Products + Services Data Centers Industries Learn About
There seems to be a special day, week, or month for just about anything – from National Sourdough Bread Day (April 1) to National Cell Phone Courtesy Month (July.) Even data privacy has its own week. This year the National Cybersecurity Alliance’s (NCA) National Data Privacy Week runs January 22-28 and is meant to help educate and empower individuals and businesses to respect data privacy, safeguard data and enable trust.
Data privacy may not seem like a big deal ─ until it’s your data that’s no longer private. We’re not just talking about things like Social Security numbers, credit card information, or medical history. Do you really want someone to know your daily running routes (available through your fitness tracker) or the times of day you’re normally not at home (via home activity sensors)?
Sensors are embedded in many things these days, from automobiles to personal healthcare devices. As a result, each of us generates a lot of data. Increasingly, that data is tightly interwoven with who we are, what we do, and even what we may do in the future. (Yes, there’s a booming industry in predictive data analytics.)
With so much data created daily, it’s difficult to know who’s using it, who’s sharing it, who’s buying it, and what they’re doing with it. Plus, there seems to be no end to the occurrence of data breaches (some we hear about, many we don’t) in which massive amounts of personal information is stolen for nefarious uses or held ransom.
That’s why data privacy is a big deal ─ and why Data Privacy Week serves as a good reminder to be diligent about protecting your data at both the personal and organizational levels.
There’s plenty of information online about protecting your personal data, and most of us like to think the companies we work for have a solid grasp on keeping data secure as well. Nonetheless, breaches happen. Personal data is exposed or stolen. While there’s no guarantee that data will remain safe, the following best practices can help your organization keep data private.
1. Adopt a privacy framework. Create a culture of privacy in your organization by building privacy into your business. Check out the following frameworks: NIST Privacy Framework, AICPA Privacy Management Framework, ISO/IEC 27701 – International Standard for Privacy Information Management
2. Educate employees. Make sure your employees understand their obligations, as well as those of your organization, to protect personal information. Engage staff by asking them to consider how privacy and data security applies to the work they do on a daily basis. Teach employees how to update their privacy and security settings on work and personal accounts and train them in data security and privacy protocols. Reinforce their training continually.
3. Know the laws and industry standards. GDPR, HIPAA, and PCI are among the big ones, but there are others as well, such as:
The US doesn’t currently have comprehensive federal-level privacy regulation, but various states are enacting consumer data privacy laws. They include Connecticut, Utah, California, Colorado, and Virginia. Other states are expected to follow suit or have already implemented some form of privacy legislation.
4. Assess your data collection practices. Whether you operate locally, nationally, or globally, understand which privacy laws and regulations (see #3) apply to your business. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Make sure the data you collect is processed fairly and only collected for relevant and legitimate purposes. Maintain oversight of partners and vendors as well. If someone provides services on your behalf, you’re also responsible for how they collect and use your data.
5. Follow data retention and destruction requirements. Ensure the secure destruction of old and obsolete data. Inventory all hardware that could house old data and securely dispose of copiers, outdated voicemail systems, and even old fax machines. For data that must be retained, ensure you know how long you’re required to keep it. Choose storage options that employ multi-level security but can still meet your data access needs.
6. Know what data you have and where it resides. You can't protect what you don't know you have. Use data lifecycle management tools to locate and identify data throughout your entire organization, including hidden data which may contain sensitive data that requires special handling. Knowing where your data is, what it contains, who’s using it, and more can be helpful on numerous levels.
7. Encrypt all sensitive data. To protect data in motion outside the firewall, use encryption via a virtual private network and device management to enforce all other desired policies. Encryption is also available for network traffic inside the corporate firewall.
8. Harden all endpoints that access your enterprise systems. Whether your employees use company-supplied devices or their own personal devices, every one of them that can access corporate networks and data should be managed with device management tools that enforce all corporate security policies. Also, keep all firewalls and antivirus software up to date, and apply all patches and software updates immediately. If your IT staff doesn't have time to handle this, consider outsourcing the task.
9. Create and enforce policies that limit access to specific types of data to only those that absolutely need access to do their jobs. Automate access-log entries, so no one who's had access to a data set goes undetected.
10. Use multi-factor authentication for data access. Require users to authenticate their identities by supplying credentials from at least two of the following authentication categories: something they know, such as a username, password, or PIN; something they have, such as a security code sent to a mobile device or accessed via an authentication app; and/or something they are, such as fingerprints, voice recognition, or other biometric indicators.
For more information on data security and privacy, take advantage of the free resources below from US Signal. Or talk to a US Signal expert. Call 866.2. SIGNAL or email [email protected]
Ever find yourself lost in the sea of acronyms that is today’s tech landscape? Well, strap in, because today we're navigating the choppy waters of SASE and SSE. This isn't just another tech talk; it's your compass to understanding two giants in the network security realm. So, whether you're a tech guru, a business leader [...]
We can't say this enough when it comes to colocation — and data centers in general. Location matters. And if that data center location is in the Midwest, all the better. Sure. With all the advanced networking services and technologies available, even the most tech-dependent businesses and their employees can operate from [...]
Expect to see the cybersecurity landscape continue to change throughout 2024. There will likely be increased regulatory scrutiny at the federal and state levels over the coming year as government authorities seek to encourage prompt, accurate, and complete disclosure of security threats and management-level preparedness. [...]