Blame IT Pros for Data Privacy Failures?

Data Privacy Day is a good reminder that everyone within an organization is responsible for protecting sensitive data.

That’s according to Tom Pendergast, chief learning officer at MediaPro. The company provides cybersecurity and privacy education.

A global effort, Data Privacy Day generates awareness about the importance of privacy. It highlights easy ways to protect personal information and reminds organizations that privacy is good for business.

From the boardroom to the loading dock, everyone has a role to play in protecting sensitive data, Pendergast said.

MediaPro’s Tom Pendergast

“From a training and awareness perspective, one of the best ways to do this is to provide education that employees can use both at work and at home,” he said. “For the majority of employees, many of the attributes of the sensitive data they handle as part of their job should be recognizable when it comes to keeping their own information secure. When an organization goes about educating their employees on their own data privacy requirements, I’ve seen success using a golden rule approach. That is, telling employees to treat the data they handle as part of their job the same way they’d want their own data treated.”

This more personal approach makes privacy more real and less theoretical, Pendergast said.

Increased Focus on Protecting Data

Rita Gurevich is founder and CEO of Sphere Technology Solutions.

Sphere’s Rita Gurevich

“In the enterprise world, there is an increased focus on protecting data from internal and external threats, especially across highly regulated corporations,” she said. “Safeguarding sensitive data, including your employee and customer data, is not a should-do concept anymore, but a must-do directive coming from the top. Whether it’s regulatory bodies or internal auditors enforcing the proper data privacy and data protection practices, the repercussions financially and from a reputation perspective are reason enough for companies to focus their attention to implementing a least privileged access model.”

Cleaning up the mountains of inappropriate entitlements is step one, Gurevich said. And many organizations are recognizing this foundational requirement isn’t as easy as it may seem, but a mandate that must be achieved.

“We predict that organizations will start to go back to the basics and fine-tune their practices for basic inventory of all their data repositories with more in-depth analytics on the state of their access controls,” she said. “Remediation and ongoing certification of entitlements will expand in coverage, automation will be critical, and the onus on the business to partake in these processes will be more of a business-as-usual expectation. This is actually a positive effect and forces not just IT and security teams to accept this onus, and will create a culture of security first across all business units within an organization.”

Online Privacy at Lowest Point

It’s no secret that online privacy in 2021 is at its lowest point ever, said Aviram Jenik, CEO of Beyond Security.

Beyond Security’s Aviram Jenik

“We carry around tracking devices, self-report our activities, and have given blanket permissions to both governments and corporations to access what we shop for, what we search for and who we communicate with,” he said. “This isn’t a technology problem. The internet allows distributed, anonymous communication. And there are various layers of anonymous communication protocols we can use. [That] is why terrorists can use those same applications without worry.”

But blaming the average user for choosing convenience over privacy is the wrong way to go, Jenik said. The actual blame lies with IT security professionals.

“We got distracted, got addicted to the simplicity of some of these services and often focused on security when we should have also insisted on privacy,” he said. “Fortunately, the last few months were a multi-stage wakeup call. We now need to use this momentum to change the standards. It falls on us, security professionals, to give normal users the tools to protect their privacy. We’ve done a reasonably good job with getting the average user more secure over time, though there’s still a long way to go. We now need to do the same with privacy. With some luck, 20 years from now, online privacy will increase the way that online security has increased dramatically from 2000 to 2020. It’s on us, security professionals, to get it right.”