By Laurent Sirgy
In today’s hyper-connected world, data security and privacy are integral in everyday life. Data forms the very foundation of any modern digital enterprise. It drives everything from new user experiences to products and business insights.
Sharing data brings many benefits but carries a substantial amount of risk. Personal or organizational data can be easily exploited while being transferred. According to Varonis Cybersecurity statistics 2019 report, 70 percent of organizations say that they believe their security risk increased significantly. A Ponemon Institute’s 2017 study states that 21 percent of all organizational files are not protected in any way. Additionally, it was also stated that 61 percent of breach victims are usually businesses with under 1,000 employees.
All industries, from military to governmental agencies and companies; regardless the sector they are working in and their size; are susceptible to suffer data attacks and data loss. Heathrow Airport was fined £120,000 by the Information Commissioner’s Office for “serious” data protection failings. It came after a staff member lost a USB stick last October containing sensitive personal data, which was later found by a member of the public. Reports claimed this included the Queen’s security and travel arrangements. This is only one example of such an incident where transfer of sensitive data was compromised.
The Telecommunications Regulations Authority (TRA) in the UAE also reported a total of 274 cyber-attacks targeted at government, semi-government and private sector entities in the first seven months of 2018.
Companies that fail to approach a breach in a correct way can have negative consequence on their public image. In certain cases, a breach can make an organisation non-compliant with regulatory requirements, which translates into fines by governing bodies. There are also financial risks associated with breaches. Data security is the measure which is taken to prevent the loss of data through these unauthorised accesses. There are many ways to protect data, and some of them include strong user authentication, encryption, data erasure, and backup.
Data breaches not only affect data on organisations’ servers within the firewall but also data that leaves the organisations on laptops or tablets. Hence it is important that storage devices in laptops come with security features like AES 256-bit hardware-based Encryption and TCG Opal such as Kingston’s UV500 SSD. Using a TCG Opal compliant SSDs with hardware based encryption can contribute to organisations becoming GDPR compliant, also satisfying the DPA criteria.
Software encryption is based on using software tools to encrypt data. Some examples include encryption features and password managers. It mainly relies on using passwords to decrypt files which will otherwise remain locked. With encryption enabled, data is passed through a special algorithm that scrambles it as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.
Hardware encryption is safer than software encryption because the encryption process is separate from the rest of the machine. This makes it much harder to intercept or break. The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption and decryption process much faster.
Kingston Technology, one of the leaders in the development and manufacturing of USB’s and memory cards, develops encrypted devices that can store sensitive data more securely than cloud-based storage solutions. Kingston UV 500 SSDs with OPAL 2.0 and AES-256 XTS Hardware Encryption Support, and encrypted USBs are compatible with Data Loss Prevention (DLP) software on enterprise platforms and are also equipped with Endpoint Management software.
In the European Union, data protection is a fundamental right, and the General Data Protection Regulation (GDPR) is the new framework for protecting that right. With the law recently implemented, other countries are looking to the GDPR as they develop or implement their own laws to protect data. According to Cisco, companies which implement GDPR-compliant security measures are less likely to be breached than those which are not compliant – 74 percent vs. 89 percent – and when a data breach does occur, fewer records are impacted on average -79,000 vs. 212,000 – with system downtime also generally shorter.
As we move ahead in the year 2019, data shows no signs of slowing down or getting less complex and the only way forward is to make use of technological advancements and tools that can be extremely useful and reliable when it comes to data security. However, there is no one-size-fits-all solution to establishing a perfect approach to keeping data secure. Each business is unique and requires its own strategy to ensure it is well-prepared to navigate the minefield that is data security.
Laurent Sirgy is the Regional Director France, Southern Europe, Middle East and Africa – Kingston Technology Europe Co LLP. Opinions expressed in this piece belongs to the author.