Data Privacy in 2019

January 28, 2019

Table of Contents

    Data privacy has been top of mind for both individuals and corporation over the past few years. 2018 spotlighted the conversation with events like the passing of the GDPR regulation and multiple big-name breaches from corporations including Marriott, Facebook and Google.  As a result, there is added pressure and expectations for companies to take the proper precautions as well as be transparent about what happens with data that’s collected.  While there is focus on consumer data, companies can take action to protect business data and intellectual property.

    With today, January 28, being Data Privacy Day, it is a perfect time for companies to understand the advanced tools available to help secure data.  There are tools that can help protect the infrastructure from the obvious methods of attacks, but there are advanced tools to protect beyond the infrastructure and protect the accounts and data itself. 

    In an under-protected environment, all an attacker needs is a way into a network.  Their preferred option? Privileged accounts.  Once a privileged account is accessed, a new account can be created, data can easily be stolen.  As a result, it is critical to appropriately protect privileged accounts, ultimately protecting your assets.  CyberArk offers a multi-layer approach to securing accounts. A combination of password-management, session recording and data analytics ensures accounts are protected, even if the network is breached. 

    Another action that can easily be implemented, but provides significant security, is multi-factor authentication or MFA.  This log-in process requires two pieces of credentials, rather than just a single password.  Having more than a single password requirement is important, because due to poor password habits, like repeated, easily guessable passwords once an attacker gets a password, they can gain access to multiple accounts.  Two pieces of credentials makes it harder for a cybercriminal to access an account, a second verification is required.  The second credential could be a code sent to a different (unhacked) device, or unique to the individual like a fingerprint.  Remember even if MFA is implemented, a password should be unique to the account as well as hard to guess (Tip: use a password manager app to keep track of multiple, longer passwords).

    While protecting log-in points can help eliminate the risk of a breach and diminish the chances of a cybercriminal gaining access, additional protection can be added.  Securing unstructured data increases protection of intellectual property, adds security in cloud computing and minimizes threats by insiders, and even authorized users.  Fasoo undertakes securing data in three parts: Discover and Classify, Protect, Control and Trace, and Analyze and Act.  From discovering and classifying data to establishing predefined policies to track the data to assessing activity to discover deviations, each part gives insight and protection like never before.  A company can track a document from creation and sharing to storage. Other features include the ability to redact specific information. 

    Data Privacy Day is the perfect opportunity to assess your company’s current efforts and explore new, advanced ways to protect your data and intellectual property.  Not sure where to start?  Let Brite help guide you through the process.

    data_privacy_day