will incentivize businesses to proactively integrate data privacy protection into their day-to-day operations?” 

Pointing to the risks of collaboration on sensitive data, both within and between enterprises,Shainski discussed the growing ability of privacy-enhancing technologies to operate at scale across a wide variety of use cases. “This enables this collaboration to be done in a manner that not only generates value, but also preserves the privacy and confidentiality of that sensitive data, increasing consumers’ confidence that their data is not being misused while maintaining compliance with growing privacy regulations,” she said.

PETs allow sensitive data to be analyzed without exposing the protected data itself, she explained, which supports enterprises in their quest to extract value from the sensitive data that they curate, protect and manage. 

Shainski also stressed the consumer side. “Consumers are increasingly aware of their privacy rights and are often reluctant to compromise them, even at the expense of missing out on new services. Businesses today must take this into account when building new digital services if they want to develop trustworthy data-sharing relationships with consumers. In addition, given the expanding scope of data privacy regulations, businesses often need to re-engineer their existing processes in order to guarantee more extensive data privacy protection,” she said. 

Shainski added that data privacy regulators are showing strong acceptance towards PETs as appropriate technological means to be used by regulated organizations when implementing data-collaboration processes and added that satisfying regulators’ demands and bolstering public trust will help business leaders to benefit from privacy-enhancement of their processes.

Also see

Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma