Data Privacy Day aims to raise awareness of how we collect and use data
Today is Data Privacy Day -- or Data Protection Day, depending on who you talk to -- a day dedicated to an international effort to raise awareness about how data is collected, used and stored.
So, what do the luminaries of the IT world have to say about the day and about data privacy/protection in general? We've rounded up some of their thoughts.
Daniel Markuson, digital privacy expert with NordVPN, says, "Data Privacy Day aims to raise awareness on issues of privacy, however, awareness is meaningless if it doesn't turn into action. Protecting your individual privacy is all about creating habits, such as putting extra effort into creating strong passwords, not clicking on unknown links or downloading unverified files, disabling Wi-Fi and Bluetooth when they're not in use, and overall staying attentive while browsing online. While this may sound tedious, there are tools that can make protecting your privacy much more effortless. A VPN hides your personal information, password managers protect your credentials and generate strong passwords, while file encryption tools make it so only you can access your files."
Camellia Chan, CEO and founder of X-PHY, thinks raising awareness is good but technology has a part to play too. "Data Privacy Day is great for raising awareness of cyber threats, especially considering a staggering 95 percent of cyber-attacks are due to human error. However, education alone is not enough and cybersecurity measures need to be more robust than ever. Fortunately, we have some incredible solutions that are readily available to both individual consumers and organizations. When developing a cybersecurity strategy, it's important to consider that anti-virus software alone is not enough -- it requires too much input from the individual, like updating the software. Companies should adopt robust firmware as the last line of defense. And, advancements in technology mean it's now possible to have AI-infused SSD embedded into laptops to protect data against every type of attack, from ransomware and malware all the way to physical security."
Paul Keely, chief cloud officer at managed detection and response firm Open Systems, believes monitoring of systems is key. "Naturally, the best way to protect critical data is to prevent bad actors from accessing it in the first place. One of the keys to this is monitoring 24/7 to identify and contain breaches as early as possible in the cyber kill chain. Done effectively, this can keep a breach from expanding beyond a single affected endpoint. Endpoints are a significant concern, as companies' attack surfaces have likely grown 10 times or more due to the pandemic forcing employees to work from home. With all of these thousands of endpoints making thousands of remote connections, the number of alerts has exploded. While the vast majority are false positives, their sheer volume makes it harder to identify the actual threats hidden among them. Understanding their attack surfaces will help companies recognize real threats."
On an industry specific point Justyn Hornor, chief product officer at dating website Seeking, says, "On Data Privacy Day and every day, online daters must prioritize their personal safety and the security of their online data. Before you hop onto a dating website, vet the security precautions in place. Is the dating platform verifying identities? Is it drawing from data and concrete evidence to strengthen the security of the platform? Is the newest technology, such as AI and bots, being tapped to monitor profiles and identify any potential concerns? Does the company block profiles that engage in unlawful activities? If the answer is no to any of these questions, find a better site."
David Higgins, technical director at CyberArk, believes a security-first approach to privacy is essential, and not just for humans:
It's not just humans that are susceptible to clicking on the wrong link or are perhaps a little too cavalier about what they share about themselves. Software bots have sharing issues too, and this Data Privacy Day we highlight how we can better protect the data that they access from being exposed.
Software bots -- little pieces of code that do repetitive tasks -- exist in huge numbers in organizations around the world, in banking, government and all other major verticals. The idea behind them is they free up human staff to work on business-critical, cognitive and creative work, but also helping improve efficiency, accuracy, agility and scalability. They are a major component of digital business.
The privacy problem arises when you start to think about what these bots need so they can do what they do. Much of the time it's access: If they gather together sensitive and personal medical data to help doctors make informed clinical predictions, they need access to it. If they need to process customer data stored on a public cloud server or a web portal, they need to get to it.
We've seen the problems that can arise when humans get compromised and the same can happen to bots -- and at scale. If bots are configured and coded badly, so they can access more data than they need to, the output might be leaking that data to places where it shouldn’t be.
Data privacy is not optional, says Brian Rue, CEO and co-founder of Rollbar. "Be aware of the changing landscape. Be aware of what's happening with Europe and California and in general the practices, and accept that data privacy is only becoming more important and has to be part of what tech teams think about -- it's not optional. Consider making it core to products you are building and the ways you are building them."
Shane Curran, CEO at encryption company Evervault, thinks privacy legislation has helped but that there is more still to do. "Data privacy has come a long way in recent years as GDPR and CCPA have come into force. However, there is more to be done. These regulations can be seen as blunt instruments which have led to friction and annoyance for internet users. A false dichotomy has arisen between checking whether your details have been breached on one side and fighting through cookie consent banners on the other."
Chad McDonald, chief of staff and CISO of Radiant Logic, believes identity data needs to be better managed. "With the number of cyberattacks substantially increasing during the pandemic, organizations must put in measures which can stop identity sprawl by ensuring they have a unified global profile which has all the attributes of a user irrespective of which source it's located in. Organizations that fail to manage identity data will suffer from further data breaches as threat actors know that data is not secure and easy to get hold of. Whilst this sounds like a complicated problem to solve, it can be easily done thanks to Identity Data Fabric."
Archie Agarwal, founder and CEO at ThreatModeler agrees:
A major part of data privacy is safeguarding the data. And when it comes to safeguarding data, we feel organizations should operate from a very simple paradigm: identify all the threats and then mitigate them.
Safeguarding data means different things to different organizations. But for those involved in developing software systems, we feel strongly that the best way to identify all the threats and mitigate them is by incorporating threat modeling right into their development lifecycle. It's the most effective way to identify threats prior to deployment, which is obviously preferable.
Stijn Christiaens, founder and chief data citizen at Collibra, sums things up. "It's time for a shift, especially as consumers increasingly hold companies accountable for mishandling their privacy. We need to re-frame the conversation around data privacy to be less complacent and more proactive, and we need to move faster to bring as many people as possible to the table to have a real impact. Invest in building sustainable processes now to be ahead of the market and the competition."