Making Privacy and Security a Daily Celebration

Privacy and security are top of mind for both the public and private sector. It’s one of the hottest topics in the media and one of the government’s top agenda items. What is your region doing to address this issue?

Tomorrow, ISACA (Information Systems Audit and Control Association) Vancouver will lead the 15th Annual Privacy and Security Conference. It's a collaborative effort to promote privacy and security awareness in the Province of British Columbia. In fact, they designated this day as BC Privacy and Security Awareness Day, with the goal of informing citizens throughout the province of today’s cyber threats and how to mitigate the associated risks.

To tackle this burning issue, ISACA is gathering a group of thought leaders to weigh in on the most pressing privacy and security challenges we’re faced with as our world becomes increasingly digital. Topics range from social media cyberbullying and young people’s views on privacy to financial crimes, critical infrastructure security and the balance between privacy law and privacy concerns.

I’ll be on hand to address issues around mass surveillance without oversight. And, I look forward to joining a panel of experts to debate how much our privacy and digital security has been compromised in the current digital storm. If you are going to the conference, join me:

February 6, 2014
10:45 a.m.-12 p.m.
Protecting the Data Pipeline and Critical Infrastructure from State Sponsored Hacking
Victoria Conference Centre, Theatre

2 p.m.-2:30 p.m.
Recognizing the 7 Stages of Advanced Threats & Data Theft
Victoria Conference Centre, Colwood

I applaud the Province of BC for understanding the importance of privacy and security and organizing an important day packed with the topics and leaders necessary to advance the state of network security. It’s important to make every day privacy and security day, protecting sensitive customer data as if it was your own. Here are a few things you can do to celebrate privacy and security daily within your organization:

1. Educate employees across departments on the best ways to handle data
Identify the people who have access to sensitive data. This would include HR, customer service, accounts payable and even engineers. Discuss best practices for handling data and make sure to set strong admin controls. It’s also helpful to eliminate admin rights on desktops.
In addition, the web is one of the most compromised data loss vectors. Therefore, always enforce user and business unit- based policy requirements for uploading data to the web.

2. Pen test your employees  
Create a mock-training scenario through an established penetration-testing company to help you socially engineer your employees. This exercise is not only eye-opening for employees, but also reinforces important training techniques for recognizing and avoiding clicking on a malicious attachment or URL with data stealing code. 

3. Implement data protection technology controls
Data breach prevention isn't just about stopping data from escaping. An effective approach looks at monitoring both inbound and outbound traffic to distinguish and stop data stealing attacks from getting inside your network. 
Remember to look for vulnerabilities outside your network as well. Users often work from home or on the road, and therefore can often interact with sensitive data while off the corporate network. As a result, it’s crucial to implement off-network endpoint controls to mitigate outside loss.

Lastly, don’t forget the vulnerabilities associated with removable media. It’s imperative to encrypt devices like USB flash drives that often carry sensitive information – yet are prone to being easily lost or stolen. 
For other tips on protecting privacy, take a look at these pointers recently assembled on Forbes.com:http://www.forbes.com/pictures/mhl45efifk/password-protect-your-devices-15/.