The beginning of the New Year is a time when many companies consider the most pressing issues they have to solve in the upcoming year. With 2017 turning out to be one of the most taxing years for data security in memory, 2018 will be the year when companies will have to fight back by building up better defenses against breaches and leaks. Whether out of their own concern or obligated by new legislations, businesses’ New Year resolutions should feature data protection at their core.
Here are our top picks for what companies should be focusing on when it comes to data loss prevention in the New Year:
1. Become GDPR compliant
This point should come as no surprise to any business dealing with customers located in Europe. The EU’s General Data Protection Regulation (GDPR) will come into full force on 25 May 2018 and companies that will not align its policies to the new legislation’s strict regulations may find themselves at risk of incurring hefty fines. The GDPR states that businesses that suffer breaches or are found to be infringing on its core principles of privacy by design and by default can be fined up to 4% of their annual global turnover or €20 Million, whichever is greater.
According to a survey conducted recently by SAS, only 45% of their respondents said that their organizations have a structured plan in place to ensure GDPR compliance. 58% did not fully understand the consequences of noncompliance.
There is an air of uncertainty floating around how the GDPR will be implemented in practical terms and despite the Article 29 Working Party continually issuing opinions and advice on the matter, things will most likely only become clear once the regulation will be implemented. It is therefore best to be prepared to avoid any unpleasant surprises in the New Year.
2. Boost data security
2017 was a year of unprecedented data leaks and thefts. Cyberattacks have become a common staple of everyday news and it seems no company, no matter how big or small is safe from the clutches of cybercriminals looking for a payday. It is therefore imperative for businesses to invest in keeping their data secure.
Cybersecurity budgets have been kept notoriously low as companies prioritized other investments over data security. However, with the rise of the number of both cyberattacks and data protection legislations, businesses need to re-evaluate their stand and make data security a prime concern, both financially and in the design of its products and services.
3. Guard against employee negligence
While a lot of data breaches occur due to malicious outsiders, a large portion of data is leaked because of internal negligence. Due to the volume of data companies process, human error is a recurring factor in data leaks. Use of unauthorized third party sharing services, forgotten USBs, sensitive data made public by accident are only some of the security incidents that have plagued organizations from government bodies to big corporations and small businesses in the last year.
Luckily, data loss prevention solutions such as Endpoint Protector, can support companies in keeping their data secure from leaks by implementing company wide policies that prevent sensitive data from being shared outside company networks or encrypting it when it is copied to USB drives.
4. Train your employees
It is important that all employees learn what sensitive data means in the context of their day to day tasks and the company they work for. They must understand the potential harm that can be caused by unintentional leaks and the fines the company can face if sensitive data is found to be vulnerable.
Better informed of company-wide data protection policies and how they can be implemented, employees can become more aware of their role in the chain of data processing and more cautious in their actions, thus reducing the chances of potential leaks.
5. Build an incident response plan
In case of data breaches, companies need to be able to act fast and contain the impact of an attack once it’s been detected. For this to be done quickly and effectively, an incident response plan is essential.
Considering the number of cyberattacks taking place on a daily basis, data breaches have become more a question of when rather than if they will happen. Companies therefore need to be prepared in advance with a response plan that will be easy to implement and help them discover the size of a breach, its source and how it came about. This way, they can not only minimize data loss but also prove to Data Protection Agencies that they have responded to the breach efficiently.
2018 is shaping up to be the year when companies will take a stand against the relentless tidal wave of cyberattacks that have plagued them in 2017. Through new legislations and organizations’ increasing awareness of the need for data security, sensitive data will be more fortified against breaches and cybersecurity experts will face off against attackers on more equal footing. However, given the ingenuity of cybercriminals, companies must remain vigilant and ensure that they are always ready to react whenever a threat is discovered.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.