This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, NinjaOne SVP of Product Management Rahul Hirani offers a look at foundational data protection principles you need to know.
Data security is crucial in today’s competitive business landscape. Companies can’t survive without it. According to a widely reported stat from the University of Texas, a whopping “94 percent of companies suffering from a catastrophic data loss do not survive – 43 percent never reopen and 51 percent close within two years.”
It’s clear that when valuable, sensitive, or private information is compromised, it can have catastrophic consequences – no matter if it’s due to a cybersecurity incident, device malfunction, natural disaster, or even human error. So, what steps should you take to protect this vital asset?
Let’s dive into two parts of the equation: how can we prevent data loss and, in the unfortunate case of data loss, how can we ensure the company is protected by limiting downtime and ensuring business continuity?
Fundamental Data Protection Principles
At its core, modern data protection focuses on three areas:
Data Security and Breach Protection
The threat of cybersecurity incidents, including ransomware, is rising for companies of all sizes. One breach can result in hefty fines, loss of customer trust, and debilitating downtime. Unfortunately, there is no way to ensure 100 percent protection, but every company must have a proactive cybersecurity plan to protect the data in its possession as best as possible. A comprehensive program includes everything from requiring strong passwords and multi-factor authorization to having the right technology, such as EDR (endpoint detection and response) software, in place.
Data backup and recovery come into play when data has been lost or corrupted. It can help ensure that data is never truly lost, but only if backups are in place before an incident occurs. And it’s not a one-size-fits-all approach. The type of data, type of backup (full, incremental, differential), frequency of backup, length and amount of data retained, and the recovery process must be considered to ensure that the correct methods are used and the right options are available.
All data that a company collects and stores (including proprietary data and customers’ personally identifiable information) must be protected from unauthorized users – internal and external. Keeping data protected can be achieved through features such as encryption and role-based access control.
Data Protection Principles: Taking a Proactive Approach
Beyond complying with industry standards and government regulations, organizations must look at modern data protection methods to meet the challenges of an evolving cyber threat landscape and an increasingly connected world. This means prioritizing:
- Flexibility: The rise in remote work means employees are often not working from the same location. With cloud-based backup solutions, businesses can ensure their data is accessible and restorable from anywhere in the world with an internet connection.
- Automation: Automating tasks such as installing patches and managing backups reduces the risk of human error and allows IT to focus on more strategic initiatives.
- Resilience: Preparation is key. IT teams should have a security plan in place and continuously check to ensure everything is working as it should. For example, tabletop exercises can help uncover weaknesses and plan better for the worst-case scenario.
Government Regulations: A Good Place to Start
Data protection privacy and best practices are evolving quickly. Government and industry regulations often take time to catch up to the most modern threats and risks, but they do provide a good place to start. Make it a habit of reviewing regulations regularly – not complying with regulations in all countries you do business in can lead to a hefty fine.
In the U.S. and Canada, for example, various complex federal and state/provincial laws regulate the collection, processing, disclosure, and security of personal data. The decentralized nature of data protection laws means companies may have to ensure they are meeting the standards of multiple laws. Here are just a few examples of the data protection laws currently in place in the US:
- HIPAA (The Health Insurance Portability and Accountability)
- FCRA (The Fair Credit Reporting Act), and TCPA (Telephone Consumer Protection Act)
Data protection laws in Canada are similar to those in the US. The European Union does things a bit differently. In 2018, the GDPR (General Data Protection Regulation) went into effect in the European Union. It’s the most comprehensive data protection law in the world and pacts any business that trades with the EU and is designed to protect citizens’ data and give them autonomy over how it is used and accessed.
It includes seven fundamental principles: purpose limitation, accuracy, data minimization, storage limitations, integrity and confidentiality, lawfulness, fairness and transparency, and accountability. GDPR specifically addresses data loss with some of the principles mentioned above, including requiring organizations to only retain data they need and to delete it once it has met its purpose.
Every organization must commit to protecting the data of its users, customers, and stakeholders. The livelihood of a company is at stake. While data protection and privacy efforts can seem overwhelming at first, they can be accomplished with the right team and technology. Remember, you have the power to protect against data loss and keep your business focused on its mission.
- Fundamental Data Protection Principles You Need to Know - October 7, 2022