Whether it is everyday tasks or business operations, sensitive data is being increasingly stored online. While that has improved many processes, it has also made us vulnerable to data breaches. In fact, various reports have shown that data breaches have been increasing every year across the globe. Consequently, it has become crucial for organisations to ensure that their IT security infrastructure and protocols are robust enough to protect their data.
In Singapore alone, there have been several high-profile data breaches. Lazada for instance, suffered a breach that compromised 1.1 million personal records and Grab has already faced its fourth privacy breach. Data breaches have serious consequences. When confidential data such as user records, business secrets, and intellectual property are stolen, companies not only suffer financial loss but also lose the trust of their valued customers. As such, data privacy is a key issue that individuals, businesses, and governments alike have to treat seriously. That’s why Data Privacy Day is held every year on 28th January to inspire dialogue on the importance of data protection. More importantly, many countries are beginning to codify data privacy and security into their laws - with the European Union’s General Data Protection Regulation (GDPR) and Singapore’s Personal Data Protection Act (PDPA) being prominent examples.
As such, here are 3 ways organisations can improve their data protection and information security
1. Build a data-centric security strategy
Gone are the days where only computers held sensitive information and a strong firewall was enough to provide cybersecurity. With Bluetooth, the Internet of Things (IoT), and cloud computing, employees can access information from anywhere and from different mobile devices. While that has enabled greater business efficiency, it has also introduced weak points through which data breaches can occur. This can range from employees using an insecure Wi-Fi connection to accidentally downloading a file that contains a ransomware virus.
To prevent such data breaches from happening, companies will need to take a data-centric approach to their IT security. Utilising Data Discovery and Classification (DDNC), the company can determine what kind of data they have, its value to business operations, where it is usually stored, and how it is accessed. Using an encryption system is the typical cybersecurity solution for such an approach as it ensures that data is protected at every step of the way - from migration to storage.
2. Ensure multi-factor authentication where possible
A number of high-profile data breaches have resulted in the theft of user passwords and the misuse of their accounts. As a result, passwords are no longer adequate for both user authentication and data protection. Instead, organisations should consider introducing multi-factor authentication for database access, which adds several layers of protection. This can take many forms, such as sending a one-time password (OTP) via SMS or generating codes with a separate authenticator programme.
Continuous authentication is another form of identity access management that organisations can consider as it can verify the user’s identity at various data points. As such, even when access is being granted from multiple sources, organisations can remain assured that unauthorised access will be prevented thanks to multi-factor authentication.
3. Reduce/remove redundant data
Did you know that the volume of data doubles in size every two years? With the amount of data projected to reach 175 zettabytes (1 zettabyte is equal to 1 billion terabytes) in 2025, it is no surprise that organisations may often forget about redundant data in their databases. Nevertheless, for industries that deal with sensitive information such as healthcare, public services, and banks, even redundant data can be stolen and used against them.
Subsequently, organisations should focus on utilise information disposal software that prevents data manipulation or renders redundant data entirely unreadable. DDNC would be ideal in helping stakeholders identify what data to dispose and what to store and leverage for future use.
Ensuring Data Protection In A Digital World
Data privacy and information security are two facets in which companies must spend time and resources if they want to succeed in today's digital world. The above 3 ways are just the fundamentals in maintaining a secure IT infrastructure and organisations will need to do more in order to meet the challenges of the changing cybersecurity landscape.
At Adnovum, we believe that it is our responsibility and duty to help our customers protect their data as best as possible. With the help of our highly experienced IT security consultants, organisations can move onto the next level of ensuring data security.
Contact us today to find out more.