By Diana Nicolo, Senior Information Security Compliance Analyst
Data security and privacy has been in the forefront of the news for some time. Over the last few years, it has received even more press from the high profile ransomware attacks and critical vulnerabilities that have affected many organizations.
In today’s world, protecting data is a top concern for enterprise leaders. Good data security and privacy practices are not only important for legal and fiscal compliance—they also build trust for a company. To secure data properly, it is critical to understand the latest data threats and the regulatory obligations a company has to protect data.
To stay abreast of new and emerging privacy regulations and cybersecurity trends, the Locus Compliance Team maintains relationships with industry organizations and participates in privacy and cybersecurity events. These events include the ISACA New England IT & Cybersecurity Expo, where industry experts and thought leaders discussed the following technology issues challenging enterprise leaders and professionals.
New Privacy Regulations
With consumers’ heightened privacy expectations, data protection continues to be in the spotlight. While the European Union’s General Data Protection Regulation (GDPR) is considered to be the gold standard for privacy standards, we continue to see more privacy regulations introduced in the US and globally. This year, new privacy laws will become effective in five US states and more are in the pipeline. Each of these new regulations brings their own set of requirements to understand and adhere to, making the privacy landscape even more complex to navigate.
The cybersecurity threat landscape also continues to evolve, bringing new or increased challenges to organizations. Ransomware attacks are still on the rise and are a real threat to organizations of all sizes and industries. Defending against these attacks is becoming increasingly difficult for practitioners as cybercriminals are using more sophisticated methods in their attacks. Being aware of these current trends is critical to allow organizations to proactively prepare and to stay ahead of the curve with these emerging threats.
With the combination of new regulations, advanced technologies, more sophisticated cyberthreats, and limited budgets, organizations are finding it harder to compete with these advanced threats and to understand their legal obligations. How can businesses fight these persistent cyber threats and deal with these new regulatory requirements when things are changing at lightning speed? One way is to implement a formal information security compliance program, which provides a structure for safeguarding the enterprise against cyberattacks and data breaches.
Locus’ Proactive Approach
In order to meet ever-changing security challenges and trends, Locus has developed a comprehensive Data Security and Privacy Compliance program, which is based on industry standards, including NIST 800:53, SOC2, and GDPR. Our Compliance program is staffed by a team of dedicated professionals with extensive experience in Information Security, Risk, and Compliance.
This team takes a proactive approach to stay ahead of the emerging threats and is continually monitoring the environment. This strategic approach starts with identifying current and potential risks to the organization and implementing measures to mitigate those risks before they impact the business. This approach is supplemented with a core set of data security and privacy policies and procedures, strong internal controls and support for building a security focused culture.
As new risks and regulations emerge, Locus performs periodic assessments, in addition to annual audits, to identify where there may be gaps in our current program. Depending on the outcome of this evaluation, appropriate mitigation measures are implemented and may include:
- Making updates to policies or procedures
- Implementing new tools or processes
- Ensuring agreements include the required clauses
- Reviewing data security standards
- Providing training for employees
A Commitment to Data Security
As we continue to expand our business into the global market, Locus is committed to taking an approach to securing data that adheres to standard international practices for data security and recognized privacy principles. This approach enables us to adapt to business expansion, new products and markets, and provide the structure and discipline to meet our legal, regulatory, and contractual requirements. In addition, we will continue to promote a culture of compliance through our policies, procedures, and training and awareness programs. This in turn will help us protect our assets and reduce the likelihood of a data compromise or breach.