Security resolutions all businesses need to stick to in 2016
There are a few crucial changes businesses will need to make to their security procedures this year if they want to stay competitive
The New Year brings with it a chance for a fresh start. Many use this time of year as an excuse to create some New Year’s resolutions that they vow to stick to for twelve months - more often than not faltering by January 31st.
If this past year has taught IT departments anything, it’s that improving data security needs to be their number one resolution. We’ve seen business such as TalkTalk and Vodafone learn the hard way the harm a data breach can cause.
While a broken resolution may be forgivable on a personal level, the same cannot be said for businesses - and the need to stick by resolutions is of paramount importance. With tougher data regulations due to come into force, businesses have to prioritise data security in their New Year’s resolutions.
Be more responsive: Most organisations now accept the inevitability of suffering a data breach, as highlighted by recent research from Quocirca.
This means greater emphasis has to be placed on detecting and responding to breaches as soon as they’ve occurred. It can take organisations up to 200 days to detect a data breach, which is simply unacceptable.
Upcoming regulatory changes such as the European Union’s General Data Protection Regulation (EU GDPR) take into account the time taken to respond to a breach, making it imperative that organisations budget for, and incorporate strategies to improve response time.
Comply with the EU GDPR: The European Union has recently confirmed that organisations can be fined up to four per cent of global turnover once the EU GDPR comes into force.
Given the stricter compliance and notification requirements of this upcoming regulation, it means security must be a priority for the board in 2016 if the business is to avoid hefty fines.
What’s more, for larger businesses this fine has the potential to be even larger than the £500,000 maximum penalty the UK’s Information Commissioner’s Office can impose under the Data Protection Act.
Deploy more intelligent data analytics: Security infrastructure has been evolving away from the concept of a single solution. Organisations are now expanding their security beyond encryption or anti-virus software, using multiple types of protection at once.
Each of these deployed solutions generates critical data that can help organisations better understand the threats they face. In 2016 and beyond, the use of security incident and event management (SIEM) integration will help organisations analyse large groups of data sets in a more holistic context.
Leveraging advanced analytics in this way could prove to be critical in understanding an attack’s origins and behaviour patterns.
Remember that all data is sensitive: In 2016 we expect to see a continued rise in data breaches that go beyond the direct targeting of credit card or financial information. For example, in 2015 sensitive information relating to US government employees was stolen from the Office of Personnel Management (OPM).
Another example was the breach of the Ashley Madison dating website, which had huge social ramifications. With this in mind, businesses need to make sure that they treat all data sensitively to avoid such a colossal fall out.
Be aware of the generational divide: Last year Absolute conducted research among employees who use an employer-owned device for work. The results of the survey provided insight into employee attitudes toward IT security and their use of corporate-owned mobile devices.
According to the survey, Millennials prove to be a greater risk to data security compared to other user age categories. The research demonstrates clear differences in generational behaviour and associated data security risks.
Businesses need to ensure they have adequate training schemes and policies so that employees of all generations understand the importance of data security.
Don’t halt innovation: Data breaches are moving up the boardroom agenda. But every time a data loss story hits the headlines, there is a danger of knee-jerk corporate reaction. Draconian security policies, such as stopping employees accessing work data through mobile devices, can cripple an organisation’s productivity.
However, if a business wants to encourage innovation and maintain its competitive edge, it needs to take a mature approach to data. Curtailing data-centric projects out of fear of a data breach is not a long term solution.
2016 looks set to be another challenging year for business and IT leaders. With the increasingly unforgiving nature of customers, and more stringent regulation coming into force, new processes must be put into place and stuck to.
Unlike the lack of commitment that most New Year’s resolutions are met with, businesses cannot afford to be so lax in 2016.