More than 554 million data records were stolen during the first half of 2016, a 31% increase from the previous six months – and that was just from the enterprises that reported their breaches. Unfortunately, many organisations that experienced a breach during that time either did not know they had been targeted or failed to disclose the attack to regulators and the public.
This suggests that the statistic of 35 records being compromised every second is quite conservative and that the damage could be far greater than anticipated.
Raising data privacy awareness
Every year, on 28 January, the world recognises Data Privacy Day, which aims to raise awareness and promote privacy and data protection best practices. Under the theme of respecting privacy, safeguarding data and enabling trust, stakeholders use the day to encourage enterprises to comply with privacy laws and regulations. They also urge the public to consider how much of their personal information is freely available and how much access they grant to things like social media platforms and smartphone applications.
But is it enough to only have these conversations once a year, especially when identity theft was the most prevalent type of breach in the first half of 2016?
In a mobile-first, cloud-first world, data protection is a complex problem for enterprises because data no longer only resides within the network perimeter. An increase in employee-owned devices in the workplace brings an increased risk of data leakage through apps and services like email, social media and public cloud – all of which are outside of the organisation's control.
Added to this challenge is the tendency of end-users to become less and less security conscious, the more hyper-connected the world becomes.
Privacy versus convenience
There's no doubt that the Internet of Things and the requisite data collection and analytics makes our lives easier and enables us to be more productive. However, this is potentially at the expense of our privacy – and yet we seem fine with it.
We blindly accept permissions when installing new apps on our smartphones, without questioning why, for example, a gaming application requires access to the phone's camera and microphone. We accept the terms and conditions of social media usage without understanding what permissions we're signing over. When we're that nonchalant about our personal information, would we behave any differently when handling business information? Not likely.
The problem is that employees use these same devices to share and access business information. In fact, 87% of senior managers admit to regularly uploading work files to a personal email or cloud account and 58% have accidentally sent sensitive information to the wrong person. When security is not your employees' primary concern, the onus falls on the organisation to ensure that data is protected at the source.
Privacy, collaboration and the employee experience
Effective collaboration within enterprises means that you need to be able to share information with colleagues and allow for mobility. Staff increasingly demand the ability to be able to work from anywhere and on any device.
When information travels beyond the boundaries of the corporate network and across devices and removable storage outside of the company's control, it becomes even more crucial to have solutions in place that prevent data loss.
But simply controlling who has access to corporate information does not guarantee that the data will remain within the enterprise. It's still too easy to copy data onto removable storage devices or to paste it into a shadow IT application. Data loss prevention systems and information rights management systems are also flawed.
In our hyper connected world, it's important to find a balance between the convenience of constantly being connected, and the value of privacy and having control of our data.
*Amr Kamel, Microsoft GM in the West, East, Central Africa & Indian Ocean Islands.