You may think it’s your time to relax after breaking your back to meet all the requirements of the General Data Protection Regulation (GDPR), but hackers never sleep. If you want to keep them out, you need to stay up to date on the latest and greatest cybersecurity regulations. That said, have you heard about the Cybersecurity Tech Accord?
Generally, cybersecurity regulation is a set of rules laid out by governing bodies that ends up adding to your to-do list. But instead of coming from a government, the Cybersecurity Tech Accord is driven by 34 of the world’s largest international companies. This time, the private sector is taking on cyberwarfare by making a commitment to create stronger defences against cyber attacks and ensure they’re not unwittingly helping governments attack other countries.
This accord is more than just a positioning statement. It goes beyond cybersecurity government regulation in that the participating companies are pledging to empower their employees and customers to better protect themselves while improving technical collaboration to make cyberspace safer.
Go beyond cybersecurity government regulation
While this so-called “Digital Geneva Accord” has private sector companies taking the initiative, it still requires those in the trenches of IT to go the extra mile by putting the onus on everyone in the organization to make good cybersecurity part of the culture. While it’s not obligatory, your employer could soon decide to follow this accord as a good corporate citizen, too.
The good news is the accord starts at the design level. It vows that the signers “will protect against tampering with and exploitation of technology products and services during their development, design, distribution, and use.” In other words, you can expect more security by design in the software and hardware you deploy and possibly more intelligent devices, such as modern multifunction printers, that come equipped with their own embedded security features to better defend your network at large.
But should your organization sign onto this new digital accord, you may find yourself getting out of your comfort zone for the greater good of better cybersecurity.
The 4 commitments of the Cybersecurity Tech Accord
You may ask: What are you committed to if your employer signs onto this Cybersecurity Tech Accord? The early supporters of this initiative, including HP, Microsoft, and Trend Micro, outlined four key areas for adopters to focus on:
- The first concerns building a stronger defence against online attacks and recognizes everyone deserves protection, regardless of what motivated the cyber attack.
- The second area stipulates these companies will make sure their products aren’t tampered with or exploited to help governments launch cyber attacks against innocent citizens and enterprises.
- The third commitment is where creating a culture of cybersecurity comes into play. Supporters of the accord will conduct more capacity building by empowering developers, as well as users of their technology, to better protect themselves. It may include collaborative work on new cybersecurity practices and new features customers can integrate into their products and services.
- Finally, the accord calls for collective action by building existing relationships and creating new partnerships within the industry and society at large to improve technical collaboration and minimize the potential for new online threats.
Keep up with the new normal
The Cybersecurity Tech Accord reflects that the new normal of data privacy and security is multifaceted. Recent legislation, such as GDPR and Canada’s own Personal Information Protection and Electronic Documents Act (PIPEDA), fosters the concept of privacy by design, while technology vendors have realized the exponential rise in cybersecurity threats requires an automated response powered by artificial intelligence and machine learning.
This new accord also reflects the reality that cybersecurity must be not only be embedded in your IT infrastructure but also weaved throughout the culture of your organization and any collaborative endeavours with other organizations. Having a modern operating system with a strong security foundation is a starting point. If your IT team develops apps, either for internal employees or external customers, a DevOps culture could also strengthen your security in the spirit of the Cybersecurity Tech Accord.
What this new industry-led initiative is heralding, however, is the embedding of data privacy and data security into the culture of the organization, which means you may find yourself acting as a cybersecurity evangelist and teacher for your fellow employees and your customers. Start preparing today!