Data Privacy Day: Celebrate with a Comprehensive Security Review

January 25, 2018
Compliance, Data Protection, Education, Healthcare, IT Security, Manufacturing, Retail

There won’t be parades or fireworks, but January 28 is a day worth celebrating. It’s Data Privacy Day, an international initiative to help educate and empower individuals and businesses to respect data privacy, safeguard data and enable trust.

US Signal is proud to join the National Cyber Security Alliance (NCSA), which officially leads the Data Privacy Day campaign, and organizations around the world in increasing awareness of data privacy issues and best practices. In this blog, we’ll discuss why data privacy is so important and various steps you can take to help protect your customers’ and employees’ data.

What’s the big deal about data privacy?

It is estimated that by 2020, the accumulated digital universe of data will grow to around 44 trillion gigabytes. That’s a lot of data being processed, analyzed and stored. Much of it is personally identifiable information (PII), a category of sensitive information that is associated with a person, such as an employee, student, patient or donor.

If it is stolen or altered in any way, it can spell disaster for the individual affected ─ financial devastation, ruined reputation and more. The businesses responsible for protecting that data are also at risk, including massive fines for noncompliance with the many regulatory requirements and industry standards governing data privacy.

What can you do to help ensure data privacy?

You can never do too much to protect your customers’ and employees’ data. Here are a few data privacy best practices to consider:

Data Collection

  • Obtain consent before collecting data. Inform the individuals whose information you are collecting why you are doing so and obtain their consent in writing. If you collect personal data from a third party, ensure that company has consent from the individuals to disclose it for your intended purpose.
  • Make sure you can show that the individual understands what the process entails for withdrawing consent for using or disclosing his or her data. Any changes in how the data will be used or disclosed requires securing new consent in writing.

Data life cycle management

  • Know what data you have and where it resides. You can't protect what you don't know you have.
  • From HIPAA to GLBA, understand all laws and/or regulations governing how your data is collected, used, accessed, stored and retained. Check to see if your organization will be affected by the General Data Protection Regulation (GDPR). GDPR goes into effect May 2018, and is designed to protect the privacy of EU consumers and keep their data secure.
  • Ensure the secure destruction of old and obsolete data. Inventory all hardware that could possibly house old data and securely dispose of copiers, outdated voicemail systems and even old fax machines.
  • For data that must be retained, choose storage options that employ multi-level security but can still meet your data access needs.

Data protection

  • Encrypt all sensitive data. To protect data in motion outside the firewall, use encryption via a virtual private network and device management to enforce all other desired policies. Encryption is also available for network traffic inside the corporate firewall.
  • Harden all endpoints that access your enterprise systems. Whether your employees use company-supplied devices or their own personal devices, every one of them that can access corporate networks and data should be managed with device management tools that enforce all corporate security policies.
  • Keep all firewalls and antivirus software up to date, and apply all patches and software updates immediately. If your IT staff doesn't have time to handle this, consider outsourcing the task.
  • Make sure you have a comprehensive disaster recovery plan in place, including a multi-pronged backup strategy. This will help ensure you always have the most up-to-date copies of critical data available in the event of a natural or manmade disaster. Don't wait until you need to put your DR plan into action to see if it works. Test it!

Data access

  • Create and enforce policies that limit access to specific types of data to only those that absolutely need access to do their jobs. Automate access-log entries so no one who's had access to a data set goes undetected.
  • Use multi-factor authentication for data access. Require users to authenticate their identities by supplying credentials from at least two of the following authentication categories: something they know, such as a username, password or PIN; something they have, such as a security code sent to a mobile device or accessed via an authentication app; and/or something they are, such as fingerprints, voice recognition, or other biometric indicators.

Make employees your first line of defense

Despite all the advanced technologies in place for protecting data, your employees are your most important asset in ensuring data security and privacy. Train them in data security and privacy protocols. Reinforce their training continually.

Emphasize the role they can play in combatting malware and social engineering attacks. Make sure they understand the risks and ramifications of data breaches, and know how to prevent them.

Build a security culture in which everyone understands the critical value of your data and the need for its protection. Don't restrict your company's focus on data privacy to a single day each January. Make data privacy a year-round priority.

Learn more from US Signal

For more information on data security and privacy, take advantage of the free resources below from US Signal. Or talk to a US Signal expert. Call 866.2. SIGNAL or email [email protected]

Ransomware Q&A
Data Protection 101
10 Tips to Combat Ransomware
Ransomware: Enemy at the Gate