- Too much data
- Data privacy risks
- Ransomware attacks
- Data loss prevention
- Access and authorization
- Human error
- AI and generative AI threats
- Secure cloud data
Richards shares 5 ways on to How to prevent data protection challenges:
Encryption. “Even if data is leaked or stolen, encryption can prevent it from being read. Symmetric (AES) and asymmetric (RSA, ECC) encryption algorithms can protect data at rest and in transit, such as communications over the internet. Effective encryption depends on proper implementation and secure key storage. Homomorphic encryption enables mathematical operations like addition and multiplication on encrypted data (ciphertext). When decrypted, the results match those of unencrypted text. Quantum encryption is designed to protect public and private keys against the mathematical computing power of Quantum computers.”
Multifactor authentication. “MFA requires two or more verifiable factors to achieve authentication. It’s based on information the user knows (static password, PIN), something the user has (one-time password token, digital certificates) or something physical about the user (biometrics like fingerprints or facial recognition). Companies should require MFA for external use of applications and remote network access.”
Greater network visibility. “Logging systems can help to establish a baseline of enterprise activity to identify anomalies in network traffic or user behavior. But IP addresses and device identifiers (media access control) can identify users for data that has been anonymized, raising privacy concerns. A continuous monitoring strategy uses tools and processes to implement and monitor security controls in compliance with the NIST SP 800-53 Cybersecurity Framework, which can help ensure compliance with GDPR, HIPAA and other data protection regulations.”
Generative AI policies. “Organizational teams that include data protection officers are developing companywide policies for generative AI. The policies should outline social media and personal device use, such as bring your own AI like ChatGPT or Gemini. From there, companies are branching out, Shey said, reviewing licensing agreements and contracts to account for these changes and updating acceptable use, privacy and data retention policies.”
Voluntary frameworks. “Global companies can work toward implementing information security management systems that meet ISO/IEC 27001 certification guidelines, which are designed to protect data stored electronically, physical copies and third-party suppliers and are based on confidentiality, integrity and availability, also known as the CIA triad. The certification, which includes audits, needs to be met every three years. ISO-27017 offers guidance on moving or sharing data to the cloud.”
How Business AI And Cloud ERP Are Reshaping The Business Landscape
Leave a Reply
Want to join the discussion?Feel free to contribute!