Last year was not a good year for data protection – but it did teach several valuable lessons. The most noteworthy being that the current measures of protecting data are woefully inadequate.
Seeing as conventional data protection isn’t cutting it, if you want to protect your data you need to look to some of the ‘secrets’ that can be gleaned from the events of 2018. From them it appears that there are five things that will matter most if you want to protect your data in 2019:
1. Priority and board-level access for the CISO
The role of the CISO (Chief Information Security Officer) has been much debated, but one thing is clear: More priority must be provided to them. That lesson was illustrated when Facebook’s executives failed to heed the warning from their CISO that could have helped prevent (or at least manage) the Russia-linked activity on their site.
Suffice to the role of the CISO needs to be expanded in 2019 to give them more access and allow them to influence decisions that can affect data protection.
2. Compliance with data privacy and protection regulations
Due to the many data breaches that have taken place over the years, calls for increased regulation of data privacy have increased. The EU has responded with their General Data Protection Regulation (GDPR) and Apple’s own CEO Tim Cook has publically called for GDPR-like regulation in the U.S.
Compliance to any new and existing regulations is a good starting point for data protection in 2019.
3. Measures to stem insider threats
Protecting against external threats is all well and good, but events of the last years clearly show that a significant number of data breaches are caused by insider threats. Measures need to be implemented to stem such threats, and the best option seems to be to use employee monitoring software such as WorkExaminer to provide oversight and monitoring of any sensitive data.
4. Training and oversight for all privileged users
The oversight that WorkExaminer can provide should extend to the activities of all users with privileges to access data. That includes not only employees, but third-party vendors and anyone with network-level access.
By tracking activity at a user level with WorkExaminer and monitoring internet and computer usage, potential threats can be identified early. Training in data security can help too – and will be an excellent way to explain the monitoring that is being carried out.
5. Automated security measures
Expecting to manually spot risks is not very feasible. For employee monitoring software such as WorkExaminer to be effective it needs to have automated security measures. That can be customized in the software itself, and reports can be configured to provide easy access to relevant data.
The key is to be proactive and handle each of the five things outlined above as part of your data security preparation for the year. A good place to start is by becoming more familiar with WorkExaminer, and the features that it brings to the table to provide oversight and track potential insider threats.