Data protection is a complex challenge, and it demands attention at every level of an organization. PKWARE's in-house experts are here to help you stay up to date on best practices, emerging trends, and new resources for enterprise data security.
Before it has funding, a marketing campaign, customers, or even an office, a startup has one all-important asset: information. In fact, you could say that every startup begins its existence as information itself, in the form of a codebase, a blueprint, a business plan, or some other form of intellectual property. As a company grows, it will collect vast amounts of new information in a variety of forms—customer data, transaction records, plans for additional products—all of which are critical to its survival and success.
Unfortunately, few startups recognize just how much protection their data requires. A strategy based on network and device security, no matter how sophisticated it might be, simply isn’t enough to keep data secure. Companies that fail to encrypt their data are taking an unnecessary risk that can rob them of their ability to grow and compete.
After months of delays, the Trump administration has issued its first executive order on cybersecurity, signaling the direction that the federal government’s new strategy will take. The order addresses three broad topics: the security of federal networks, protections for critical infrastructure, and cybersecurity for the general public. Among its calls to replace outdated technology and to create a more capable cybersecurity workforce, the order contains one directive that will make an immediate difference in how the government manages its cybersecurity programs.
Data breaches are simply a fact of life. Businesses in every industry, in every country, are attacked by data thieves and malicious insiders on a daily basis. As pervasive as they are today, cyber threats will only grow more severe as time goes on—each newly-developed way to communicate or do business online creates new forms of sensitive data that hackers, industrial spies, and state-sponsored operatives are ready to exploit.
Data protection is no longer the domain of the IT manager.
Enterprise organizations are dealing with larger data volumes, more data-dependent business models, and more unpredictable cyber threats than ever before. These pressures, along with new regulations passed in response to them, have moved the conversation about data protection from the IT department to the boardroom. One of the most visible signs of this shift is the emergence of a new role at corporations and government agencies: the data protection officer.
When it rains, it pours.
After the European Commission adopted the GDPR in April 2016, businesses around the world scrambled to make sense of the new data security law and the obligations it imposed. And then, less than two months later, came the Brexit referendum and the UK’s decision to leave the EU.
Organizations who hadn’t yet come to terms with the GDPR were suddenly faced with the prospect of creating not one, but two new data protection strategies—one to meet the EU regulations, and another to comply with whatever rules would apply in the UK after its exit from the EU was complete. It was hardly surprising when companies in North America and elsewhere began to consider leaving the European market entirely, rather than dealing with the complexity and uncertainly that the legal developments had created.
“I love strong encryption. Strong encryption is a great thing.”
That’s what FBI Director James Comey had to say earlier this month in his keynote speech at a Boston cybersecurity conference. The quote might have surprised a few people, given last year’s confrontation between the FBI and Apple over cell phone encryption, and Comey’s public warnings that the FBI is increasingly unable to access encrypted information on phones, laptops, and other devices. Has the Director had a change of heart?
Now that the first real cybersecurity law in US history is on the books, can we expect to see more of the same?
New York’s cybersecurity law for the financial services industry, 23 NYCRR 500, took effect on March 1. The law is making headlines not because it creates a heavy new burden for compliance, but because it takes a broader view of information security than any previous state or federal law. As a highly visible attempt to set priorities and minimum standards, the New York regulations have the potential to influence the long-term direction of cybersecurity legislation in the United States.
We're pleased to announce that once again, PKWARE has earned recognition as one of the world's most influential and innovative cybersecurity companies. The latest edition of the Cybersecurity 500, published by Cybersecurity Ventures, ranks PKWARE among the top information security firms worldwide.