8 minute read
Data Security Through Robust Cybersecurity Should Be Top Priority
Patrick Grillo, the Senior Director for Solutions Marketing at Fortinet, speaks about what companies should do to comply with data security regulations
Advertisement
How has the need for data security and compliance changed over the past year?
Obviously the biggest impact over the last year has been the shift to “work from home/work from anywhere” and the need to securely support a remote workforce with no advance notice. Shifting a workforce away from their usual environment, with little to no training on the “ins and outs” of remote access significantly increased the risk to data security.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
There are a number of different frameworks available for organizations to use in their efforts for data security compliance such as ISO 27001, NIST Cybersecurity Framework and MITRE ATT&CK. These frameworks focus on cybersecurity which is the foundation for data security.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
The General Data Privacy Regulation (GDPR), which was introduced by the European Union in 2018 and has subsequently been used as a framework as individual countries create their own standard, is probably the best known regulatory framework.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Fortinet works with its customers to ensure that their network is secured to the highest degree possible through its cybersecurity platform, the Fortinet Security Fabric. The Fortinet Security Fabric provides broad, integrated and automated protection across the entirety of the network.
Do you believe the line between data security and data privacy has started blurring?
Yes, very much so. For example, when the GDPR came into effect, most organizations had focused on the customer-facing aspects of the regulation such as the appropriate disclaimers about their data collection and opt-out policies. Data security, through robust cybersecurity, needs to be a top priority for all organizations.
What according to you are the five tips that companies need to follow to comply with data security regulations?
1. Know where the data is located. 2. Understand why you’re collecting data 3. Collect only the minimum amount of data necessary 4. Periodically review internal procedures for collect-
ing and storing data 5. Be as transparent as possible
Ransomware Attacks Have Soared in the Past Year
Aloysius Cheang, the CSO of Huawei UAE, speaks about best-practice standards that can help companies achieve and maintain data security
How has the need for data security and compliance changed over the past year?
Accelerated digitization has been one bright spot from the pandemic, but it is coming at a cost. As digital spreads across enterprises, it also increases the risk and impact of cyberattacks. Some of the digital platforms that organizations have rolled out around AI, cloud, and IoT are incredibly powerful. Yet they can be unfamiliar territory for their IT security teams, so there’s a constant need to stay vigilant, share learnings, and develop open standards that can help all businesses.
Another trend we’ve seen is that workfrom-home requirements have complicated many organizations’ security posture as employees collaborate outside the corporate firewall. Most organizations have also been compelled to implement emergency security strategies on the fly, sometimes with little testing or training, potentially exposing their corporate virtual assets to cyber threats. The World Economic Forum's COVID-19 Risks Outlook report released last year found that 50% of enterprises were concerned about increased cyberattacks due to a shift in work patterns alone.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
The reality is that humans often remain the weakest link in any security posture. Phishing, for example, accounts for a large number of all cyberattacks today. Therefore, training and awareness of employees must be a priority. Cybersecurity is also a corporate priority, and security managers should have direct access to the C-suite so that cybersecurity is woven into the corporate fabric.
Ransomware attacks have also soared in the past year, highlighting the need to always back up data and have a disaster recovery plan in place. Additionally, the proper access controls need to be maintained to manage access for remote workers. In short, companies needs to bake cybersecurity needs into the company’s process right from the beginning so as to achieve security-by-design and privacy-by-design to ensure security out of the box.
Are there any regional data compliance regulations and frameworks which companies that handle large amounts of public data need to follow?
If your organization has any business with EU companies or individuals, you certainly need to be aware of GDPR. Countries in the Gulf have their own data security laws.
The UAE, for example, has data protection requirements in place both at the federal and emirate level that govern personal and corporate data. The UAE's National Cybersecurity strategy, developed by the TRA, aims to create a safe and robust cyber infrastructure. Meanwhile, the Dubai Cyber Security Strategy aims to strengthen Dubai's position as a world leader in innovation, safety, and security.
Saudi Arabia also has a broad Anti-Cybercrimes Law that addresses data protection in the context of cybercrimes. The Saudi Arabian Monetary Authority (SAMA) has also published a Cyber Security Framework for the financial institutions under its purview to guide their efforts towards appropriate cybersecurity governance. Moreover, organizations should leverage their partnerships with technology companies for their expertise and capabilities. At Huawei, we assist numerous customers daily to secure and comply with regulations if and when required.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Cybersecurity is more important than ever, and as an industry, we need to work
together to share best practices and build our collective capabilities in governance, standards, technology, and verification. At Huawei, we work with governments and private sector organizations to jointly develop and contribute to such cybersecurity initiatives.
Huawei is also committed to transparency, as demonstrated in our expanding network of global Cyber Security and Privacy Protection Transparency Centres. This June, Huawei opened the largest of such transparency centers which provides a testing environment for Huawei software and hardware, technical documents, testing tools, and necessary technical support.
Security is an integral part of Huawei's own digital offering. We provide resilient end-to-end network security capabilities that ensure the security of customer data and applications. Huawei's products and solutions have been deployed by 253 Fortune 500 companies globally, helping secure their digital transformation journey.
Sajith Kumar, the General Manager of Enterprise at Cloud Box Technologies, speaks about tips companies need to follow to keep their data safe and be compliant
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
There is no single regulation or standard been implemented by organizations. Instead, organizations comply with multiple regulations and frameworks and the popular one's include GDPR, CCPA, HIPAA, PCI-DSS.
It helps them improve their information security policies by providing guidelines and best practices based on the company’s need and the type of data they maintain. Non-compliance with these regulations can result in severe fines, or costly cyberattacks, data breaches.
It is important that organizations start to have strong data governance framework which helps against cyberattacks, provides stronger data management processes and reduces the burden on the IT teams. And most importantly it helps organizations remain compliant.
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
Different regions have set up their own data compliance requirements. Some fo them that are widely followed would be GDPR – Europe’s General Data Protection Regulation, CCPA – California Consumer Privacy Act, LGPD – Brazil’s Lei Geral de Proteção de Dados, POPI – South Africa’s Protection of personal information, etc.
What according to you are the five tips that companies need to follow to comply with data security regulations?
1. Data Encryption policy: Companies should have policies around data
encryption so that at the data is not misused or breached and it's accessible to approved users 2. Internet usage Policy: Employees spending time on non-work-related websites, the companies have to put in place an acceptable internet usage policy. This will formalize any activities that are outrightly blocked, as well as setting limits on the time employees are spending on un productive activities. It must also have a place a system on how companies are monitoring the activities. 3. Email Policies: Employees needs to be educated and made aware of the different types of files to be opened, what kind for information can be to be shared which may also include scam emails etc., 4. Password policy: Companies need to train employees to set strong passwords, outline policies to change passwords periodically. 5. Data Usage Policy: Employees needs to know what kind of data is being processed, how it is being used and with who it is being shared with and most important what are the policies that are in place t ensure that this is carried out.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Presently, there are more than 120 countries that have enacted on data protection legislation to secure the protection of data as well as privacy, and this number is growing constantly.
Cloud Box Technologies helps customers that the data is secure, compliance requirements are being met. We do this by helping them keep regular back backups, helps them have information flow legally and transparently, and in case of any data loss in the event of a failure we help them recover from the situation by analyzing the situation and putting in place an action plan that will help the out of a crisis.
Do you believe the line between data security and data privacy has started blurring?
There is a thin line between data security and data privacy, although this line is not blurring, organizations as well as individuals must realize the importance of data security especially in today’s digital world. Government regulations are in place and moving forward they will be fine-tuned to tackle current and future requirements.
