Data Security Through Robust Cybersecurity Should Be Top Priority Patrick Grillo, the Senior Director for Solutions Marketing at Fortinet, speaks about what companies should do to comply with data security regulations How has the need for data security and compliance changed over the past year? Obviously the biggest impact over the last year has been the shift to “work from home/work from anywhere” and the need to securely support a remote workforce with no advance notice. Shifting a workforce away from their usual environment, with little to no training on the “ins and outs” of remote access significantly increased the risk to data security. What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance? There are a number of different frameworks available for organizations to use in their efforts for data security compliance such as ISO 27001, NIST Cybersecurity Framework and MITRE ATT&CK. These frameworks focus on cybersecurity which is the foundation for data security. Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow? The General Data Privacy Regulation (GDPR), which was introduced by the European Union in 2018 and has subsequently been used as a framework as individual countries create their own standard, is probably the best known regulatory framework.
ing and storing data 5. Be as transparent as possible Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant? Fortinet works with its customers to ensure that their network is secured to the highest degree possible through its cybersecurity platform, the Fortinet Security Fabric. The Fortinet Security Fabric provides broad, integrated and automated protection across the entirety of the network. Do you believe the line between data security and data privacy has started blurring? Yes, very much so. For example, when the GDPR came into effect, most organizations had focused on the customer-facing aspects of the regulation such as the appropriate disclaimers about their data collection and opt-out policies. Data security, through robust cybersecurity, needs to be a top priority for all organizations.
What according to you are the five tips that companies need to follow to comply with data security regulations? 1. Know where the data is located. 2. Understand why you’re collecting data 3. Collect only the minimum amount of data necessary 4. Periodically review internal procedures for collect-
27
