Can you name any physical asset at your business that doesn’t take a lot of effort to protect? For equipment, you plan for regular maintenance and replacement. For staff, you fund training and learning opportunities. You insure physical property. You protect financial assets like the cash and credit that your business needs to operate.
If you don’t yet view your company’s data as an asset that needs to be protected, it’s time to start. Establishing data protection standards, which are already regulated in some countries, should be a routine process for safeguarding your data.
For companies that operate in, or have interactions with, the European Union (EU), data protection standards are already required. The General Data Protection Regulation (GDPR) went into effect in May 2018. This law requires the protection and privacy of personally identifiable information for EU citizens and residents. Even companies located outside of the EU must comply with the regulation if they possess or gather personal information from people in this region.
Rather than comply with these regulations, some companies outside the EU chose to restrict or block access to IP addresses from the region. This response is shortsighted. Widely publicized data breaches have made consumers far more aware of how vulnerable their personal data can be and how little the organizations they interact with have done to protect it. The GDPR will not be the last attempt at enforcing data protection standards. Businesses operate in a borderless economy, and data protection standards must become borderless as well.
The goal of data protection has accelerated cybersecurity efforts within organizations. Businesses have been motivated by watching competitors and big-name targets suffer breaches and take hits to both their finances and their reputations. In recent years, high-profile and costly breaches have raised the bar for security and data privacy.
A business’s reputation can rise and fall based on its customers’ opinions. Consumers want assurance that the organizations they share data with will value and protect that information. It may not surprise you to learn that consumers are far more concerned about this than businesses are. A 2017 study commissioned by Centrify found that 80 percent of consumers think organizations have a responsibility to take reasonable steps to secure their personal information. Yet, according to the study, only 65 percent of CMOs and 64 percent of IT professionals agree. The same survey found that 70 percent of consumers believe organizations are obligated to control access to their information—but less than half of CMOs and IT security practitioners think so.
Businesses must change their thinking. Failing to protect vulnerable data risks your reputation, and the goodwill and trust of your customers. Instead of viewing it as a hassle, organizations should see standards being enforced as an opportunity to increase security and deliver on consumer expectations.
The EU may be the vanguard for data protection right now, but it seems likely that similar standards will one day be globally applied. Even if your organization is not legally compelled to follow data regulations, there are still a number of steps a business should take to increase the protection of the data it controls.
Download this white paper to better understand the many benefits of improved data security and protection.