After a year of major data breaches, culminating in the massive Sony hack that saw everything from confidential salary and bonus information to embarrassing emails between executives and business partners dumped online for all to see, expect government and regulatory bodies to respond with stricter data privacy and data security regulations in 2015. For organizations looking to learn from 2014’s breaches and defend themselves from 2015’s, now is the time to prepare.
The SEC, for one, is pushing business credit rating firms to evaluate IT security compliance, underscoring the importance of data security as a critical component of business strategy. It’s not difficult to see why: the financial fallout that major retailers like Target and Home Depot suffered show that data privacy (or lack thereof) can have a large impact on an organization’s bottom line.
Among the areas the SEC wants under tighter control is file sharing. Data privacy can be significantly threatened by a lack of clear, documented, and consistently enforced policies and procedures governing the use and access of resources like shared drives. Malicious insiders can access more sensitive data when it is not effectively restricted, and more avenues exist for hackers to view the data as well. This applies both to local drives inside the corporate perimeter and to cloud-based file sync and share services.
Meanwhile, concern about data privacy in the aftermath of the Sony hack has reached the White House itself. On January 12, President Obama proposed “the first federal standard for data breaches.” The Personal Data Notification and Protection Act would require companies to notify customers whose data has been stolen within 30 days, creating a national standard for breach notifications.
The Sony hack and the breaches preceding have raised the importance of data privacy and data security. The stakes are getting higher as more and more consumer and business data is collected and stored—a natural consequence of our digital era.
In preparation for tighter restrictions and requirements on data protection, organizations need to take a look at their overall data security strategy. Can IT and security teams identify the types of data that must be protected? Are solutions like Data Loss Prevention (DLP) in place to prevent them from being improperly disseminated from within? How about encryption and tokenization to prevent data from being intercepted and exposed from without?
On a more basic level, does the organization have an organized data security strategy in the first place? Without an understanding of what needs to be protected and what methods should be implemented, businesses will find themselves running the risk of leaks and breaches as well as running afoul of tightened regulations.
Is your security and compliance strategy up to scratch, even when it comes to the cloud? If not, check out our webinar, “5 Proven Practices to Address Security & Compliance in Cloud Applications Like Salesforce, Google Apps and Office 365,” to improve your data security.