The changing world of data protection
Businesses have never before been so accountable for the use, storing and handling of data. As highlighted by the Cambridge Analytica data misuse scandal, there is in intense focus currently on data privacy, data security and the responsibility of protecting one’s digital identity. This is according to Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa.
And now with GDPR in force and PoPIA compliance looming, there is understandably even more demand from both consumers and businesses to manage personal data with the sensitivity and respect that it is entitled to.
It is a complex process to fully understand exactly what data you have, where it is stored and then find the best security systems to protect it. In a cloud-first, mobile-centric environment, businesses require a flexible and adaptive approach – fixed perimeter security no longer works.
This adaptive approach needs to also cover threats from a range of different sources. It’s not enough to just worry about external threats – you need to protect data from all sides and as cybercriminals continue to adapt to security techniques, you need to consider that the threat could be coming from within your organisation.
Even with all your perimeter defences, the enemy could still have access to the place where compromise is easiest and where it matters most: inside the network.
Threats from inside a network, however, are driven by a range of different intentions: there could be an external attacker that has compromised the security of the enterprise, who is lurking and operating inside your network using authorised credentials, or someone who’s actually permitted to be inside your network but with malicious intent. Or it could be an authorised user making a simple mistake.
Mitigating against these types of threat is difficult but one way to do it is to introduce a carefully crafted workplace monitoring programmes. These are built to keep your data safe, but must be introduced transparently.
It is critical that employees fully understand and are aware of how the programme works. Balancing human behaviour against behaviour analytics is a complex process but, as we’ll discuss below, its long-term benefits are key for both the organisation and the employee
Educate, trust, inspire
Cybersecurity vendors, privacy groups and businesses themselves have a huge opportunity to educate consumers and employees on the role that they play in protecting their data and what might happen if individuals with malicious intent manage to take hold of their information.
But, what does this education look like? In order to make a real difference, any education tools need to engage, inspire and be ingrained in a company’s culture, going beyond just basic instructions.
Thankfully, workplace safety culture has evolved from the lengthy dry health and safety videos of the past. Here at Forcepoint, we’re working with Ataata for our internal cybersecurity training. These humorous videos cut through the security inertia which can set in if employees are required to click through screen after screen of training information.
By prioritising educating individuals on the impact of their behaviour and inspiring them to think carefully about their behaviours, rhythms and patterns of data movements, employers and their staff can become stewards of their own data, entering into a partnership and helping to mitigate the increasing risk of threats.
Workplace monitoring is a phrase that instantly drives fear into the hearts of many employees. However, in the wake of recent high profile cyber breaches from the likes of Liberty, it is important that businesses have the processes and solutions in place to not only protect their customers, but also employees and their brand as whole.
This is where workplace monitoring can play a key role – not as a threat to privacy, but a force of good in the fight for data protection. While the vast majority of employees want to do the right thing and have the best interests of their co-workers at heart, it has become painfully obvious that traditional security tools are failing to provide contextual information about malicious attackers – the “why” behind the what.
Without this context, incidents cannot be properly examined and dealt with. In an era where breaches are common, and data is the new currency, both companies and employees can derive real benefit by understanding who is accessing data and whether that behaviour is putting the data at risk.
Whether it’s successfully identifying a malicious user or protecting an employee’s own personal ID and reputation, workplace monitoring is here to stay and a vital tool for cybersecurity professionals.
There is no denying that people’s attitudes and understanding of data privacy, cybersecurity and data protection are evolving and changing at rapid pace.
While cybercriminals will inevitably find stealing data far more difficult, the threat remains. It would be naïve to think that hackers will not evolve, and become adept at thwarting the current security protections.
Forcepoint believes that by adopting a risk adaptive model coupled with a human centric approach to cybersecurity, businesses will be better able to defend against any potential threat. By focusing on the human, we can deliver individualised cybersecurity that is adaptive based on behaviours. Furthermore, with a better understanding of each person’s intent, we can give the context needed to make informed decisions and improve the efficiency of the protective solutions.
With these right processes in place and a culture of trust and transparency, companies can ensure that people are taking real ownership of their data and an active role in protecting their digital selves.
In doing so, we are on the way to becoming stewards of our own data and fundamentally becoming accountable for our own digital footprint. Only then will be able to build a culture where breaches are a rarity – not regularity.
Caption: Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa, says businesses have never before been so accountable for the use, storing and handling of data.