BLOG

Governance, Risk Management, Compliance

DIGITIZATION: CYBERSECURITY AND DATA PRIVACY CONSIDERATIONS

Posted by Orla Veale on 17-06-2019
Digitization: Cybersecurity and Data Privacy Considerations.

Cybersecurity and data privacy are like two peas in a pod: by blending cybersecurity and data privacy into one ‘thing,’ regulations have determined that it’s no longer possible to have one without the other.

My own personal experiences of working within the area of digitization bear this out; on most of the projects I have been involved with, the issue of security and data is one I have always had to address: no matter what technology is being developed or implemented, the critical issue for every end user is always security and data privacy

Is the Cloud Really Secure?

With more and more software solution providers offering cloud storage as a benefit since it enables collaboration, always-on access to data and files, and remote working, more and more data is being stored ‘in the cloud,’ rather than on servers as was the case up until relatively recently. 

However, while many companies and individuals trust the cloud implicitly - i.e., they don’t question it from a security and privacy perspective - I would always recommend that  companies at every level should hire a data security consultant to carry out independent due diligence on the cloud platform in question, to ensure that data is 100% secure.  


What are the key pitfalls when engaging in a digitization process, and why is cybersecurity one area of focus?

Digitization is a great thing for modern businesses looking to keep up with best business practices, as well as keep moving forward in the name of progress.

However, that said, digitization is not without risk because with more digital footprint comes more potential attack surface: in other words, more apps, more cloud deployment, more users, and more data invariably increases the pressure on cybersecurity systems, which in turn increases the risk of cracks appearing in systems that are tested to their max.


Another key area to be aware of is the impact of new regulations: for example, the California Consumer Privacy Act (CCPA), which becomes effective in January 2020, is a bill that enhances privacy rights and consumer protection for residents of California, United States. It is inevitable that other States will follow suit so, while the regulations may differ, the sentiment will be very much along similar lines.

The equivalent of the CCPA in Europe is GDPR; this EU-enshrined regulation aims primarily to give control to individuals over their personal data, giving a lot more power to the consumer than ever before – and making businesses think differently about how they market and engage their audience.







What are the key principles of digitization?

1.Leadership
As with any business transformation project or process, leadership is required to embrace a ‘digital first’ mindset; by demonstrating a commitment to the digitization process, the rest of the team embraces the knowledge and opportunity that comes from digital technologies


2. Change Management Model

Change management involves dealing with people, processes, and culture: it is not something that can be done by one person but rather is a process that requires you to encourage everyone within the organization to come on the journey.  However, that said, change is something that happens over time: you can’t introduce new technology and expect instant adoption. Change inevitably brings resistance, fear, suspicion, and even sabotage, so it needs to be implemented and managed well.  


3. Capabilities

Every organization needs to assess its own capabilities when it comes to the digitization process: while larger companies may have the resources to develop bespoke solutions in-house, others will simply have to partner with existing vendors and adopt third-party systems.


4. Governance

Regardless of budget, industry type, or the systems that you have in place, every business must comply with current regulation in relation to governance; however, this is not just a box ticking exercise and means developing (and living out) a policy around Corporate Social Responsibility and contributing positively to the community and environment in which you operate.


5. Security

The final principle of digitization – security – is critical to the success of any business, and refers to data, facilities, and infrastructure. Ensuring the security of physical systems, as well as confidential data, is no longer optional for any business; compromising on these can result in huge reputational damage.


And what are the key pitfalls?

If Cybersecurity and Data Privacy is not a priority, the fallout can be catastrophic and can result in one or all of the following:
 
  • Cyber Attacks
  • Data Breaches
  • Data Vulnerabilities
  • Regulations Fines
  • Reputational Damage 

Five best practices to make sure a digitization project is implemented securely from a cyber perspective:
 
  1. Involve certified data protection and cybersecurity professionals as early as possible in the project.  
  2. Evaluate vendors and third-party providers within their facilities and their solutions. 
  3. Ensure that all cybersecurity and data privacy issues have been addressed, and subsequently educate and reassure the organization’s leaders that this is the case.
  4. Provide ongoing training for employees to keep them abreast of threats and potential attacks. 
  5. Ensure all new technologies implemented by the company are included in the existing cybersecurity and data privacy program and updated regularly. 


What does the Future of Digitization look like?

Companies that operate in a secure environment - and demonstrate a willingness to go beyond the required legal, regulatory requirements - will be the winners when it comes to attracting new customers, as well as retaining existing ones.  

The reason for this is simple: people and businesses want to know that their accounts, their data, and their reputation are protected at all times; any security breach that breaches trust, will ensure that customers move to a different provider who can give them the peace of mind they need.

The future of digitization will be an ongoing undertaking for businesses due to ever-evolving technologies. However, regardless of the technology advancements, security will always need to be at the forefront of change to safeguard the data of individuals.    


The increasing impact of women on this Industry

As with all areas of the ICT and tech sector, women are highly underrepresented within the cybersecurity industry.

However, just as cybersecurity itself has, through education and awareness, become widely recognized and accepted as a fundamental business function, the same criteria must be applied to increase the number of women – and therefore, their overall impact – working within this industry.

The fact is, for women who already have a tech background - or are perhaps already working in a role within the tech sector - there is no reason why that they shouldn’t be looking to advance their career within the fast-growing area of cybersecurity.

There is, however, quite clearly a need to actively present this industry to women as one that’s filled with rich opportunities; just as in politics, and other areas of civic life, there is a need to actively drive awareness of this industry to women through dedicated awareness programs, in order to encourage them in the field.

Can it be done? Of course, it can: it won’t happen overnight but taking small steps to increase awareness will help to gradually encourage women to consider cybersecurity as a career option – and normalize the industry from a gender balance perspective.

About Cathy C.Smith 
Cathy C. Smith, CEO of Chameleon Consulting, is a Digital Business Transformation Advisor, Author, and Founder of Women in Tech NJ & NY. She advises Executives, Board of Directors, Management Consulting Firms, and Professionals on digital strategies to succeed in the digital economy. She shares best practices in her recently published book titled “How to Become a Digital Leader: A Roadmap to Success.” She invites readers to follow her on Twitter at @CathyCSmith and visit her website at www.chameleonconsultingllc.com.






 

VigiOne:

One GRC Solution, One Platform, Multiple Regulations & Standards 

Now you can get VigiTrust's award-winning products in one straightforward GRC suite. VigiOne helps you: 

  • Prepare
  • Validate
  • Comply

Across multiple regulations and standards, including:

  • PCI DSS
  • GDPR
  • HIPAA
  • ISO 27001