Risk consulting firm Kroll has released its forecast for data security trends in 2011. The report highlights key areas in which businesses are likely to see significant changes in security laws, vulnerabilities, and protective measures.
10 Data Security Trends
- More small scale breaches. Heathcare entities are required to report breaches affecting 500 or more people, so Kroll says there will be an increase in reports of small scale breaches. As more companies implement data security measures, audits will likely bring to light older, overlooked breaches from the past.
- "Low-tech," non-electronic data theft. Pen and paper strike back.
- Lost devices lead to data theft. As people rely more and more on mobile devices, the chances for loss and theft of data from these devices increases. According to the U.S. Department of Health and Human Services, 24% of reported data breaches were due to laptop theft - more than any other cause.
- Data minimization. Kroll suggests that companies will reverse course, having spent years amassing consumer information to now starting to see this data as a liability.
- Openness and collaboration increases organizational vulnerability. "By nature, data in transit is data at risk," and sharing data, says Kroll, increases vulnerabilities.
- More social networking policies Kroll says employers will need to develop policies for social networking use as they relate to data security.
- Thinking encryption is the silver bullet. Kroll says that "encryption is often incorrectly positioned as a complete solution to data security."
- More notifications required for third-party breaches. As companies rely on more third-party data collection, they may be start obligating those companies to protect company data.
- Privacy awareness training. Rather than relying solely on technology fixes for security issues, Kroll says companies should also train employees on how to recognize issues and obligations.
- Possibility of a federal breach notificiation law
What do you think of these predictions? I'm not sure I agree that we'll be minimizing data collection, although certainly storing it securely it will be important.
And (resolution or not) what plans are you making to address security issues in 2011?