Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Trustwave Blog

Data Privacy Day: Best Practices Organizations Should Know

Today is Data Privacy Day – a day set aside to help encourage organizations and individuals to appreciate the critical importance of privacy and data protection practices. Observed in almost 50 countries around the world, the event began in 2007 in the European Union, and was recognized by the United States Congress in 2009.

As recent high profile breaches like the FireEye/SolarWinds Orion compromise and the discovery of massive database of U.S. voter information for sale on criminal forums have shown, our data is increasingly at risk. For organizations of all kinds, keeping data safe will be ever more vital, not only from a risk and compliance point of view, but also through the paradigm of enhancing business success. As consumers become more concerned with how their data is being handled, they will also vote with their wallets and become more loyal to companies with strong data protection policies and track records of handling data safely.



2020 Trustwave Data Security Index

The 2020 Trustwave Data Security Index report depicts how technology trends, compromise risks and regulations are shaping how organizations’ data is stored and protected. The report is based on a recent survey of 966 full-time IT professionals who are cybersecurity decision makers or security influencers within their organizations. Over 75% of respondents work in organizations with over 500 employees in key geographic regions including the United States, United Kingdom, Australia and Singapore.


Given the stakes, what should organizations do to help keep data private and risks properly mitigated? Listed below are a few best practices, with links to resources that can help you learn more about this vital subject matter. In addition, the National Cybersecurity Alliance offers a wealth of information on this important subject, and Trustwave has services and solutions that can help your organization with data privacy needs.

Emphasize employee education. Protecting data starts with empowering your employees, so that they know how to practice good security hygiene and how to protect themselves (and your business) from the most common cyber-attacks, like phishing, business email compromise and other exploits that specifically target the human element. It’s also important to note that Security Awareness Education training and policies are mandatory for most organizations for compliance reasons. Dive deeper into this subject with this blog post on CISO data solutions, this infographic on essential cybersecurity tips, and this data sheet on cybersecurity education.  

Map out your data storage. Modern organizations, especially enterprise level organizations, are dealing with ever growing data sprawl. As the 2020 Trustwave Data Security Index showed, most organizations are moving their data into a hybrid cloud/on-premises storage model, with multiple cloud providers. A special concern exists for organizations that either have or will go through a merger or acquisition, as legacy data concerns frequently occur. Learn more about data risk mitigation, the risks of hosting data in the cloud, and check out this infographic which shows the 5 ways attackers will try to get to your data.

Recognize the hidden weaknesses. Most organizations don’t realize that partners and vendors typically have no responsibility for protecting your data. A common misconception is that cloud providers share liability for data protection: they do not. Even the major providers, like Google, Azure and AWS, have no responsibility in the case of a breach – and a common vulnerability that Trustwave SpiderLabs researchers often uncover is from organizations relying on default cloud server settings. Another all-too common hidden vulnerability results from sloppy or slow database patching practices. Learn more about how to recognize your data weak spots with this webinar on patching practices and this infographic on testing your data security.

Remember that less is more. Since every piece of data you collect adds to your potential risk, the simplest way to mitigate that risk is to only collect data that you absolutely need. Many organizations are also beginning to consider when it’s appropriate to actually destroy unnecessary data – which is also a consideration in certain compliance situations. Additionally, organizations should always adhere to the principle of least privilege, so employees only access the data they need to perform their jobs. Regularly reviewing user privileges is also vital. Dig deeper into this topic with this interview on the changes occurring in data security.

Of course, one of the most important strategies for protecting data is having a program in place to detect and respond to breaches – which is why so many organizations are turning to managed threat detection and response solutions. Remember, for most of us it’s not a question of if we’ll get breached but when… and how ready we’ll be to respond.

Latest Trustwave Blogs

DOJ Disrupts Russian Botnet Created Using Unchanged Admin Credentials

The US Justice Department conducted a court-authorized operation in January that thwarted an on-going Russian GRU botnet campaign that used unchanged publicly known default administrator passwords to...

Read More

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024...

Read More

Understanding Why Supply Chain Security is Often Unheeded

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture.

Read More