Top 3 Data Security Tips in Celebration of Data Privacy Day
As we conduct business in an increasingly cloudy, mobile, and social world, it’s more important now than ever to take data security and privacy into consideration. Data is everywhere and its value is growing exponentially. But with data moving in and out of your organization so quickly—how can you keep it safe?
This is the perfect time of year to ask that question—today is Data Privacy Day. The National Cyber Security Alliance has coordinated various events in the United States and Canada to help facilitate discussions and raise awareness of data privacy and security issues.
In my opinion, the public and private sector must work together to combat the rising tide of data-hungry cyber criminals. Government legislation is and has been making strides toward mitigating cyber crime. In the U.S., 48 out of 50 states now enforce data breach notification laws, which require companies that collect or store personal identifiable information to notify customers if their information is compromised.
And, in Canada, mandatory data breach notification may soon become federal law. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). At present, PIPEDA currently does not contain any breach notification provisions.
However, as we all witnessed in 2011, legislation alone cannot protect data. According to an upcoming study from the Identity Theft Resource Center (ITRC), previewed in advance by Information Week, in 2011, there were 419 breaches publicly disclosed in the U.S., affecting a staggering 22.9 million records.
This means we still have A LOT of work to do. And, consumers are losing patience. They hold businesses directly accountable for the loss of their personal data and continue to bring class action lawsuits against organizations. This consumer unrest is likely to fuel additional legislation that may punish companies financially for losing customer data. Corporations have to take responsibility.
Here are three key recommendations for protecting customer data:
1. Educate your teams on best practices for handling customer data.
Work with the people who have access to customer data, including accounting, customer service and engineers. Talk to them about how to handle this data and set good controls for admins. Eliminate admin rights on desktops. Then reinforce the training through mock social engineering attempts and pen testing. There are good companies out there that can help you with this and measure the success of your education efforts over time.
2. Reinforce your education with technology.
A few must-have protections are essential for securing customer data. Monitor your two biggest communications channels (web and email) for outbound data and be able to stop it in its tracks. An integrated, effective secure web gateway and data loss prevention (DLP) technology provides greater control to more effectively manage who and what can go where, offering protection from inbound threats and outbound data in a unified solution. This step can also help determine who is using what information and whether the data is legitimately or inappropriately used. Identity and access management are increasingly important tools to ensure that the data doesn’t get in the wrong hands. And using Security Information Event Management (SIEM) software with a solid log management tool (that you actually pay attention to) can help you identify suspicious behavior and follow all the way through to remediation of the threat. Be diligent here, and tie it back to training. Because, while the reporting features of these technologies are getting better, you still need to develop highly trained eyes to regularly analyze the output to ensure that you are truly protected.
3. Make Data Privacy Day last longer than a day.
Let's face it, a day of awareness is fantastic, but a lifetime of action is more significant. Protect sensitive customer data in your organization as if it was your own, every day. We need to take action to do this, or the bad guys will act to take it from us. What are you currently doing to celebrate Data Privacy Day, every day?