Five steps for organisations to ensure effective data privacy framework in 2022 with data protection | #emailsecurity | #phishing | #ransomware


In today’s world, data is a critical asset for any organisation to safeguard at all times. This digitally driven business environment is making data protection a top priority under the increase of attack surface and compliance requirements. International regulatory agencies worldwide have enacted strict data privacy regulations that firms must comply with. With different data privacy standards in place, organizations must comply with the legislation and meet the requirements.

 

India’s Computer Emergency Response Team (CERT) and National Critical Infrastructure Protection Centre (NCIIPC) warns there have been a rise in malicious cyberattacks on India’s critical infrastructure. Indeed, a Barracuda report finds 87% of Indian respondents said their organization has been the victim of a security breach once. And the shift to remote workforce has created security challenges for many businesses in India, saying that companies with staff working predominantly from home had a significantly higher network security breach rate 91%, compared to companies with staff working predominantly in the office (86%).

 

To ensure effective data protection, the following are some significant steps an organisation can take for a practical data privacy framework:

 

Every business has a considerable amount of data at any given point. It also changes over time. Users add folders, and archived data is moved around. Applications evolve, SaaS is adopted, users add folders, and archived data is moved around. It’s pivotal for an organisation to understand their whole data footprint, including remote sites and multi-cloud deployments. Data access and security controls should be consistently applied across the data footprints. Knowing what data is important to the company and where it currently resides will allow the backup administrator to make sure it’s protected.

 

  • Backup business data and protect backup

Backing up data is a key step for data protection. Businesses should stay current with a secure data protection solution that can identify critical data assets and implement disaster and recovery capabilities. Yet data backups are not immune to ransomware, accidental deletion, or other sorts of data loss. Ensure that at least one copy of the backup is kept offsite and protected from any potential disaster at work. If the original data and backup data are stored in the exact physical location, your data security system becomes a single point of failure. Business es could take this data protection a step further and follow the classic 3-2-1 rule: make 3 copies of data using 2 different formats and keep 1 offsite copy.

 

  • Protect your email and prevent credential loss

Organisations, both big and small, need to make priority investments from the early stage of business operations regarding data protection. Today 91% of cyberattacks start with an email. Many of these attacks use social engineering tactics to bypass traditional email gateway and try to steal credential and personal data. A comprehensive email protection solution leveraging artificial intelligence is required to stay ahead of the cybercriminals and prevent email-borne threats like ransomware and business email compromise (BEC) from compromising business and personal data. Companies should also consistently train their users for email security awareness.

 

  • Secure applications and access

Application attacks are also increasingly becoming complex and are subject to so many automated attacks like DDoS, credential-stuffing, OWASP and zero-day attacks, and many more. With businesses moving to web applications, threat actors look for vulnerabilities to gain access to application and attempt to steal sensitive data. Companies should implement web application security for all SaaS applications and infrastructure access points.  Along with application protection, they should consider narrowing down to the least amount of access users need to be productive. It’s best to implement Zero Trust Access based on endpoint security postures.

 

Any technology, business process, product, or service that is committed to providing a secure environment for personal data must incorporate data privacy into their design and the entire lifecycle. It can be done by deploying cloud storage, engaging third party experts for IT security, SaaS deployment etc.

 

Compliance with data privacy rules cannot be put only in the hands of legal and compliance departments. Everyone in the organization must understand their obligations to protect data in order to comply with data privacy rules. Hence, it’s pertinent for organisations to pay attention to their data security framework from the beginning.

(The author Parag Khurana, Country Manager, Barracuda Networks and the views expressed in this article are his own)



Original Source link

Leave a Reply

Your email address will not be published.

− four = 5