To the layperson, data analytics security can sound intimidating and overly technical. However, we all have an obligation to protect our data. As data analysts and information security professionals, we have a duty to not only understand the latest trends in this constantly evolving field. But to explain it to managers and other professionals at our respective organizations. HR professionals, medical professionals, and those dealing with sensitive business information rely on us to not only identify and understand data security trends. But to confidently explain and implement security measures that benefit their teams.
We know that the dark web is real. And cyber thieves pull more than just harmless pranks. They’re after secure data that could bring down entire companies and governments. What habits can we encourage on company-wide levels to ensure a thorough understanding of security threats to businesses?
Let’s take a look at the latest trends in data analytics security, with a focus on how to describe the importance of data security to your average non-technical individual.
Human resources security trends
When we talk about human resources, many think of internal departments in large organizations. However, that’s not always the case. Job candidate sourcing and other human resources responsibilities are commonly outsourced. From benefits management to recruitment, companies have realized that HR fits well into the gig economy.
These companies need to understand that data security is an especially important concern for employees working outside of the office, especially contract-based employees.
HR professionals collect information about job candidates and employees, including social security numbers and benefits enrollment information. Analytics are useful, necessary and crucial to ensuring ROI (return on investment) for recruiters, and they’re using real-time analytics more heavily than ever in their recruiting efforts.
Ensure that adequate remote security protocols are mandatory for all outsourced recruiters — it’s something many companies overlook. As a security professional, recommend that the company sends its own equipment, such as laptops, to contract employees; this gives you the ability to remotely ensure security. Failing that, require VPNs, virus detection software, and secure logins.
More devices, more security risks
How many different pieces of equipment does the average employee use to access work-related information? Many have a laptop, a desktop, a smartphone, a tablet, and even a smartwatch. As an IT professional, you’ve surely had the question about how many devices a home-based WiFi router can handle.
What many don’t consider is that smart devices are completely hackable. From smart cars to watches, they’re all connected — and they’re all threats. If you’re accessing secure data on an unsecured device, it’s a problem, even if that means an email popping up on your smartwatch.
Educate professionals about this issue by ensuring strict protocols for all devices, including ones that seem extraneous, such as smartwatches. Provide the policy clearly and in writing. And ensure employees sign it to convey the serious nature of the potential security threat.
Enhanced internal communication
Effective communication is also a defense you and your employer/client have against data threats. For example, if you know about major changes in your employer’s supply chain, get notified of terminated employees, and generally understand what’s happening on a management level, you’ll be best equipped to help any company mitigate threats.
The trick is making sure they understand the importance of that communication. Do you have a list of vendors? What sort of secure data do those vendors have access to? Is the data encrypted? These are questions managers often don’t think to ask — and it’s on you to remind them and to continually educate.
Securing medical and genetic data
As genetic tests have become commercial and affordable, there’s been a heavy amount of discourse about the privacy of that data. Some companies, per the contract with the consumer, may even sell it to undisclosed entities. That’s got the average consumer feeling unsafe, and with good reason.
Companies like AncestryDNA and 23andMe work directly with consumers and offer low-cost testing options, so the market is explosive. The hindrance of data can also gatekeep legitimate research, which is another valid concern, and non-technical consumers often face difficulties navigating that. However, the benefits of extrapolating and interpreting tertiary data to provide meaning to a specific individual and to a database of samples clearly hold significant value, regardless of intention.
If you’re working with a company that involves collecting, analyzing and retaining genetic samples and results in any way (including a primary care physician’s office), stay aware of those security trends.
Recommend secure, cloud-based domestic data storage solutions for all medical clients. As well as a means of physically securing any in-house or external hardware, like laptops. Even browsing history should be secure. Lest a hacker determines what a doctor was looking up that day regarding a particular patient.
Most of these trends address rapid developments in corporate or medical offices, as well as the ease of use everyone now experiences due to cloud-based technology and roaming software devices.
Some of your clients or employers, however, may be resistant, and it’s necessary to remind them of the true cost of a data breach. This includes complications from HIPAA violations, a public relations disaster and overall mistrust from prospects and clients. Leaving themselves open to data insecurity is like throwing their entire marketing budget down the drain, and it’s often on the IT professional to communicate that adequately.