12 Dec 3 Big Data Security and Compliance Issues to Watch for in 2018
The holidays are a time for reflection – to look back on past successes and failures, identify opportunities for change and plan for the future. Over the past several years, those failures could be readily described as data security-related for many organizations. Cybersecurity made headlines across the world, with incidents like WannaCry, Petya and the Equifax breach causing waves and fomenting fear and uncertainty in just about every industry.
To avoid making next year a repeat of 2017, compliance and security officers, IT teams and business leaders all need to work together to create a comprehensive data security plan. This is especially true for organizations that continue to pursue big data analytics projects. Accessing and storing that much information can put businesses at risk for costly breaches and even more expensive compliance issues.
As your 2018 cybersecurity plan begins to materialize, be sure to keep these three data security and compliance issues in mind:
1. GDPR looms near
The impending launch of the General Data Protection Regulation hopefully does not come as a surprise to anyone. The European Union’s detailed set of guidelines will significantly change the way businesses access, utilize and store consumer data when it goes into effect on May 25, 2018. Ideally, compliance preparations should be well underway, if not in the final stages, but there’s still time to update policies accordingly.
Companies with big data marketing campaigns could be hit hardest by GDPR.
GDPR is more than a European concern
There are some important things to keep in mind when reviewing GDPR responsibilities and determining what exactly is covered and who is affected. For one, GDPR is not solely targeted at European companies. Any business that sells to or otherwise engages with European residents must adhere to GDPR, no exceptions. In fact, some companies have already assessed the challenges to becoming compliant and determined that it’s better to simply remove themselves from the equation altogether. A 2017 PricewaterhouseCoopers survey revealed that 26 percent of U.S.-based respondents planned to pull out of the European market in response to GDPR’s pending launch. Meanwhile, nearly one-third of U.S. corporations will reduce their presence in Europe to minimize their risk of violation.
GDPR explicitly defines consumer consent
Companies with extensive big data-based marketing and customer engagement campaigns could be hit hardest by GDPR. Some of the biggest changes contained within GDPR relate to consumer consent. In the past, businesses could collect customer data very quickly and almost indiscriminately. Pre-checked consent forms, ambiguous terms of agreement and unclear project goals were the order of the day. That’s all going to change under GDPR, though.
Consent forms will need to explicitly lay out what information is being collected and for what purpose. Marketers won’t be able to grab a bunch of consumer data with the intent of maybe using it at some later date. Furthermore, customers need to be given every opportunity to opt out of these projects. That means prominently featured check boxes with detailed explanations of what exactly the customer is agreeing to.
Erasing data on demand
Just because a customer agrees to your terms today, doesn’t mean they won’t have second thoughts later on. Under GDPR, if an individual requests that they be removed from these data-collection projects and that their personal information be erased from any databases, the business must comply in a timely matter. The “right to be forgotten” is a focal point for GDPR, and companies need to be prepared to meet those demands.
There’s also the matter of what to do with all of that existing consumer data collected before the days of GDPR. It’s important to note that nothing will be grandfathered in, meaning businesses will need to obtain consent for any customer data they already have, or remove it from their databases.
Businesses will need to be able to erase customer data from any database upon request under GDPR.
2. IoT creates new vulnerabilities
The Internet of Things represents a fantastic opportunity for businesses to drive targeted customer engagement efforts. With connected devices generating massive amounts of data, companies have more information to work with when creating big data initiatives. Smart thermostats, virtual assistants and smart cars, among many other IoT devices, can all provide insight into customer behavior and preferences. This information will be invaluable to creating more personalized brand interactions and cultivating stronger customer loyalty down the road.
However, the IoT presents a fair amount of risk as well. Any new connected device on a network could be a potential vulnerability. Take, for instance, the 2016 Dyn breach that temporarily brought pockets of the internet to a standstill. The culprits were able to compromise IP-enabled security cameras and other IoT devices, creating a massive botnet that overwhelmed one of the world’s leading internet infrastructure companies. As a result, popular sites and platforms such as Reddit, Netflix, Amazon and Twitter experienced performance issues and were unavailable to large swathes of users.
Certainly, the IoT isn’t going anywhere any time soon, and marketers will find plenty of opportunities to leverage this technology for stronger brand engagement. Businesses need to consider the risks inherent to adding new devices to their networks, though, and plan accordingly.
3. Ransomware isn’t slowing down
2017 was truly the year of ransomware. From WannaCry to Petya, ransomware threats wreaked havoc across the globe, encrypting data, locking users out of their machines and demanding exorbitant amounts of money to return compromised assets. Given how successful these tactics have been over the past year, there’s no reason to think cybercriminals are going to suddenly shift gears. Until the cybersecurity community can consistently ward off ransomware attacks, data thieves will continue to leverage these strategies and target businesses both large and small.
There are several steps companies can take to protect themselves against ransomware attacks. For one, diligently update systems with security patches as soon as they become available to close up any potential vulnerabilities cybercriminals may attempt to exploit.
Second, assume that this sort of breach will occur at some point and prepare for that inevitability. For example, back up all of your critical data, applications, platforms and systems so nothing will actually be lost in the event of a ransomware attack. It takes a lot of the bite out of a ransom demand when you have multiple backups of the encrypted data readily available.
A comprehensive approach to data security will put you in the best position to ward off any breach or network intrusion and steadfastly protect your sensitive data. The threat landscape is always evolving, but as long as your company adheres to big data security best practices, you can rest easy.