What began decades ago as a series of 1’s and 0’s is now a digital universe without limits. Data is to the digital world what atoms are to the physical world, a foundation: the building blocks of reality. But most importantly, data is information.

As our world’s paper based systems increasingly give way to digital information, the importance of data security cannot be underestimated. 40 years ago, important documents were locked away, private ‘paperwork’ was stored under lock and key. To successfully transition your data into the digital world, you must also transition these security measures.   

Not Solved By Software

Data security used to be an easy job. Install your free antivirus software and relax, let the software do the work, right? Unfortunately, it’s no longer so simple. The cyber threats of the world can now attack from all angles, at all levels. Security cannot be placed on the shoulders of one program, or even one department. (looking at you, I.T.)  

Research by the Ponemon institute tells us that $3.62 million was the average cost of a data breach in 2017 – numbers that are likely to make any executive hot under the collar. It follows that C-level figures in many organisations are now keeping a keen eye trained on their organisation’s cyber security approach. But this is not enough, think of it this way; when a cyber-attack occurs, the entire organisation & most (if not all) of its employees are affected collectively. So why is it that so many organisations don’t include their entire organisation in preparation and defence? And what can you do to minimise risk? 

Protect Your People

The consensus among cyber security professionals is that any organisation’s greatest weakness is their people. Yep, not firewalls or wires or unsecure networks – the human element. Many hackers ‘hack people’ in the sense that they can obtain phone numbers or emails, and simply get access to private information by manipulating employees – and why wouldn’t they? If they can simply get what they want by lying over the phone, why bother with complex hacking activities? To this end the priority of your cyber security strategy should be equipping employees to be guarded against ‘social engineering’.  

Amateurs hack systems, professionals hack people.” – Bruce Schneier 

Data security must become an organisation wide concern starting at the top and extending to all employees. Executives need to pay attention to security holistically and make sure that there is training in place alongside spoken or physical systems of verification that can eliminate the risk of an outsider posing as employee. Internal reminders, boot camps or even posters reminding people to stay vigilant can help to encourage a culture of awareness around the issue. It is also important to minimise potential risk by keeping different accounts secured with separate passwords, this can prevent a social hacker from doing damage to more than one system. 

Third Parties

 Any organisation who has prepared thoroughly for GDPR is likely now aware of the data controlled or processed by third parties working alongside them. Sharing data with another organisation establishes a link between you. It is advisable to understand the level of data security within your third parties (if possible) before working with them. As there is a chance that a breach affecting them will also cause trouble for you.  

Data minimisation is a key tenet of Europe’s new law for a reason. By drastically reducing the amount of data that you process, you are further reducing the impact of a data breach with the added benefits of freeing up some more room for storage. A Data Protection Impact Assessment will put you on the path to sensibly minimising. Plus, minimisation will have a knock-on effect on any of your ‘processor’ 3rd parties. 

The IoT Risk

“IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.” – Nicole Eagan  

‘Internet of things’ (IoT) devices now present a risk to your data security as well. Your watch, your car or even your kettle have become connected, consequentially they have also become vulnerable. It was reported recently that a casino was hacked through a digital thermometer in one of its fish tanks – allowing hackers to extract important information as it was connected to a main database. Something as innocuous as a thermometer, or perhaps more realistically an ‘Alexa’ unit could be a huge oversight in your data security practice. Take inventory of these devices and ensure they are protected.