Have you booked yours? Register for Last Thursday in Privacy & access all webinar, panel discussions and more for free
97% of CISOs are worried about insider data breaches.
And with unreliable employees their primary ‘alert system’ and patchy technology deployments to mitigate this risk, it’s no wonder why..
In our second annual Insider Data Breach Survey, we examine prevalence of insider data breaches and their impact, and importantly, why they continue to occur.
Implementing data protection is an ambiguous area of responsibility for too many organizations, and well-meaning truisms like “Security is everybody’s job” do not help the situation.
Long experience in the field across different industries confirms this, whether the businesses in question create software for external customers or only for internal use. Given the lack of clarity about who is ultimately responsible for data protection, it is no wonder that so few organizations empower a specific functional team to effectively address this issue.
The result is that data security and governance too often fall between the cracks, not truly belonging under the CTO, the CIO, business units, or even the CISO or the compliance team. There is an answer to this dilemma: put the responsibility for data protection in the hands of the application owners who create or manage the applications that use the data, and empower them — and the development teams that work with them — accordingly.
2 years after GDPR’s implementation (Europe), and just a couple of months after CCPA’s launch (United States), marketing departments are still in the dark about the data they can collect and how they will be authorised to use them.
Consent management is still causing headaches to those who are involved in collecting, storing and sharing it across digital assets. This is even more complex when operating in several markets, where different regulations apply!
Heads of marketing, heads of CRM and Data Protection Officers (DPO) are now all supposed to know and be aligned on key questions such as: When am I required to collect consent, when not? How do I make sure that user consent is properly collected? How do I distribute my customers’ preferences across my client base? How to manage consent in a satisfactory way across the users’ journey? What KPIs should I follow to gauge whether my marketing efforts pay off? This whitepaper addresses various issues around consent & preference management, and helps you better manage its complexity.
In a way, the challenges related to data privacy in the public cloud is like an exponential of an exponential. Use of private data is growing exponentially. The proportion of that data held in the public cloud is expected to double between 2018 and 2025. There has been an explosion in activity from data privacy regulators, increasing the cost of leaving data unprotected.
GDPR became enforceable in 2018, spawning a wave of additional privacy regulations. Since then, privacy regulations have been passed all over the world, including in California, with other states across the US following, Brazil, China, and South Korea. Many other privacy regulations are likely to be passed into law over the next few years.
It is this combination of accelerating use of data, accelerating use of the public cloud to hold that data, and growing regulatory complexity that is creating such challenges for organisations.
Yet the imperative to meet these challenges is greater than ever – data breaches are expensive, averaging $8.19 million in the US. Penalties for violation of data privacy regulations have been as high as $230 million.
Added complexity is created by the issue that public cloud zones, which do not necessarily relate specifically to regulatory requirements in any one area. Furthermore, even when public cloud zones and regulatory areas do coincide precisely, services offered by cloud providers can vary between zones. The services in some zones may be inadequate to meet regulatory requirements.
There is no magic “use this software to solve data privacy” bullet. There are, however, proven security controls that can be applied to massively reduce exposure to a breach or regulatory fines.
The use of encryption and tokenisation of data and innovations in the application of data security in public cloud environment are all examples of how data protection and compliance can meet the challenges facing organizations.
This eBook aims to help you understand the complexities of data & public cloud.
Ransomware isn’t new and it’s here to stay. Even though you can’t make your organization completely immune against ransomware attacks, you can mitigate the risks when you have a backup solution that not only ensures comprehensive backup and recovery, but also shields your backups and other data from exposure to ransomware perpetrators. This white paper explores the anti-ransomware capabilities your backup software should have to help your organization:
With the California Consumer Privacy Act (CCPA) officially launching January 1, 2020, many organizations are still playing catch- up in determining exactly how they’ll comply with major provisions before full enforcement begins July 1, 2020.So far, the biggest risks stemming from the CCPA have touched on a few major areas: the ability to respond to consumer requests for data, breaches of personal data andthe resulting fines, and maintaining proper preservation of data needed for civil or criminal litigation. Below, we’ll take a look at each of these commonly made mistakes that companies are making, and offer a roadmap to CCPA compliance. Most of the mistakes that businesses and individuals are currently making regarding their compliance efforts fall into one of the following three categories:
Failure to harmonize the DSAR process with litigation requirements Forgetting to include paper records in the DSAR process Over-retaining data, which heightens the potential impact of data breaches In this guide, we’ll look into each of those obstacles and offer defensible practices to avoid adverse legal and financial consequences.
