Data Privacy Week - A Commitment for the Entire Year

Originally published by Skyhigh Security on January 23, 2023.

Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security.

Nowadays, when you download a new app, open a new online account, join a new social media platform or use a majority of online services—you will typically be asked to provide data about yourself and potentially share access to some personal information before you can even use it! This data might include your geographic location, email address, phone number, contacts, photos or documents.

Data Privacy Week, which takes place January 22 – 28, 2023, is an international effort to raise awareness about digital data privacy, and to encourage individuals, businesses and governments to better protect their data and digital identities.

Like most New Years’ resolutions, however, these efforts can’t just last for one week or the beginning of a year—they must be prioritized all year round with unwavering commitment. Sadly, the moment that organizations take their “eyes off the ball” and lack focus, it can be detrimental to the privacy and security of their valuable data.

It must be said that initiatives like these are absolutely welcome and serve as good reminders for global citizens to remain cautious and vigilant with matters relating to their data. Nevertheless, examples are seen in countless incidents where high-valued data has been leaked or compromised, users and organizations tend to, respectively, let their guards down over time.

How does this happen? This happens by everything from using insecure, weak passwords for a cloud workload Root account, failing to govern access to services lacking Multi-Factor Authentication (MFA) or falling for yet another phishing email, or even creating poorly configured cloud data storage assets that may be publicly accessible.

Data privacy and security are undoubtedly key considerations for any robust enterprise strategy. Based on Gartner’s predictions, “by the end of 2024…….75% of the world’s population will have its personal data covered under modern privacy regulations. This regulatory evolution has been the dominant catalyst for the operationalization of privacy”.1

Now, although public-cloud data security offerings will indeed strengthen and offer greater autonomy to users to control their data, there are number of fundamental, non-negotiables that users and organizations must not neglect. Here are just a few:

• Identifying and classifying their data
• Knowing where and how their data is stored/shared/used
• Determining how it needs to be always protected across all vectors

Data Privacy Week should absolutely be recognized and praised for the awareness it promotes. It endeavors to bring the ever-important topic of data security front-of-mind to the masses. As with any commitment or initiative, however, one week alone is not enough.

For users, small to medium businesses, large scale enterprises, critical infrastructure entities, government agencies, and everyone in-between—data privacy, data protection and overall data security must continue to remain priorities this week and every single week well into the future.

To quote the adage, “consistency is key”.