Why cybersecurity alone is not enough to protect private data

null
Image Credit: Shutterstock

2019 is set to be a landmark year in the ongoing balancing act between businesses extracting the maximum amount of data they can, and still respecting the privacy of their users. Data Privacy Day that took place on the 28th January and was first marked back in 2008 to honour the signing of Convention 108, an international treaty, concerning privacy and data protection. It’s now a day that is internationally recognised and is particularly relevant and significant at a time where many companies are facing scrutiny for their misuse of data.

Last year, we witnessed the introduction of major legislations, such as The EU General Data Protection Regulation (GDPR) that came into effect for the purpose of providing individuals and businesses with information and tools to safeguard their privacy. Despite this, we’ve still seen major players like Facebook and Google being fined for their casual and often relaxed attitudes towards protecting personal data. 

In order for real change to take place, businesses and consumers alike need to understand the value of data, how to protect it, and why cyber security alone isn’t enough to keep unsavoury characters from stealing your data. 

Businesses and consumers must be educated on data

Both organisations and individuals need to receive education around data and why it is so valuable.

For consumers, particularly young people, they need an understanding of why their data is so valuable, what it means for companies and, most importantly, how to protect it. Understanding that free services aren’t free, as they’re paying the price by having their data taken, is one such example. The tech industry certainly knows the value of data, having monetised their users to make hundreds of billions of dollars.   

For businesses, they need to go beyond ensuring that all employees are aware of internal security policies, teaching the basics regarding strong passwords and avoiding phishing scams. Organisations need to focus more on delivering security education that is specific to each employee role. A survey by PwC reported that more than 51% of data breaches were caused by insiders, thus, organisations need to do more for their access policies, and monitor online activities to detect and stop threats.

End-to-end encrypted services are the only viable way forward

‘End-to-end’ implies that devices transmit encrypted information to each other without the server’s participation. Thus, all communication and data – including messages, calls, images, and video – are fully encrypted. From this, end-to-end encryption is the most reliable and advanced way of protecting user data and should be at the forefront of businesses infrastructures, and consumers’ minds when deciding which applications or services they want to use.  

As we’re witnessing Facebook integrating with Instagram and WhatsApp, ensuring that we’re all using end-to-end encrypted services are more important than ever. While the idea of all these services being in one place might seem appealing and helpful in preventing us switching from one app to another, it means users will be more susceptible to hacking and thus, personal data being taken. Users should perceive their personal data as their passport on the web – our private data contains aspects of identity, and thus, if taken, is opening a gateway for potential threats.

laptop with encrypted text

Image Credit: Unsplash

(Image: © Image Credit: Markus Spiske / Unsplash)

Ensuring that end-to-end encrypted services are the first-choice is as important for users as it is for enterprises. Without messages, calls, images, and videos being fully encrypted, everything sent and received will be vulnerable to threats. With protecting user data at the forefront of businesses infrastructures, and consumers’ minds, both will be able to work together in order to prevent future attacks. Without fully encrypted services, the vulnerabilities posed by the third-party application providers employed by major platforms will be increased as user data will be exposed to malicious players. This is a risk we all face, unfortunately.

Even with an increased focus towards enhancing privacy, there is still a risk of businesses losing data to hackers. Therefore, a company that can create a tight security development lifecycle that can constantly evolve, will protect their business and its users. Adopting an ‘always on’ mindset where businesses are updating and tightening their security system will be beneficial in the long-term for businesses and their customers alike.

The sooner organisations work towards compliance with the latest regulations, the sooner they can be confident of their own security. To help businesses understand the steps they should take in order to ensure data compliance, it is crucial that consumers understand the value of personal and private data too. Communications platforms should empower them to understand their own data and act on keeping it safe.

Derek Roga, CEO of EQUIIS