Cupertino, August 31, 2020 – The World Economic Forum identifies cyber attacks, data fraud and data theft as top risks on a global scale. The failure of the EU-US Privacy Shield, the hesitant introduction of the LGPD in Brazil (comparable to the European Data Protection Basic Regulation), and increased work from home offices offer reasons to take a closer look at the importance of data protection.
OTRS AG has compiled the five most dangerous data risks.
1. Cooperation with gray market providers
Grey market suppliers offer solutions outside the legal distribution channels. Nevertheless, some companies choose these solutions because they are often cost-effective. The problem with gray market vendors, however, is that they do not own the source code. This creates two risks for companies. First, a lack of product know-how on the part of the gray market provider could lead to configurations that leave the data unprotected. Second, the software is not updated as necessary, since the product is sold outside the legal distribution channels.
2. Use of outdated unpatched solutions
Product updates and patches are required to close security holes. If these are not done, backdoor access (alternative access to software that bypasses access protection) to data may be possible. According to a Tripwire study, 27 percent of security breaches are due to patches not being applied on time.
3. Working with suppliers who are not sensitive to data protection
Regardless of whether companies work with external consultants or service providers, they should know exactly how the external company protects data. Before signing a contract, clients should ask specific questions to gain a thorough understanding of security practices and include security agreements directly in the contracts.
4. Lack of staff training
Often, humans are still the biggest weak point: employees create weak passwords and do not always use the most secure network. Professional trainings can help to create awareness for dangerous situations. Hacker concepts, such as social engineering and phishing attacks, should be known to everyone. Especially now that the majority of employees work from home, mobile employees should make sure that their personal networks are secure and use a VPN (Virtual Private Network) if possible.
5. No clearly defined incident response processes
What happens if an incident does occur? The longer an incident lasts, the more data is at risk. In a global survey of IT managers conducted by OTRS Group, 40 percent said they needed more clearly defined incident management processes to deal with security breaches.
“When it comes to managing data, there is no such thing as 100% security, but there are numerous protective measures,” says Jens Bothe, Director Global Consulting at OTRS AG and security expert. “Due to the increased work in the home office, we are exposed to a higher security risk, but this risk can be reduced by following these five tips”.
For more information on how OTRS can structure enterprise security, click here.
Learn more about the gray market in our white paper.
About OTRS AG
OTRS Group is the manufacturer and the world’s largest provider of the service management suite OTRS, awarded with the SERVIEW CERTIFIED TOOL seal of approval.
It offers flexible solutions for process and communication management to companies of all sizes, saving them time and money. Among its customers are Lufthansa, Airbus, IBM, Porsche, Siemens, BSI (Federal Office for Security in Information Technology), Max Planck Institute, Toyota, Hapag Lloyd and Banco do Brazil (Bank of Brazil). OTRS is available in 40 languages. The company consists of OTRS AG and its six subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS Asia Ltd. (Hong Kong), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange. For more information, see www.otrs.com.