Securing budget is tough even in good times.
Investments in data privacy are often hard to justify for budget holders, who don’t fully understand the nuances of high-risk processing activities. In this guide, written by the team at DPOrganizer, you’ll learn how to speak the language of a budget holder and create a compelling case for investments in privacy.
Download the guide and you’ll get access to:
● A blueprint for tying privacy success factors to your company’s bottom line
● 26 specific arguments that’ll help convince your CFO
● 2 fictional investment cases that summarise everything your stakeholders want to know
With the onset of Coronavirus, the issue of remote working has been pushed to the forefront for organizations globally.
No longer a question of if employees should be able to work from home in flexible conditions, but rather quickly becoming a mandatory practice. Fortune 1000 companies around the globe are entirely revamping their office spaces to accommodate the fact that employees are already mobile, with studies repeatedly showing that desks are vacant 50-60% of the time. Twitter has also just announced that it is now mandatory for all of its 4900 global employees to stay home, while the story at Google is similar as they advise all employees in North America, Europe, the Middle East and Africa to work from home due to the virus.
With a dramatic increase in remote workers, organizations need to be prepared for an entirely new set of problems and challenges.
Organizations need to adequately monitor data exfiltration, threats, and data flow wherever the user may be based, no matter what device they are using.
A ransomware attack is a classic ticking-clock scenario. It has already struck companies of all sizes across industries around the world. Yours could be next. Are you ready?
Learn how to protect against ransomware and mitigate risk A complete ransomware strategy includes both reducing the risk of a successful attack and lessening the impact of an attack that does succeed. There are five things you need to do.
Protecting your data and ensuring its availability is your top priority. Like a castle in medieval times, you must always defend it and have built-in defense mechanisms. It is under attack from external and internal sources, and you do not know when or where it will come from. Vigilance is required, and you want multiple levels of safeguards for greater data protection. The same is true for your organization; a single event can threaten the bottom line or define a career. So how do you prepare? By making sure you’re recovery ready.
With 60% of corporate knowledge workers reporting that email remains their most commonly used mode of communication, email continues to be the backbone of enterprise communications and could be considered the most critical infrastructure for daily operations.1 Cloud-delivered email services are rapidly becoming the preferred implementation approach by IT organisations.
With over 155 million users already running on Office 365,2 organisations are realising significant benefits over on-prem solutions, including reduced management costs, regulatory compliance, and the accounting shift from CapEx to OpEx.
In May 2018, the General Data Protection Regulation (GDPR) became one of the most comprehensive data protection laws to be implemented in the world. Nearly all businesses and organisations handling the personal data of individuals living within the European Union, had to ensure they were compliant under the new regulations.
The regulations led to the development of the role Data Protection Officer (DPO), which in turn put them into the limelight answering difficult questions like “how and when we will be compliant with GDPR?”.
This white paper provides an overview of the GDPR Maturity Framework that helps a DPO. The GDPR Maturity Framework is based on 25 years of practical experience in designing and implementing cyber security and privacy control frameworks. The GDPR Maturity Framework is a result of a collaboration between privacy and security professionals, DPOs, lawyers & CISOs, and provides a realistic approach on how to make sure enough is done to remain compliant with GDPR.
For many people, home is different. It’s a personal place. It’s a retreat from work, a safe refuge. We often behave differently there. Many of us are currently working from home, and that doesn’t just mean we bring our work home, it means bringing our office mindset home too.
In a way, it’s like we have two personas: the work persona where we behave one way, and the family persona. When they mix, things don’t always go smoothly.
With the current situation around COVID-19 forcing many organisations to adapt to working from home, there are many things to consider, not least is the implications of working from home on data protection and privacy processes.
To pay or not to pay? That is the question confronting the growing number of businesses hit by ransomware. According to the FBI, ransomware will be a $1 billion market in 20201. If a strong ransomware remediation plan is not in place prior to an attack, paying a ransom can seem like the only option. And why do organizations pay? Recovery can be painful and time-consuming, and in many cases, the backups themselves can be compromised.
Organizations should not be forced to trade off paying a ransom and costly downtime. Instead, they should be able to rely on their backups to recover quickly and reliably. This requires developing and testing a strong remediation strategy before ransomware strikes.
This guide will help you develop your ransomware remediation plan, so when an attack occurs, you can resume business operations quickly without paying a ransom.