For 2022, the National Cybersecurity Alliance (NCA) expanded its Data Privacy Day campaign into a full week-long initiative ─ January 24-28. It’s meant to help spread awareness about online privacy.
But as we know, data privacy isn’t just a week-long event. The actions the NCA is promoting through its campaign can help both individuals and businesses keep their data safer all year long. The following are a few of the highlights from the NCA’s press materials, along with some additional recommendations from US Signal.
Understand the privacy/convenience tradeoff. Many applications and service providers ask for access to your geographic location, contacts list, or other personal information before you can use what they’re offering. Make informed decisions about whether or not to share your data by considering the amount of personal information being asked for, and weighing it against the benefits you may receive in return. Be wary of apps or services that require access to information that isn’t required or relevant for the services offered. Delete unused apps on your internet-connected devices and keep others secure by performing updates.
Manage your privacy. Once you’ve decided to use an app or set up a new account, check the privacy and security settings on web services and apps. Set them to your comfort level for information sharing. Each device, application, or browser you use will have different features to limit how and with whom to share your information. NCA’s Manage Your Privacy Settings page provides useful information for checking the settings of social media accounts, retail stores, apps, and more.
Protect your data. Keep your data secure with long, unique passwords. Avoid using passwords that are easy to guess, such as your name and birth date. Store them in a password manager. Never share your passwords. Add another layer of security by enabling multi-factor authentication (MFA) wherever possible, especially on accounts with sensitive information.
Respect customers’ and/or end users’ right to privacy. Be open and honest about how you collect, use and share their personal information. Think about how they may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely what privacy means to your organization and the steps you take to achieve and maintain privacy.
Assess your data collection practices. Whether you operate locally, nationally, or globally, understand which privacy laws and regulations apply to your business. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Make sure the data you collect is processed in a fair manner and only collected for relevant and legitimate purposes. Maintain oversight of partners and vendors as well. If someone provides services on your behalf, you’re also responsible for how they collect and use your customers’ personal information.
Employ strong data management practices. Here are some suggestions:
+ Know what data you have and where it resides. You can't protect what you don't know you have.
+ Understand all laws and/or regulations governing how your data is collected, used, accessed, stored and retained.
+ Ensure the secure destruction of old and obsolete data. Inventory all hardware that could possibly house old data and securely dispose of copiers, outdated voicemail systems and even old fax machines.
+ For data that must be retained, choose storage options that employ multi-level security but can still meet your data access needs.
+ Encrypt all sensitive data. To protect data in motion outside the firewall, use encryption via a virtual private network and device management to enforce all other desired policies. Encryption is also available for network traffic inside the corporate firewall.
+ Harden all endpoints that access your enterprise systems. Whether your employees use company-supplied devices or their own personal devices, every one of them that can access corporate networks and data should be managed with device management tools that enforce all corporate security policies.
+ Keep all firewalls and antivirus software up to date. Apply patches and software updates immediately. If your IT staff doesn't have time to handle this, consider outsourcing the task.
+ Create and enforce policies that limit access to specific types of data to only those that absolutely need access to do their jobs. Automate access-log entries so no one who's had access to a data set goes undetected.