Many companies take years to recover from the consequences of hacks and data thefts, as customer trust is destroyed in the long term. Therefore, data protection is central to ensuring that you can best protect sensitive customer data from unauthorised access by cyber criminals. When working with an IaaS provider, the data storage location should be considered.
Table of Contents
Data is described as the most important currency of the digital world. It allows companies to deepen customer loyalty and increase market share. At the same time, hacker attacks and data thefts regularly make headlines. The Twitter hack last summer, for example, was a talking point on social media, in newsrooms and around the dinner table. The attackers were able to view personal information such as email addresses and phone numbers, as well as possibly other confidential information of the affected Twitter users. Twitter is expected to struggle with the aftermath of the hack for some time to come. Politicians and journalists called for full investigations and demanded that Twitter be held accountable. Cyber attacks can cost millions and cause irreparable damage to Twitter's reputation.
Data is ubiquitous, exists in various forms, and creates combined patterns. When these patterns are networked with other data sources, clusters are formed. It is assumed that the amount of data will increase exponentially in the future. Data is of little value without appropriate analysis and interpretation; it must be put into context to create value for the business. This involves processing large amounts of data regardless of source or format. The right data and patterns help drive business-critical decisions. Data scientists are convinced that companies in all industries could benefit from the targeted use of data.
_____
How SMEs can protect their IT environment in 2021
Xelon's security experts have compiled tips on how companies can protect their IT infrastructure from cyberattacks and data theft in 2021 in this blog post
_____
Personalized advertisements, differentiation between regular customers and first-time visitors in the online shop or sounding out the market potential for a new idea: customer data enables companies to continuously deepen and improve the relationship with their customers, expand the range of products and services and increase market share. If a company has access to a representative amount of user data, its chances of positioning itself successfully in the market increase. In a 2019 survey conducted by consulting firm Deloitte, 96 percent of respondents said data analytics would play a more important role in their organizations in the future. Nearly half of all respondents (49 percent) believe the biggest benefit of data analytics is the ability to make informed decisions. Nearly two-thirds of survey participants said data analytics plays a central role in advancing business strategy.
However, internal company data is not only valuable for the company itself. Your customer data could be used by competitors to gain insight into the needs of their target audience, improve their offerings, and increase their own market share - by poaching your customers. Cyber criminals also often target credit card data. According to the Swiss Data Protection and Information Commissioner, all personal data can be sensitive and therefore worth protecting.
Companies must guarantee the security of all stored personal data. Both employee and customer data must be protected as best as possible. If this data is accidentally or intentionally compromised and it emerges after the cyber attack or data leak that the company concerned had not taken appropriate security measures, it may face fines and sanctions. As mentioned at the beginning, journalists and politicians are demanding comprehensive clarifications and answers from the short message service company after the Twitter hack, for example. Some media even went so far as to talk of a "global security crisis" or an "unprecedented cyber attack".
The Swiss Data Protection Act (DPA) provides for penal provisions, but only in the case of intentional violations of the obligations to provide information, to report and to cooperate, and of the professional duty of confidentiality. The DPA is currently being revised. The revision is intended to create more transparency and strengthen the co-determination rights of data subjects. The draft revision leans heavily on the EU General Data Protection Regulation (GDPR) . Companies with customers in the EU are already subject to the GDPR today, although much higher fines than before are possible for the effective enforcement of data protection law since 2018.
Cyber attacks can cost millions, cause irreparable reputational damage and lead to criminal investigations. Many businesses take years to recover from the aftermath of hacking or data theft, and for more than a few businesses, cyber attacks spell doom. "Information technology, as we all know, is making tremendous strides, making it possible to collect and connect vast amounts of personal data. Unfortunately, the security awareness of data processors often does not keep pace with the technical innovations," the Swiss Data Protection and Information Commissioner writes in this regard.In times of data leaks and increasingly perfidious hacker attacks, most companies and their end customers probably want to know where their data is stored. Most hyperscalers such as Amazon or Microsoft have their headquarters in the USA, where access to company data is practiced without judicial control by means of the Patriot Act. In Switzerland, on the other hand, this is not permitted.
Xelon's cyber security and data protection experts advise companies of all sizes to regularly review their data protection concept. That way, any weaknesses can be discovered and remedied. When working with an IaaS provider, the external partner usually takes care of the security of the IT environment. The company location plays an important role when choosing an IT infrastructure provider. Local providers comply with Swiss data protection laws and can therefore guarantee the highest data security standards. Our infrastructure is located in data centers in the cantons of Aargau and Zurich and all customer data is subject to Swiss data protection laws. Xelon received ISO 27001 certification in July 2020, the leading international standard for information security management systems and the most important cyber security certification.
An interesting example of an infrastructure solution hosted entirely in Switzerland is the collaboration between Xelon and the IT service provider Teleinformatik for the migration of the IT infrastructure of SOS AERZTE. The medical association advises and cares for around 20,000 patients in the canton of Zurich per year. In view of this important function in healthcare provision in numerous communities, it should be self-explanatory that the IT environment, including SOS AERZTE's emergency telephone service, must be available at all times of the day and night. The company does not want to operate its own infrastructure and outsourced the complete IT and telephony infrastructure to an external data centre.
SOS AERZTE turned to the traditional Swiss IT company Teleinformatik Services AG for an external replacement and support in IT matters. An important point in the migration was that the IT systems are accessible at all times from anywhere, as most users work either in their home offices or on the road. Teleinformatik migrated SOS AERZTE's IT infrastructure and set up a geo-redundant 3CX telephone system, which increased the fail-safety of the emergency number and guarantees SOS AERZTE employees access to the IT environment at all times, both in the home office and during external assignments. Xelon supported the migration.