Data Privacy Day Should Come 365 Times a Year

Precisely 13 years ago, on January 28, the Council of Europe initiated European Data Protection Day to raise awareness of best practices for data protection and to help boost knowledge about personal data among organizations and individuals.

Currently celebrated by 47 European countries and the United States, Canada, and Israel, January 28 is also a reminder of what we need to do better to secure personal information, especially in light of the long list of recent data breaches.

 

Breaches, Fines, and a Whole Lot of Exposed Records

Some estimates put the total number of records breached in 2019 alone at more than a whopping 10 billion, caused by ransomware attacks, data breaches, and various incidents related to software or authentication misconfigurations that left data exposed online. Facebook, Tesco, Flipboard, and even the Charing Cross Gender Identity Clinic incidents, are among the most notorious incidents that have exposed millions of records containing personal information.

Worryingly for organizations, data breaches have become a matter of “when” instead of “if”. One organization in 10 loses over $10 million from a cyber-attack, because of cleanup procedures or loss of intellectual property and potential client lawsuits, and the average user is also directly impacted.

Some 57 percent of organizations suffered a breach in 2017, 2018, or 2019, and 36 percent of companies who haven’t suffered a cyberattack believe they’re currently facing one, according to a recent Bitdefender survey.

European legislation such as GDPR can also massively impact breached organizations. Fines imposed under GDPR range between 4% of the company’s global turnover or up to €20 million, whichever is greater. Some of the biggest GDPR fines to date have involved British Airways (£183.39 million), Marriott International Inc. (£99.2 million), Google (€50 million), and even Austrian Post (€18 million).

 

How Can Businesses Keep Up With Data Breaches?

While organizations fear data breaches, especially since it took an average of 206 days to detect a breach in 2019, minimizing potential fallout is all about being prepared for it and identifying breaches faster.

Time is key, and organizations with complete visibility into their infrastructure can respond to and mitigate threats that result from data breaches before they severely affect the organization. Layered next-gen endpoint protection with prediction, prevention and detection technologies, coupled with detailed security analytics for EDR, can make the difference between business continuity and being crippled by a data breach.

These GDPR-compliant security technologies, such as data loss and data theft protection technologies, need to be augmented by technologies that enhance visibility into data breaches. This can help organizations cope with potentially lost data, and maintain the visibility and investigative capabilities required by GDPR to quickly investigate and assess the potential impact of a data breach.

An incident response plan and an ongoing vulnerability assessment program are equally important, as organizations can find and plug potential security vulnerabilities, while maintaining proper procedures that are activated in a potential data breach.

One of the biggest fears of CIOs and CISOs is employee negligence that may lead to a data breach. With 17 percent of IT decision makers viewing this as a major risk for organizations, training employees in both cybersecurity best practices and GDPR policies and procedures could help reduce risks associated with data loss.

To help with all this, security and GPDR compliance organizations looking to protect their business from data breaches should consider a layered security platform that offers compliance, protection against data loss, data theft, and targeted attacks, while at the same time enhancing visibility into data breaches.

For more information, please check out how Bitdefender can help your business become GDPR compliant.