Dominik Samoicuk, Head of Security at Future Processing
In an increasingly digital world, business operations are sometimes exclusively online, therefore keeping data secure and reducing potential breaches are more important than ever. From making more informed decisions to finding new customers, organisations are using data to improve efficiency and output across every level of their business. However, with increased reliance, companies become more vulnerable to the threat of data breaches from malware, ransomware, information threats and phishing attacks.
Worldwide there is great variation in data privacy laws, with Iceland expected to have some of the strictest in the world, and the US having no single piece of legislation that covers all bases in data protection and security. When the EU introduced GDPR legislation in 2016, businesses across Europe had to adhere to stricter data protection laws and guidelines with real-world consequences when breaches and carelessness were taken within company databases. Sanctions many companies face include temporary or permanent bans on data processing and even erasure of said sensitive data.
The challenges businesses face in an evolving digital world
Over 41 million users were exposed worldwide to data breaches in 2023, resulting in substantial financial losses, and damaged brand perception. In response, organisations must implement security measures to protect information from malicious intent. This data governance protects information and business reputation, customer trust, ensures legal compliance and avoids financial losses.
In 2023, 82% of all data breaches involved the Cloud. Significantly, this impacts a wide variety of organisations. With few using a singular in-house data storage method, most companies rely on the Cloud to process and store data, whether that be through hybrid or full adoption. As this is of high vulnerability, it can impact a business’s decision making and as a result can leave thousands of users’ data vulnerable to attacks if not carefully monitored and regulated.
As most critical services have a strong online presence, extreme care must be taken when developing an online data storage architecture. As such, businesses should only move transition services online when they are sure that data can be migrated with no potential breaches or vulnerabilities which can prove a very costly process.
It is estimated that hackers attempt an attack every 39 seconds using a variety of methods ranging from malware to ransomware. Hackers and bad actors are often interested in taking or leaking data for any number of reasons, including politics, finance, or even under the guise of ethicality – their reasons may have no impact, but once an organisation’s data is breached, there is no going back.
Encryption and visibility
Implementing data security measures is perhaps one of the most important elements an organisation handling any form of data should consider. Data is most commonly breached through ransomware, phishing or malware attacks, introduced externally or internally.
An employer has a responsibility to ensure that employee accounts are secure. Rather than relying on the individual to increase security measures on their accounts, an employer should consider requiring specific levels of security. This can include multi-factor authentication methods, biometric authentication or through the use of passkeys. What must be key within all of these services is that employees need to have an adequate level of understanding of how they work, or would require basic cyber security training, given an estimated 95% of data breaches come from human error.
An organisation should also be aware of how important the backup and encryption processes are, especially when migrating to the Cloud. As best practice, an organisation should consider how the use of managed service providers can impact their data security. As a result, an organisation should provide extremely clear instructions on how and when they undertake data migration, encryption or duplication to lessen the chance of human error, and the IT team should always have visibility across all data stored, regardless of whether external parties are used.
Preventing insider threats
Fostering a positive working environment for employees can have hidden impacts on the attitude employees take toward data privacy. A positive culture can significantly reduce the occurrences where disgruntled employees leverage their, current or past, proximity to the organisation to create deliberate security vulnerabilities or provide access to unauthorised users. In fact, this issue is on the rise, with 67% of companies experiencing 21-40 insider incidents in 2022, up by 7% from 2020 – this number is expected to continue to rise in the future.
In addition to insider threats, human error is a major player in data loss and breaches. The lack of security requirements for employees’ passwords, while becoming less common, is still a raging issue. Multi-factor authentication, passkeys and biometric data are all used to develop stronger and less ‘hackable’ employee profiles – but these require further training and implementation – the responsibility is on the employer. In the legal sector alone, 60% of data breaches were caused by insiders, whether intentionally or unintentionally signalling a lack of training or lack of sensitivity toward employee impact.
Securing the future
While securing data is incredibly important, first understanding the data you are storing before you employ security measures is of critical importance. Data governance plays a fundamental role in managing consequential data and many Cloud users lack meaningful organisation and understanding of their data – hindering effective utilisation and security. By undertaking this an organisation’s SEO efforts can be boosted.
Securing data in the modern landscape is incredibly important for all users and employees, and for a company’s legality. As data regulations increase, legal responsibilities with the threat of fines and other legal consequences to keep data safe now lie on an organisation’s shoulders and this shouldn’t just fall onto one individual, rather a company that prioritises employee training across departments has the highest chance of success of staying compliant in the modern landscape.
