Authored by: David Chan, Managing Director, AdNovum Singapore
In today’s digital economy, data has become one of the most precious commodities for businesses. It is the foundation of intelligence that guides mission-critical business decisions. Given the value of data, which can be monetisable by its sale on the dark web or direct use in fraud, it is therefore no surprise that cybercriminals are drawn to it like moths to a flame.
In April 2021, the details of more than 500 million users of a social networking platform were published online on an underground website used by cybercriminals. A week following that, a local security firm also reported that about 62,000 e-mails from the public, businesses and their customers, some of which contains sensitive personal identification information, may have been accessed by cybercriminals. The increased frequency and severity of such data breaches have made consumers more wary about the security of their data.
With the rising threat of data breaches in the world today, the approach to cybersecurity has shifted. While data management remains a cornerstone for enterprise cybersecurity defence, organisations are increasingly viewing it as a strategic function and source of competitive advantage. Managing cybersecurity well can deliver immense business value to the entire organisation, both externally and internally.
The business case for data management
According to PwC, close to nine in 10 (87 per cent) consumers would take their business elsewhere if they don’t trust that a company is handling their data responsibly. A huge part of responsible data usage is governance. With the right data governance policies in place, organisations can avoid introducing data errors into their systems and prevent potential misuse of personal data, striking a balance between data collection practices and privacy mandates. Communicating a strong commitment to protecting and using consumer data responsibly can help build brand trust and loyalty and lead to new businesses further down the road.
Having strong data management policies can also help drive a competitive advantage for the business. At the heart of every organisation lies their Intellectual Property (IP). It’s what gives them their competitive edge. Having impenetrable data protection measures prevents the theft of this valuable information, allowing organisations to stay ahead of the pack.
At the same time, the importance of data in business has increased exponentially. Organisations rely on data to shape business strategies around product development, customer service and efficiency. With clean, untampered, and secure data, they can be assured that accurate insights are harnessed to make such decisions, resulting in greater innovation and results.
On a talent acquisition front too, organisations that demonstrate their commitment to managing data in a responsible manner will be able to position themselves as an ethical and people-first business. This perception not only attracts new customers but also allows organisations to find and acquire talent that can help them thrive in the new normal.
Best practices to a well-rounded data management strategy
Today, all personal data is tightly governed and subject to privacy regulations. Some such pieces of regulation include the European Union’s General Data Protection Regulation (GDPR), which affects any organisation doing business in the EU, and the Personal Data Protection Act (PDPA) in Singapore. The onus is on businesses to ensure the security of both hardware and software used to collect and store this data and demonstrate that they have a sound data management strategy.
Aside from implementing data governance policies, data backup and protection measures will serve as a safety net for organisations to prevent or mitigate the impact of breaches. The first step is to understand the kind of sensitive data that requires protecting, where it resides, and how it is being used. Data discovery solutions are incredibly helpful in pinpointing where files are at any given point in time. Data classification solutions then come in to inform how these data should be treated and protected, the policies required to be placed around it, and guide the prioritisation of risk mitigation activities. Such solutions also help segment and manage the different types of data, enabling organisations to implement the controls required to achieve compliance.
Once total visibility and control of data are achieved, the next step is to review the organisation’s data protection strategies. Legacy on-premise solutions are often siloed and provide minimal insight to key decision-makers. When breaches occur, every second counts and security teams need to be activated immediately to mitigate the issue. Modernising data protection through cloud can provide real-time visibility into the health of the organisation’s networks and kick in the necessary cybersecurity measures when required.
It goes without saying that while cloud services may bring a host of functionalities and convenience to cater to the evolving needs of businesses, it also creates additional points of entry for hackers to target. Businesses need to consider encrypting their data to prevent interception and exploitation by cybercriminals.
In accordance to GDPR and PDPA guidelines, organisations also need to take special care to only collect the bare minimum data required to provide the agreed-upon services to their customers. Data protection measures need to be the default settings and consumers should not have to opt-in for their personal data to be protected. Security needs to be baked into every stage – from the point where data is collected until it is purged from the system.
Finally, when it comes to data backups, it’s better to be safe than sorry. Organisations need to adopt the 3-2-1 data backup rule – to keep at least three copies of data, store two backup copies on different devices or storage media, and have at least one copy offsite. Having multiple copies and different locations protects organisations from losing primary data entirely in the event of a breach.
Preparing for the inevitable
As the adage goes, prevention is better than cure, and the same rings true in the context of cybersecurity. Ultimately, organisations that demonstrate the extra precautions they have put in place and communicating a commitment to protect customer data will be able to win consumer trust, foster innovation of new services and products, and build a reputation of being a socially responsible corporate citizen.