January 28 is European Data Protection Day. Today, a reflection on the protection of critical information is more explosive than ever.
Data Protection & IT Security in 2023
Data Protection & IT Security in 2023https://i0.wp.com/appnavi.com/wp-content/uploads/2023/01/AppNavi_News_Datenschutztag_EN-1.jpg?fit=1920%2C1080&ssl=119201080Daniel BecksteinDaniel Becksteinhttps://appnavi.com/wp-content/plugins/ultimate-member/assets/img/default_avatar.jpg
When introducing digitization measures or changing business processes and working practices, the protection of personal or business-critical data as well as the digital infrastructure requires special consideration – especially in times of digital change and transformation.
However, awareness of the security of critical information has been promoted by the Council of Europe since 2007 and has been celebrated annually since then in the form of a day of action on January 28, and is experiencing a whole new level of explosiveness in 2023.
To mark the upcoming Day of Action, we take a look at current issues and incidents and take a close look at ourselves.
IT security and data protection in the crossfire
Last year, the German economy was pretty much in the digital crossfire and increasingly became the target of cyberattacks. Damage from attacks was estimated at 202.7 billion euros, according to Bitkom (the German digital association). Even if the DSGVO (General Data Protection Regulation), which came into force in May 2018, is not always met with approval, one can venture the thought experiment and ask oneself how high the amount would have been without the European directive. Because at the latest since the implementation almost 5 years ago for the protection of personal data and Co. the topic is on everyone’s lips and minds. Companies had to document, turn around and rethink many processes after the decision in the European Union. But sometimes that is not enough.
A house is not built of firewalls
Especially the situation during and after the pandemic due to increased remote working and changing workplace models (keyword New Work) have opened the door for security breaches and let security efforts in companies melt away overnight. Especially collaboration tools like Teams and Slack are popular attack points for hackers, apart from the “popular” phishing emails and zero-day attacks (exploitation of vulnerabilities within software) and it is exactly these that are primarily used in the home office. But global conflicts and crises are also increasingly being fought on and through the Internet and claiming more victims.
Outside help also invites uninvited guests
The world of work is turning fast. Staff turnover is an issue for many companies, with the rate hovering around 30 percent. Departments resort to freelancers, consultants or interim positions to fill or bridge the gaps in the short term. But the dangers of this are treacherous. Internal colleagues who take over vacant positions are not familiar with processes and applications – and thus make unintentional mistakes. External employees must be connected to the current systems and introduced to regulations. After all, signing off on IT and compliance guidelines does practically no one any good if it is not implemented. But when things have to happen quickly, this is usually the only measure and becomes a nightmare for data protection and security officers.
No resources in IT – No IT for security
All this could be regulated, avoided or remedied with know-how and resources, couldn’t it? Well, the shortage of skilled workers is hitting IT particularly hard and keeping the economy busy. In Germany alone, there is a shortage of over 137,000 IT experts. So who is supposed to take care of IT security and the implementation of data protection if there is a lack of personnel? And the ladies and gentlemen who take care of the software and hardware (and much more besides) in companies have many other topics on their to-do lists. The key words here are advancing digitalization or digital transformation, cloud computing, etc., due to the focus on networking systems. This does not even take into account the classic helpdesk tickets that flood the systems of IT officers every day. IT colleagues therefore need to be relieved (if teams cannot be expanded) so that experts can focus on the core issues. Digital Adoption by AppNavi can make an enormous contribution to this.
But what about your own data security? After all, Digital Adoption connects people and software and thus lies between these parties. Don’t worry. AppNavi is 100% DGSVO compliant because it does not collect or process any personal data. Be it Guidance, Automation or Analytics. The logic is based on employee role assignment, which works absolutely anonymously.
For us, it was a huge benefit and added value that AppNavi recognizes the role systematics from SAP SuccessFactors. Thus, the intelligence for role identification is in SAP SuccessFactors. AppNavi recognizes, for example, that someone has taken on a management position in the company and automatically plays out appropriate routes for this person. And all this without storing any person-specific data. Kristin Leicht – Global HR IT System Expert
Even with the additional module User Behavior Mining, you can breathe a sigh of relief. When analyzing application usage, critical information is made unrecognizable even before it is merged into the mass view. By default, data is reduced to the bare minimum, transmitted in encrypted form, and data localization takes place in Germany. The focus is therefore on the usage and the many benefits of the Digital Adoption solution and not the worry that data protection officers or IT security will intervene – better yet breathe a sigh of relief.