Businesses have never been so accountable for the use, storage and handling of data. As highlighted by the Cambridge Analytica scandal abuse data, there is a strong focus on data privacy, data security and the responsibility of protecting one's digital identity.
This is according to Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa.
And now with GDPR in force and PoPIA compliance looming, there is even more demand from both consumers and businesses to manage personal data with the sensitivity and respect that it is entitled to.
It's a complex process to fully understand exactly what data you have, where it is stored – and then find the best security systems to protect it. In a cloud-first, mobile-centric environment, businesses require a flexible and adaptive approach – fixed perimeter security no longer works.
This adaptive approach also needs to cover threats from a range of different sources. It's not enough to worry about external threats – you need to protect data from all sides and as cybercriminals continue to adapt to security techniques, you should consider that the threat could come from within your organization.
Even with all your perimeter defenses, the enemy could still have access to the place where compromise is easiest and where it matters most: inside the network.
Threats from within a network, however, are driven by a variety of different intentions: there could be an external attacker that compromised the security of the enterprise, who is lurking and operating within your network using authorized credentials, or someone who's actually allowed to be inside your network but with malicious intent. Or it could be an authorized user making a simple mistake.
Mitigating these types of threats is difficult but one way to do it is to introduce carefully crafted workplace monitoring programs. These are built to keep your data safe, but must be introduced transparently.
It is critical that employees fully understand and are aware of how the program works. Balancing human behaviour against behavioral analytics is a complex process but, as we will discuss below, its long-term benefits are key for both the organization and the employee.
Educate, trust, inspire
Cybersecurity vendors, privacy groups and businesses themselves have a great opportunity to educate consumers and employees about the role they play in protecting their data and what could happen if individuals with malicious intent manage to take hold of their information.
But, what does this education look like? In order to make a real difference, any educational tools need to engage, inspire and be ingrained in a company's culture, going beyond just basic instructions.
Thankfully, workplace safety culture has evolved from long-lasting dry health and safety videos of the past. Here at Forcepoint, we're working with Ataata for our internal cybersecurity training. These humorous videos are cut through the security inertia which can be set in if employees are required to click through the screen after screening of training information.
By prioritizing educating individuals on the impact of their behavior and inspiring them to think carefully about their behaviors, rhythms and patterns of data movements, employers and their staff can become stewards of their own data, entering into a partnership and helping to mitigate increasing risk of threats.
Workplace monitoring is a phrase that instantly drives fear into the hearts of many employees. However, in the wake of recent high profile cyber breaches from the likes of Liberty, it is important that businesses have the processes and solutions in place not only to protect their customers, but also their employees and their brand as a whole.
This is where workplace monitoring can play a key role – not as a threat to privacy, but a force of good in the fight for data protection. While the vast majority of employees want to do the right thing and have the best interests of their co-workers at heart, it has become painfully evident that traditional security tools are failing to provide contextual information about malicious attackers – the "why" behind the what.
Without this context, incidents can not be properly examined and dealt with. In an era where breaches are common and data is the new currency, both companies and employees can derive real benefit by understanding who is accessing data and whether that behavior is putting the data at risk.
Whether it's a successful identification of a malicious user or protecting an employee's own ID and reputation, workplace monitoring is here to stay and a vital tool for cybersecurity professionals.
There is no denying that people's attitudes and understanding of data privacy, cybersecurity and data protection are evolving and changing at rapid pace.
While cybercriminals will inevitably find stealing data far more difficult, the threat remains. It would be naive to think that hackers will not evolve, and become adept at thwarting the current security protections.
Forcepoint believes that by adopting a risk-adaptive model coupled with a human-centered approach to cybersecurity, businesses will be better able to defend against any potential threat. By focusing on the human, we can deliver individualized cybersecurity that is adaptive based on behaviours. Furthermore, with a better understanding of each person's intent, we can give the necessary context to make informed decisions and improve the effectiveness of the protective solutions.
With these right processes in place and a culture of trust and transparency, companies can ensure that people take real ownership of their data and play an active role in protecting their digital selves.
In doing so, we are on the way to becoming stewards of our own data and fundamentally becoming responsible for our own digital footprint. Only then will be able to build a culture where breaches are a rarity – not regularity.