As cyber felons start treating data as a valuable asset, organizations need to adopt data security measures to protect themselves from malicious outsiders.
In a world where the hybrid working environment is now dominant, data breaches are nothing unheard of. More and more companies are falling victim to such attacks, ruining their brand’s reputation and experiencing massive money losses.
Regular users do often encrypt their device data with a VPN service. But when the whole organization is at risk, more advanced solutions should be implemented, such as data anonymization.
We invited Oscar Villanueva, the CEO and Co-Founder of Nymiz – a company that provides data anonymization services. Villanueva agreed to share his views on cybersecurity and discussed the best ways to protect your most valuable asset – data.
How did the idea of Nymiz originate? What has your journey been like?
The starting point was a piece of software in C++ that can redact legal sentences for the justice department in Spain. From this, we built the whole AI model to become a SaaS Product based on Natural Language Processing.
We launched the company in february 2020, then came the COVID-19 virus and the lockdown. We built the team and developed the software completely remote for launching into the market the first MVP in January 2021. It was really tough to launch the company in such difficult circumstances, but at the same time, COVID-19 forced companies to work remotely and digitalize faster than they expected. So cybersecurity software tools became more relevant to them and this fact helps us improve and go faster and become more resilient.
Can you introduce us to what you do? What methods do you use to protect personal data?
Essentially at nymiz.com, we help healthcare, insurance, legal, and banking industries with a SaaS solution that can redact documents, mask databases due to the AI with Natural Language Processing, protect personal data of customers, workers, and patients in case of data breach while complying with Data Privacy laws and allowing the data analytics with just a single click. The main objective of Nymiz is to protect the information and data that clients entrust to companies – so, we help companies, but in the end, we help protect peoples’ privacy.
We are using not only anonymization but pseudonymization and playing techniques, such as blacklining or masking, tokenization with classification technique which is consistent and replacement with synthetic data generation.
In your opinion, what data privacy issues should more people be concerned about?
- Avoiding Data Breaches – your business model would not be at risk and the data of your clients would never be exposed
- Complying with privacy laws – GDPR and others
- Allow sharing documentation with a third party or do analytics and big data on that
Nowadays, companies and citizens’ awareness focus is on data breaches and not letting hackers access personal and sensible information. But almost every company focus is on databases or structured data but not acting on non-structured data or office documents, emails, images, pdf, or scanned documents which represents 70-80% of the information within companies, so there is a lot to protect still.
How do you think the recent global events altered the ways in which threat actors operate?
I think privacy is getting more relevant these days within the cybersecurity space due to continuous hacking attacks. Because of that, companies and customers want to ensure their data and protect their privacy as much as they can in order to preserve their reputation and businesses. So we’re going to observe an exponential growth of this in the future. To summarize, without exposing sensitive data, there is no chance for hackers, there will be no data breach scandals, no files from the privacy agencies, etc. That’s why tools such as Nymiz become more relevant in the space.
Keeping up with data protection requirements can sometimes be complicated. What details do you think are often overlooked by organizations?
From my point of view, human error, misunderstandings, and access to confidential and personal data has to be restricted correctly. Email used as a repository without being protected, mobile corporative apps and frameworks, remote working, and so on leave open doors for hackers or data breaches.
What are some of the best practices that organizations should adopt to protect their workforce and customer data?
Large companies, states, and public administrations invest huge amounts of money into cybersecurity which is relevant to avoid hacking, data breaches, and data stolen but is a defensive way to avoid intrusion (from outside to inside). I think the most interesting approach is a whole approach – not only from outside to inside techniques but also using data discovery and mapping tools, anonymization, and masking tools as well.
In your opinion, what types of cyber threats are going to become a prominent problem in the near future?
From my perspective we’re going to continue suffering cyberattacks:
- Data Breach
What security tools or practices do you think everyone should adopt to protect themselves online?
For me, the best practices and tools to ensure data are:
- Security tools
- Vulnerability scanning tools
- Data discovery and data mapping tools: knowing where your data is, and for sure, your most sensitive and personal data
- Personal and sensitive data has to be correctly stored
- Access to sensitive and personal data must be restricted for authorized personnel only
- Compliance tools to ensure data privacy
- Then, anonymization tools are necessary to ensure protection and compliance by design avoiding human error and enabling data analytics
Share with us, what’s next for Nymiz?
Nymiz expectations are high this year. We have to grow not only in revenues and achieving the goals but gaining traction with large accounts, launching in Europe and the USA, growing the team, attracting talented people, fundraising after the summer season, improving the performance of the tool, and adding very interesting and cool functionalities to the product. And for sure, helping companies and citizens protect their core value, their personal, and sensitive data.