Top 5 Data Protection Risks for Enterprises

The World Economic Forum has intensified its focus on corporate data protection, driven in part by remote-work policies. The collapse of the EU-US Privacy Shield further underscored the need for closer scrutiny.

Here are the five most dangerous data risks, according to OTRS AG:

1. Partnering with Grey-Market Providers

Grey-market providers offer software solutions outside official distribution channels. Some enterprises opt for these offerings – often due to their low price – despite the legal and security risks involved. The core problem is that grey-market vendors do not own the source code.

This creates two major risks for enterprises. First, limited product expertise may lead to insecure configurations that leave data exposed. Second, because the software is distributed outside official channels, it often receives no updates or security patches – leaving known vulnerabilities unaddressed. 

2. Using Outdated, Unpatched Solutions

Product updates and security patches are essential for closing known vulnerabilities. Without them, attackers can exploit backdoors – unauthorized entry points that bypass standard access controls – to gain access to sensitive data. According to a Tripwire study , 27 percent of security breaches stem from delayed or missing patches.

3. Working with Suppliers That Neglect Data Protection

Whether engaging external consultants or service providers, enterprises must fully understand how those third parties protect data. Before signing any contract, clients should ask targeted questions, to gain a thorough understanding of the vendor’s security practices – and explicitly incorporate security commitments into contractual agreements.

4. Inadequate Employee Training

Employee training can be the key to solving the problem. Source: iStock / skynesher

People remain the weakest link: employees still create weak passwords and frequently connect via unsecured networks. Professional training helps build awareness of real-world threats – including social engineering and phishing attacks.

With so many employees now working remotely, mobile workers must ensure their home networks are secured – and use a Virtual Private Network (VPN), wherever possible.

5. Absence of Clearly Defined Incident-Response Processes

What happens when a breach occurs? The longer an incident remains undetected or unresolved, the greater the volume of compromised data. In a global survey by the OTRS Group of IT managers, 40 percent cited the urgent need for clearly defined incident-management processes to respond more effectively to security breaches.

“There is no such thing as 100% data security – but there are numerous protective measures,” says Jens Bothe, Director Global Consulting at OTRS AG and cybersecurity expert. “Remote work increases our exposure to security risks, but following these five recommendations significantly reduces that risk.”

For more information on how OTRS can help structure enterprise security, see here.

Key Facts

GDPR fines: European data protection authorities have imposed over €4.5 billion in penalties to date.

Data breaches: 83 percent of enterprises experience more than one data protection incident per year.

Frequently Asked Questions

What is the difference between data protection and data security?

Data protection governs the lawful handling of personal data – covering legal basis, purpose limitation, and data subject rights. Data security refers to the technical and organisational measures used to safeguard all data against loss, tampering, or unauthorised access.

Does every company need a Data Protection Officer (DPO)?

In Germany, appointing a DPO is mandatory if at least 20 people regularly process personal data using automated systems – or if special categories of personal data (e.g., health data) are processed.

What rights do data subjects have under the GDPR?

The right of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection. Companies must respond to such requests within one month.

Related Articles

• How to prevent cyberattacks on critical infrastructure
• Multi-carrier connectivity as a safeguard against system failure
• Essential guidelines for video conferencing systems and data protection

Header Image Source: iStock / CROCOTHERY

Fact: According to Bitkom, German enterprises invest an average of 14 percent of their IT budgets in cybersecurity.

Fact: IBM reports that 95 percent of all cybersecurity incidents result from human error.

TL;DR

• According to a Tripwire study, 27 percent of security breaches stem from delayed or missing patches.
• In a global OTRS Group survey of IT managers, 40 percent said they urgently require clearly defined incident-management processes to respond more effectively to security breaches…
• Inadequate employee training Employee training can be the key to solving the problem.
• The World Economic Forum has intensified its focus on corporate data protection, driven by remote-work policies.

About the author: Tobias Massow

More articles by Tobias Massow