It seems there is no end to the steady stream of high-profile data breaches. In the first six months of 2022 alone, everyone from government entities like the Texas Department of Insurance to healthcare providers such as Kaiser Permanente and companies like Crypto.com has been affected. It’s no wonder why regulators are doubling down on security and privacy issues and working to develop new directives. As a result, many technical leaders and
executives are taking a closer look at how they handle data security and privacy procedures within their organizations. Protecting information that can identify employees, customers, clients, or business partners stored within your organization is critical. That data is likely used to conduct daily operations. making it immeasurably valuable. However, it is also incredibly vulnerable to identity theft and fraud, leaving companies of all kinds at risk – especially given evolving
data privacy legislation. Show
Are you collecting data on your website from individuals in the European Union? Marketing products in that region? Then you must comply with GDPR; otherwise, you will be facing the potential for significant fines and penalties. 1. Take Inventory of Your DataThe foundation of the security and privacy program is data and system asset inventory and maps. Data sets need to provide valuable information about the types of data collected and where they are stored and transmitted to identify third parties who can access the data. Mappings help teams understand this flow of data. During this process, take stock of servers, devices, and cloud services used to collect, store, and transmit data. Include information being stored on mobile devices and personal devices, including PC hard drives and flash drives. This is key in meeting subject data requirements, identifying employee-related risks and training opportunities, and ensuring proper data security management. 2. Minimize the Data You KeepLess data means less opportunity for the bad guys. Limit data collection and retention to only the minimum necessary for intended purposes. Any personally identifiable information should only be retained for as long as needed to complete any intended tasks. A best practice at the onset of data collection is to collect only the required information. If additional personal information is not essential for the intended purpose collected, scrub data sets to remove these data fields. Retaining personal data for longer periods of time also increases the risk of a data breach if and when an incident occurs. By minimizing the amount of data stored, we reduce the risk of personal information theft and fraud... Also, deploying methods to anonymize the data properly can further curtail the risk. 3. Safeguard Data with a Trifecta of ControlsImplement a trifecta of physical, technical, and administrative controls to safeguard personal information. These safeguards are meant to reduce the risk of data damage, loss, or alteration as well as minimize the risk of unauthorized access. It
may seem unthinkable, but a simple compromise can start at the ground level with physical access. These breaches often involve unauthorized access to stored documents; perhaps files were left in an unlocked cabinet or accidentally left on a printer. Alternatively, a dishonest employee may have found a way to watch how other team members enter their passwords into key systems to gain access. Furthermore, Mother Nature can play a role here too, as the integrity of the physical infrastructure can
be compromised following a natural disaster.
To implement technical controls consider deploying software and other technologies that handle encryption and multi-factor authentication to mitigate risks. And finally, implement administrative controls that leverage policies, procedures, and employee training to ensure best practices are being followed. 4. Don’t Make Your Data “Trash” Someone’s TreasureThe adage “one person’s trash is another’s treasure” absolutely holds true for information security in terms of identity theft and infiltration of data. As such, it is important to ensure that personally identifiable and protected information is stored securely, retention periods comply with regulations, and the data is disposed of properly. Conduct proper disposal of physical copies of personal and protected data. Ensure regulatory requirements for the disposal of certain types of protected data are met. In addition, wipe data from devices, flash drives, and hard drives prior to disposal. And don’t forget about any PC that is undergoing refurbishment. Those devices must also be wiped and overwritten to prevent old files from being recovered. 5. Get Proactive and Get a PlanData breaches are costly on several fronts; financial, reputation, consumer trust, etc. To help mitigate these costs, ensure you have an incident response plan in place. Assign a senior staff member to coordinate response efforts with a backup point of contact and keep a written document that outlines the contingency plan to ensure operations are maintained. Employees should also have designated documented roles and responsibilities. Strategic incident response is important to respond swiftly, reduce the impact on your business operations, and mitigate the risk of additional losses. As regulations continue to evolve and security threats increase in volume and complexity,
organizations need to be proactive. Prioritizing information security and privacy programs, processes, and procedures to safeguard data throughout the organization and its lifecycle is paramount. By employing these data privacy best practices, your organization can reduce the risks to your business. MORE ON DATA PRIVACY
What are best practices for protecting private data?Top 14 Data Security Best Practices. Understand data technologies and databases. ... . Identify and classify sensitive data. ... . Create a data usage policy. ... . Control access to sensitive data. ... . Implement change management and database auditing. ... . Use data encryption. ... . Back up your data. ... . Use RAID on your servers.. How can you help to protect data within your Organisation?Let's look at the most successful ways to protect data in an organization and ensure corporate data security.. Advanced protection against external threats. ... . Knowing where data is and where it's going. ... . The use of encryption across the board. ... . Educating employees at all levels. ... . Creating BYOD policies.. What do organizations need to do to secure and protect information?5 Ways Your Organization Can Ensure Improved Data Security. Train Your Workforce. ... . Embrace a Data-Centric Security Strategy. ... . Implement Multi-Factor Authentication (MFA) ... . Set Strict Permissions for the Cloud. ... . Exercise Vigilance for Patch Management. ... . Just the Beginning of Data Security.. |