Data privacy has become a much-debated topic worldwide, bringing into question unfettered access to consumers’ data by organizations and forcing Big Tech to go vocal about their plans to safeguard the privacy and security of customer data. However, many businesses are still unsure about privacy rules, privacy-compliant software, data security best practices, and so on. Let’s look at the most common misconceptions concerning data privacy that need to be addressed in 2022.
Data Privacy Day is merely another nudge to companies and people to double-check their security procedures before an attacker breaks in and exploits the flaws. Organizations cannot guarantee compliance or data security until all cloud assets are accurately recognized, tagged, and routed. The first step in cyber asset management should be to figure out what not to do instead of “what to do.â€
To assist enterprises in protecting their data from unwanted and potentially dangerous invaders, Toolbox has compiled a list of the top data privacy myths that need to be debunked to avoid putting crucial corporate or consumer data at risk.
Debunking the Top Data Privacy Myths
Myth 1: Employees constantly have the company’s information security in mind
Many companies have a predisposed belief that their employees are highly vigilant and double-check their emails daily.Â
However, Aleksandr Valentij, the chief information security officer at Surfshark, believes people are the weakest link in the data safety machinery. One good phishing attack is enough to destroy all the security efforts that are imposed.
“The statistics show that 99% of cyberattacks happen because of social engineering or human interaction.†While this topic seems to be everywhere, it is also one of the most widely ignored. That is why it is crucial to invest in educating employees about information security, he said.
See More: Data Privacy Day 2022: 5 Tips To Keep Your Data Safe
Myth 2: Compliance is the primary OKR
Consumer-facing online businesses indeed face an expanding set of regulatory requirements related to data privacy and consent (e.g., GDPROpens a new window , CCPAOpens a new window , LGPDOpens a new window ). “But mere compliance should not be the organization’s primary objective and key result (OKROpens a new window ),†said Derek E. Brink, vice president and research fellow at Aberdeen Strategy & Research.
On the contrary, Brink believes investing in effective, personalized, and friction-free customer experiences – from visiting websites and other digital properties, to actively engaging with products and services of interest, to ultimately making purchases, also integrate the management of data privacy and identity can help online businesses to achieve their strategic OKRs for customer acquisition and retention, revenue and profitability growth, market share, and so on.
“As a bonus, these investments can also help to reduce the total cost of compliance, and minimize the risk of regulatory fines and judgments from non-compliance,†he said.
Myth 3: Big-brand Cloud data safety solutions are undefeatable
We noticed that companies trust famous brand Cloud solutions to be unbreachable. Recent events, such as the SolarWinds cyberattack and Twitter hacking, tell different stories. Hackers can break into any platform, and the current buzz around supply chain attacks confirms that.
“That is why having another layer of security between the cloud and you is worth it. However, it is usually tough to implement in reality. Thousands of companies have given their internal communication security in the hands of 3rd parties, such as Google, Slack, Microsoft Teams or Zoom. This convenience could have severe consequences in the future,†observed Valentij.
“For these reasons, companies should always strive to balance safety and convenience. Unfortunately, the latter tends to be chosen more often. Not only because it is easier to use but also much cheaper than building an in-house operation.â€
What can be done if you ‘sold your soul to the devil’ this way? “Companies should prepare a top-notch DRP (Disaster Recovery Plan), BCP (Business Continuity Plan), and SIRP (Security Incident Response Plan). Plan B should not be just a formality but a real, solid scheme. Ultimately, the perfect scenario should always be a safe middle-ground between Cloud services and critical infrastructure.â€
Myth 4: Automated software can stop breaches occurring due to human error
It’s not just humans that are susceptible to clicking on the wrong link or are perhaps a little too cavalier about what they share about themselves. Software bots have sharing issues too, and this Data Privacy Day, we highlight how we can better protect the data they access from being exposed.
Sumit Srivastava, solutions engineering manager – India at CyberArk, gives his take. He says, “Software bots – little pieces of code that do repetitive tasks – exist in huge numbers in organizations around the world, in banking, government and all other major verticals. The idea behind them is they free up human staff to work on business-critical, cognitive, and creative work but also helping improve efficiency, accuracy, agility, and scalability. They are a major component of digital business.â€
Srivastava pointed out how the privacy problem arises when you start to think about what these bots need so they can do what they do. “Much of the time, it’s accessed. If they gather together sensitive and personal medical data to help doctors make informed clinical predictions, they need access to it. If they need to process customer data stored on a public cloud server or a web portal, they need to get to it.
