The top prioritisation of data loss prevention by 38% of UK firms is also in contrast with the consolidated European survey results, where identity and access management continues to be a top priority alongside network-based security by 29% of companies polled.
Encryption is level-pegging with IAM as a priority for 32% of UK firms, while across the whole of Europe, encryption is in joint second position with user training (27%), only slightly ahead of data loss prevention and single sign on (25%).
Why has Data Loss Prevention become so important?
In the wake of the Snowden revelations about mass internet data surveillance by the US and its allies, encryption has become an important part of organisations’ and individuals’ privacy protection strategies.
Ever changing, more flexible work environment pushes companies to consider larger investments in data protection.
Unsurprisingly, mobile endpoint security is a priority for many UK (34%) and European (24%) organisations. This is in line with planned investments in corporate mobile devices by almost 40% of organisations in the UK and across Europe.
Some 37% of UK organisations and 30% of organisations across Europe also plan to implement a mobile or tablet bring your own device (BYOD) programme.
Similarly, 22% of European and 27% of UK organisations plan to invest inCloud security in 2016, as the number of companies switching to various cloud-based services continuing to grow. Some 23% of European companies and 29% of UK firms plan to invest in hybrid cloud and management infrastructure in the coming years.
IoT current infrastructure and its security levels
As internet of things (IoT) becomes more and more useful to consider in enterprise solutions, the focus on security around that area remains relatively low.
Therefore, there’s a huge potential to improve service to customers and gain greater insight into demand and trends. Here are three points to consider:
- Understand data collection compliance for each region and industry you serve
As you implement IoT strategies, it’s important to be aware that there are different data collection and compliance requirements by region and industry. If you serve international customers, it’s crucial to understand that data handling requirements in Europe are typically more stringent than in the U.S. and that American companies that handle data for European customers are subject to European guidelines. As I’ve mentioned before, enforcement of the EU General Data Protection Regulation coming effective May 2018 will cause all organisations that process the personally identifiable information of EU residents to abide by a number of provisions or face significant penalties. Of course industries like healthcare, telecomm, finance, and others have their own regulatory considerations.
To make sure your company is in compliance with the data handling requirements for your B2B customers, it’s a good idea to continuously conduct audits and evaluate the integrity of your information. For B2B companies especially, it’s crucial to generate regular reporting across all data systems, including accounts payable, customer service and everything in between. Ensure that your data is always accurate and indexed correctly so that you can efficiently monitor customer information.
2. Iterate evaluating new customer needs and continuously reinforce standards.
Whenever you bring a new customer onboard in the IoT era, the first step should be to evaluate their needs, recognising that every company is unique and will likely have specific requirements. Enquire about data privacy expectations and any special requirements they have, such as industry regulations, storage in a specific geographical area or private server storage. Once you’ve captured your new customer’s requirements, work with your IT team to make sure the customer’s data standards are met.
Simultaneously, you should make sure to have a solid process to continuously enforce these standards. It’s a wise idea to create data security documents to share with customers so that everyone is on the same page regarding the processes to keep data safe. It builds customer confidence when you share codes of conduct and perform frequent security evaluations, so create service level agreements (SLAs) to specifically define what customers will receive and within what timeframe. Strong security controls, data encryption, and tokenisation are also highly recommended to protect customer data.
3. Upgrade security technologies to protect sensitive data
To keep sensitive data away from unintended recipients, many companies are deploying Secure Sockets Layer (SSL) to create encrypted links between online servers and web browsers. The SSL migration is especially important since on-premise software installations are becoming less common as more people turn to cloud & subscription-based solutions. If you haven’t already implemented SSL, it’s advisable to do so.
Hacking also remains a serious problem, so companies are stepping up their security game in other ways to combat cyber theft and data loss. Two-factor identification is an increasingly popular option, with customers and users storing a mobile phone number or email address in their account and receiving a code to verify their identity when they attempt to log in online. This makes it much more difficult for hackers to access B2B accounts and steal data.
Sure, sometimes it becomes a burden adding an extra step to access documents / files. That’s why personally I particularly like the Google’s smart lock screen security options:
- On-body detection: On some devices, on-body detection will learn the pattern of your walk. If the accelerometer detects a walk that looks very different, it may lock your phone.
- Trusted places: you can choose trusted places, such as your home, to keep your phone unlocked whenever you’re there. Even more, your phone will detect places you spend much time and after classifying it as a pattern it will ask you to save such place as trusted one.
- Trusted face: You can have your device unlock when it recognises your face. After setting a trusted face, every time you turn on your device, it’ll search for your face and unlock if it recognises you, however personally I don’t use that option. I look much different before I drink my first coffee 🙂
- Trusted voice: When you say “OK Google” from a secure lock screen and the phone is able to recognise the sound of your voice, it will unlock automatically. (I am not sure if iOS has similar option).
Whether your organisation is ready or not, emerging IoT environment is set to change the way you and your customers interact, so it pays to prepare now. Complicating the issue is the fact that too many manufacturers are cutting corners to reduce the price of IoT-connected devices and making solid security a low priority — leaving users with buggy devices that can compromise other assets in the network. Instead of waiting for manufacturers to catch up with regulations, it’s a wise idea to self-impose greater security requirements to protect customers from unlikely events.
Setting right innovation strategy in place ahead of obligatory transformation times allows to consider many different customer scenarios and prepare for them. It also pays to be aware of how lax security can be on IoT devices and address that before sharing new data streams with B2B customers. By being aware of the many issues the IoT raises, one can position his/her company for success as the IoT continue to transform how enterprises do business.