Is data security & privacy gripping you by the heels?

Change is definitely in the air. Never before have we seen such a high rate of change in the threat landscape and often, we find ourselves being held at ransom when it comes to responding.

There are more entry points for threats than ever before and the level of threat sophistication is also increasing. All this means that the chances of our data getting leaked are higher.

In an attempt to further promote compliance with the Australian Security Act, the Notifiable Data Breach (NDB) bill will commence on 22 February 2018. We gave a quick snapshot in our earlier blog, but perhaps the next question is: Where do we go from here?

If data security and privacy are gripping you by the heel, it's probably time to look at leveraging your people, process and technology elements cohesively to protect your organisation against security threats and/or data leaks.

The people element

In today’s highly connected world, it would be unfathomable to think that all security threats can be managed by technology alone. It is no secret that humans are often the weakest link in the scheme of things.

Think about it: Your data could be leaked if someone knowingly or unknowingly transfer customers’ personal information from one source to another using a USB stick. Data residing in devices could also be lost should your corporate equipment, for example, laptop or phone is misplaced.

It is also not uncommon to hear that cyber attackers target their efforts at internal IT teams with skillfully crafted emails to phish for logins, passwords to illegally gain access to corporate network or system access.

The process element

Each organisation has its own business and operational processes to support the various functions, service delivery and more. Such processes can get more complex as they grow which translates to more possible threat entry points.

Process gaps can be taken advantage of or be manipulated to fit the threat launchers’ objectives. Such attacks are possible because many of our employees may simply be going through the day-in, day-out motions of processes, trusting policies that have always worked and are expected to continue working without any problems.

As more business processes are automated, in an attempt to optimise workflow and resource utilisation, it becomes imperative to embed sound information security management practices and awareness into them.

The technology element

Organisations tend to place their bets on technology to act as the first and last lines of defence again cyber and information security. With more security solution offerings on the table to choose from, it is easy to get confused.

From anti-virus, firewalls, to intrusion prevention, alerts and more, organisations need to understand how each technology will work together in their specific circumstances. Adding SaaS and cloud hosted solutions into the mix adds a new dimension to securing customer data. Not all technologies are created equal, this means that it will benefit the organisation if the technology component is chosen when the organisation has a full view of its needs and requirements and take a balanced technical approach to address them.

Conclusion

Information and cyber security risks can take many forms and shapes. By investing in the right people, processes, and technology, organisations can mitigate some of the most persistent threats facing them today.