“We have seen the problems that can arise when humans get compromised and the same can happen to bots – and at scale. If bots are configured and coded badly, so they can access more data than they need to, the output might be leaking that data to places where it shouldn’t be. Likewise, we hear about insider attacks and humans being compromised to get to sensitive data virtually every day. Machines have the exact same security issues; if they can access sensitive data and they aren’t being secured properly, that’s an open door for attackers – one that can put individuals’ privacy at risk. Attackers don’t target humans to get to data, they just target the data. If machines, especially those in charge of automated processes (think repeatable tasks like bank transfers, scraping web data and moving customer data files) provide the best path to get to the sensitive data, that’s the one the attackers will choose.â€
See More: Why Marketers Should Not Be Too Confident About Their Data Privacy
Myth 5: 5G will have no impact on data security
Following the explosive shift to the work-from-anywhere approach over the past couple of years, organizations’ people, technology, and data are spread across unlimited locations around the world. Coupled with that is our ever-increasing demand to be connected to everything and everyone, which has resulted in a push for emerging technologies such as 5G and IoT. Â
Mike Wood, CMO at Versa Networks, says that “while convenience, connectivity and flexibility are key to our current working environment, so too should be the security of our devices and the privacy of our data. Despite the rapid adoption of 5G, IoT and other new technologies, their popularity far outweighs their security.â€
Wood notes that 5G had been globally deployed in a short time. It has become a natural component of IoT devices. It is also in the perfect position to help transform business networking and the interconnection of infrastructure environments, whether on-premises, hybrid-cloud or multi-cloud. “However, as a market, it has not undergone enough research for experts to be confident in its security. Zero-day attacks are a huge threat to IoT and 5G applications. What’s more, 5G is not a private network, so when IoT devices are connected to it, the attack surface expands, and they and the data they store become vulnerable,†he adds.
“With a work-from-anywhere model, employees can easily access their Voice over IP (VoIP), Unified Communications, collaboration, and video applications from any location and any device, but this has to be done securely. As a result, businesses should be looking to invest beyond traditional technologies such as VPNs to protect their data against users who can be connecting from anywhere, on any network, and any device – they need to implement a holistic approach to getting visibility and control over all identities, threats, and endpoints. Â
“With a strategic approach to networking and security like SASE, organizations can achieve the flexibility in connectivity they are looking for, as well as ensuring their data is kept private and secure.â€Â
Myth 6: Government action not effective in ensuring data privacy
Although the metaverse took all the attention in 2021, some seemingly innocuous privacy accomplishments have been overlooked. In the past year alone, dozens of new privacy laws were drafted and/or enacted, high profile organizations were slapped with massive penalties for violating privacy laws (over 350 million euro in fines globally), and regulators have been tasked with providing accurate guidance to assist organizations in achieving compliance with various applicable privacy laws.
Lécio De Paula, VP of data protection at KnowBe4, noted that these various events that took place in 2021 represent the privacy-centric shifts that global regulators and organizations are taking. “This is, and will continue to cause, upheaval in the tech and ad-tech industries, which rely on big data and swaths of consumer data sets which will continue for the foreseeable future. In addition, countries around the world have caught the privacy bug and have been leveraging the GDPR model to draft their own privacy laws — which is very beneficial to organizations, as it makes compliance with these laws scalable.â€
Governments globally are beginning to understand that complexity is the enemy of compliance to the extent it applies to privacy. Countries need to adopt similar standards to protect their data to help ensure the economy runs smoothly. Paula sees these trends sustaining into 2022 and beyond with a couple of surprises here and there.
“Data privacy is still in its infant stages and one thing is for certain — privacy is here to stay and organizations that embrace privacy will continue to be successful over the next decade. Regulators and consumer advocacy groups are just getting started and I expect 2022 to be a record year for enforcement, penalties and other fines alike,†he concluded.
Do you think your organization has relevant and prompt data privacy policies? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you!