As a service provider, your security and data privacy strategies are not something that you can just set and forget. Every day, we discover new cyberattacks that threaten businesses. Additionally, more people are growing concerned about how their personal data is collected and used by the businesses they interact with, and rightfully so.
As the tech landscape continues to change, there’s no time to stay complacent. Here are some of the major shifts on the horizon that you’ll want to prepare for now.
The Dangers of Working in Public
Since the first days and weeks of the COVID-19 pandemic, we’ve seen new security and privacy risks pop up as employees rapidly shifted to working from home. But as the distribution of vaccines allows restrictions to be eased, we will face the challenges that come with yet another shift in how and where employees work.
While some workers may return to the office, many companies have chosen to adopt more flexible policies that allow for the continuation of remote work beyond the end of the pandemic and into the future. For remote workers who prefer not to work at home, public spaces like coffee shops, co-working spaces, and libraries may become attractive destinations to get work done, especially as the capacity of these places return to normal.
Unfortunately, public spaces are an excellent place for cybercriminals to set up shop as well. If employees are connecting to public Wi-Fi networks on their work devices (or even their personal devices), they’re exposing themselves and their organization to a number of serious security threats.
Attackers often set up their own Wi-Fi networks and name them in a way that will trick people into connecting to them, something as simple as “Free_Wi-Fi” or maybe involving the name of the business like “Joe’s Coffee Shop-Guest.” If you connect to one of their networks, the attacker can gain access to everything on your device — all your data, passwords, and personal information. They can also distribute malware to your device.
Even when using a legitimate public network, attackers can execute a man-in-the-middle attack, positioning themselves between you and the connection point and intercepting your data along the way. Through special software kits (which can be easily purchased by just about anyone online), they can also eavesdrop on Wi-Fi signals to see everything you’re doing online.
For these reasons and more, it’s important to have solutions like virtual private networks (VPNs) that allow remote workers to connect to a secure network wherever they are. It also helps to have a proper multi-layered security stack with solutions that can detect and remediate the threats posed by public Wi-Fi. Most importantly, clients and users need additional training to understand the risks of working in public and how to avoid them.
Compliance with New Privacy Laws
In the past few years, lawmakers around the world have started to introduce stricter regulations around data privacy aimed at governing how private businesses collect and use data, as well as how they inform users about those practices.
These laws come as a response to the public’s growing concern over privacy and personal data, especially with the constant news of large-scale data breaches wherein consumers are having their personal information stolen and published online.
In 2018, the European Union implemented the General Data Protection Regulation (GDPR). This law – which is dozens of pages long – is considered to be the strongest data privacy and security law in the world. At its core, the GDPR lays out seven data protection principles that must be followed by all organizations that process data of EU citizens. They are:
– Lawfulness, fairness and transparency: Processing must be lawful, fair, and transparent to the data subject.
– Purpose limitation: You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
– Data minimization: You should collect and process only as much data as absolutely necessary for the purposes specified.
– Accuracy: You must keep personal data accurate and up to date.
– Storage limitation: You may only store personally identifying data for as long as necessary for the specified purpose.
– Integrity and confidentiality: Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
– Accountability: The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
For partners that process the data of any EU citizen (even if that citizen is working outside of the EU), compliance with GDPR is required and failure to comply can result in steep fines or litigation. That means even companies that only operate in the U.S. or Canada must be careful about complying with GDPR. Maintaining all of the principles of the regulation can be intimidating and may require specific resources and personnel dedicated solely to the topic.
As the conversation around privacy continues, service providers can expect laws like the GDPR to become more common around the world and will want to take steps now to move towards compliance. Already, countries like Australia, Brazil, India, and more have adopted laws modeled directly after GDPR. Some countries have similar data privacy laws that actually predate GDPR, such as South Korea which has had GDPR-like regulations since 2011.
Also in 2018, the state of California passed the California Consumer Privacy Act (CCPA), which is considered to be the most restrictive of all U.S. State privacy laws currently on the books. CCPA went into effect in the state in January 2020.
The law gives all California residents the right to know about what personal information is being collected by a business, the right to have that information deleted (with exceptions), the right to opt out of the sale of personal information, and the right to non-discrimination for exercising CCPA rights. Under certain circumstances, the law also allows private citizens who have had their personal information exposed in a data breach to sue the business that collected the data for failing to maintain reasonable security procedures.
Though the CCPA only applies to organizations that do business in Californian and meet certain criteria, many other states are moving towards adopting similar regulations soon. For partners in the U.S., staying compliant with the current laws of all states that you operate in is obviously required. But to future-proof your compliance efforts, it would be beneficial to also comply with the CCPA as if it was standard, whether you operate in California or not. This can help ensure that you’re meeting the highest standards of data protection.
Take It from Us
At Pax8, we practice what we preach. That’s why we voluntarily comply with the strictest data privacy laws we can find, including CCPA and GDPR. It’s important for our partners to not just know about these regulations, but to also know that their distributor is doing their part to protect and properly maintain data.
It’s also why our employees are required to undergo the same end user training that we recommend for both partners and clients. We know that security starts with the end user, and our company is no exception.
To ensure that the solutions we offer also live up to the high security standards we hold, Pax8 also performs risk analysis on every new vendor as part of our 150+ step vetting process. We don’t make a solution available until it passes our criteria for security and privacy compliance.
Pax8 Can Help
Whether you need to discuss your data privacy compliance strategy with an expert or need to find the right security solutions to keep your clients’ remote workers safe, Pax8 is here to help.
We’re always creating more content to help you on your cloud journey, from our in-depth guides and informative blog articles, to our vendor-specific resources and more. Pax8 is your place to learn about the ins and outs of IT solutions, as well as industry trends, business management advice, and everything else that’s going on in the world of security and beyond.
Our lineup of best-in-class security vendors provides you with the perfect solutions for every piece of your security blueprint. With a large catalog of options to choose from, you can find the solutions that will work together to create the ideal multi-layer security stack.
Our expert Security Solution Consultants are available to help guide you through the stack building process with expertise on all vendors and solutions. They can discuss your specific needs to provide the solutions that offer the most for you and your clients.
And for any other question or concern you may have around security, our team is always willing to hop on a call and get you what you need to succeed.