The findings are launched alongside HANDD’s new Advisory Paper – ‘Securing the Journey of Your Data’ – which tackles the issue of data protection and provides organisations with an insight into the challenges and solutions associated with securing data on its journey through the enterprise.
The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation, and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.
HANDD CEO and Co-Founder, Ian Davin, commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”
41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.
“Many organisations have no insight into the data that they hold and so don’t understand which data is worth heavy investment and which isn’t so the reality is that they could be spending as much on securing the lunch menu as they are on securing their customers’ data,” explains Danny Maher, CTO at HANDD.
While 43 per cent of those surveyed think that employees are an organisation’s greatest asset, more than a fifth (21 per cent) believe that the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security. “Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” adds Danny Maher.
Storage is also a key problem area, with more than a third (35 per cent) citing that ensuring data is stored securely, and whether it’s on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions, automatically and definitively dictating its location and whether an encryption policy should apply.
Having stored data to comply with its security policy a company must ensure that an access management system is in place, which understands roles and responsibilities and allows users to see only the information that they need. In HANDD’s survey less than half (45 per cent) of IT professionals are confident that they have an identity access management process in place that dictates that users must have different privileges depending on their roles and responsibilities, while 15 per cent have no access management system in place at all.