The Critic’s View: Data Privacy Day / Data Protection Day

With high-profile cyber-attacks seemingly occurring every week, it’s no secret that people need to start taking better care of their data. With this in mind, this week saw both International Data Privacy Day and Data Protection Day, two initiatives aimed at raising awareness of staying safe online.

But what do our industry experts make of the occasion, and what advice do they offer to the public? TechWeekEurope asked the questions, and here are some of the answers…

Kurt Mueffelmann, President and CEO of Cryptzone

“This year’s Data Protection/Privacy Day is more important than ever. According to a report by the Identity Theft Resource Center, 2014 saw a 24.8 percent increase in reported breaches compared with the previous twelve months. It’s not for a lack of legislation either. While perhaps not perfect, there are strict laws in place to protect data. So what’s going wrong?

“While penalties for failing to comply with legislation is an incentive, in itself compliance is not the silver bullet – PCI DSS is testament to that. Today’s information security landscape is plagued with vulnerabilities that leave companies, and all too often the personal information of individuals, exposed to the potential of a breach.

“Instead, what’s needed is a fresh approach to network and application security that helps to remove some of the gaps, both internal and external, that lead to data leaking out.

“My advice to data protection knowledge seekers is that our 2015 security practices need to take a different approach, as the old ones do not appear to be working. Giving users access to everything is no longer a viable option with malware attacks and other vulnerabilities allowing hackers to gain entry unnoticed. Companies need to layer their defenses to ensure that they limit what users can see once within the walls of the trusted network, based on who they are and other important variables, and then control what they can do with sensitive information.

“This will not only help prevent outside attacks but also mitigate risks created by the more unassuming threat, users themselves.”

Antoine Rizk, VP Go-To-Market Program at Axway

“A reactive approach to security breaches just won’t cut the mustard anymore. In an increasingly connected world, with the Internet of Things moving from buzzword to reality, businesses need to proactively monitor their data flows to prevent costly data breaches. However, many large organisations still wait for something to go wrong before addressing the flaws in their security strategies; a move that backfired in some of the most infamous security breaches of 2014.

“This year, connected devices will not only work their way into our daily lives but also our enterprises. BYOD will quickly evolve into BYOIoT, with employees bringing wearable devices into the work place. For such increased enterprise mobility to open windows of opportunities for businesses, without paving the way for hackers to access private data, security must evolve at the same rate as the devices themselves. Organisations also need to know what data employees are bringing into and taking out of the office to ensure that malicious attacks and conspicuous activity is blocked.”

Phil Zimmerman, co-founder, Silent Circle and Blackphone

“Protecting the privacy of individuals is why I started PGP, and why Mike and I started Silent Circle.  But at Silent Circle we’ve come to realize that protecting individuals at work may be the strongest form of corporate security possible.  That’s what we’re working on, and we hope that you’ll join us.”

“…when I see what happened to Sony recently — the data stored on their servers leaked to the world — my mind goes to that difference between privacy and security.  I’m sure Sony had firewalls and VPNs, intrusion detection and antivirus, policies and procedures — all the usual artifacts of corporate information security.  Those things securely delivered a mountain of information to Sony’s servers, where it was lost all at once.

“When it was lost, the privacy of Sony’s partners and employees went with it.  That’s what corporate privacy is — the privacy of the people in and around the corporation. If we focus on their privacy rather than the corporation’s security maybe we can make better choices.  Many kinds of information don’t need to be stored for long, or at all.  If only participants keep a copy of their correspondence the company can’t lose it.  Imagine how much worse the damage of a security breach would be if companies routinely kept years of recordings of all employees’ phone calls.”

Mark Noctor, director of sales EMEA, Arxan Technologies

“As today marks Data Protection Day and organisations are ensuring the correct security measures are in place, it is important to highlight the increased risks on mobile platforms in the banking and payments sector. We predict that the security risks in the financial sector will be a key threat area for 2015 and with this in mind, it is vital that mobile application security takes priority as bank, payment providers and customers seek to do more on mobile devices.

Data Protection Day is more important than ever, with the app economy in the financial sector rapidly expanding and everything from payment transactions to brokering now occurring on the mobile platform. With mobile banking becoming a main fixture in the financial sector, it is important for application security to be a top priority so that data privacy protections are continuously upheld.”

Chris Babel CEO, TRUSTe

“With the highest number of data breaches on record in 2014, it is hardly surprising that the privacy and security of online data is a big issue in Britain and a growing concern. But with frequent terrorist threats reported on the news it is surprising that so many people consider their personal privacy more important than countering that threat.

Governments tread a fine line between balancing national security and consumer privacy rights; for businesses the stakes are high too. In an increasingly interconnected world, lack of trust can limit growth and strangle innovation as companies are deprived of the data they need to drive sales.

These findings show the scale of the impact as 4 out of 5 British consumers who are concerned about their privacy have modified their online behaviour in the last year meaning less data, fewer clicks and lost sales,. The message is simple: don’t wait for legislation or the next data breach – act now to get your privacy house in order and rebuild trust with your customers.”

Richard Anstey, CTO EMEA, Intralinks

“Many people bring bad security habits from home into business. So educating consumers isn’t just about protecting them, but protecting our economy.

“Telling people to use strong passwords may even be counter-intuitive as it creates a false sense of security which people bring to work. When dealing with very sensitive information, such as IP, people need to know about very secure measures, such as information rights management. Security is about knowing what the danger is and how to deploy the appropriate level of protection.

“If we want a truly data-secure society we need to start by ensuring people know what value their data has, then they can make informed decision about how to secure it.”

Are you a security pro? Try our quiz!