The world is constantly changing, and cybersecurity is no exception. Businesses that handle the private data of customers, clients, patients, and employees must be aware of these changes so they can take steps to protect data privacy.
According to a study by the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies. Similarly, 81% of the public say that the potential risks they face because of data collection by companies outweigh the benefits. Customers and clients hear of large-scale attacks against the companies that hold their private data, and understandably lose trust that their information will stay secure. It is not just the private sector that makes individuals concerned — 64% of Americans report being concerned about the way their data is being used by the government.
Data is a valuable target for cybercriminals seeking quick cash or state secrets. Every organization that handles sensitive data should be devoted to keeping it private and secure.
Geopolitical Concerns
There are geopolitical events that have colored public perception in the past months, and which will likely have immense bearing on data security this year.
- Investigations suggest potential Russian involvement in the SolarWinds hack.
- If China exerts enough pressure on Taiwan, they could gain access to data from the Taiwan Semiconductor Manufacturing Company Ltd. This would increase concerns for U.S. supply chains and military system usage.
- Russia’s hostile stance toward the Ukraine is no secret. The Department of Homeland Security has voiced concerns of potential cyberattacks in response to NATO actions.
In short, global cybersecurity tensions do not show signs of easing up in 2022.
Changing Legislation
In the face of this uncertainty, governments are taking action. In 2021, at least 46 U.S. states and territories introduced or considered (in total) more than 250 bills or resolutions addressing cybersecurity and related issues. Encouragingly, some 35 states actually enacted legislation.
Many factors have led governments around the world to consider how cybersecurity and data privacy can be upheld through the law. In addition to growing concerns about how businesses handle personal data online, these factors include notable events like the SolarWinds and Colonial Pipeline attacks. In the United States, governments like that of Maine are attempting to create a Constitutional right to privacy. North Carolina has prohibited government entities from paying cybercriminal organizations after ransomware attacks.
It is not only the United States that is taking data privacy seriously. New security laws will be enforceable in places like South Africa, the United Arab Emirates, and Thailand. There are also anticipated updates to the United Kingdom’s General Data Protection Regulation (GDPR), Canadian Personal Information Protection and Electronic Documents Act, and Hong Kong’s Personal Data (Privacy) Ordinance. Data privacy is clearly — and appropriately — an international concern.
The increased attention to cybersecurity and data protection is encouraging. Many governments are acknowledging that the world of data protection moves quickly, and law, codes, and constitutional amendments must be proactive and not just reactive.
Next Steps for Businesses
For this year’s Data Privacy Week, the National Cybersecurity Alliance (NCA) is focusing on educating businesses on data collection best practices that will protect data privacy and promote transparency. Part of the difficulty is the evolving patchwork of laws and codes that businesses must consider as they operate in a global market.
Overhauling business security practices may seem like a daunting task, but it is well worth the outcomes. Implementing standards that meet the most stringent data security requirements can save a business time and money, as well as increase client and customer trust. For example, organizations that are closer to meeting GDPR standards are less likely to experience a breach. When breaches do occur, these organizations have substantially fewer data records impacted, so the overall costs associated with the breaches are lower.
Companies should familiarize themselves with these updated laws and regulations, and then take steps to implement changes.
- Complete a data privacy and cybersecurity risk assessment, and note where there are gaps in organizational defensive posture.
- Train employees on data privacy best practices and company policies. An organization’s privacy culture begins with employees understanding the responsibilities and risks in managing client and customer data.
- Update procedures and invest in security software such as DriveStrike that offers digital security and compliance. Any improvements to a business’s security posture requires software, hardware, and personnel to be functioning well in tandem. Everyone within the organization should understand their role in preventing breaches and responding to cybersecurity incidents.
- Verify that third party vendors and partners also have a robust data security program and culture of responsible data protection. A breached third party can be just as damaging as a breach to the business itself. Vet all partners and third party vendors rigorously, and hold them to the same security standards that govern your organization.
Data security is increasingly in the spotlight of the world stage, with threats ranging from data breaches to supply chain ransomware attacks to international cyber warfare. Businesses have a responsibility to protect their clients’ and customers’ digital data from any threat, whether that is a lone laptop thief or a state-sponsored hacking organization. With foresight and the correct tools, any business can take action to protect the data they steward.
About DriveStrike
DriveStrike is a software security solution that is GDPR, DoD, SOX, and HIPAA compliant, and offers tools to protect data on any number of company devices anywhere in the world. Contact us to discuss your specific security needs, and start your free 30 day trial to begin protecting sensitive data. Your security is our priority.