Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

Data Privacy Day a Perfect Time to Improve Security Policies

By - Source: Toms IT Pro

Use the upcoming January 28 as an excuse to educate employees and improve procedures to protect your privacy and security.

Credit: ShutterstockCredit: Shutterstock"Respecting Privacy, Safeguarding Data and Enabling Trust" is the theme for this year's Data Privacy Day on January 28, sponsored by the National Cyber Security Alliance. The annual event is a great way for small businesses to remind employees about security risks and company IT policies, said Peter Tsai, IT analyst at Spiceworks.

"Maintaining security and data privacy is one of the biggest challenges in small businesses today," Tsai said. "These communications can go a long way to stop rogue IT usage, or at least making users think twice before they act."

MORE: Internet of Things: Small Business’s Latest Security Threat

The need for small businesses to pay attention to protecting data privacy is fairly clear-cut. Hacking has become a big business, as cybercriminals are able to sell sensitive information for a lot of money. Small businesses are the perfect target for data theft because they don't have enough security and privacy protections in place. And yes, cybersecurity and data privacy go hand-in-hand.

"While cybersecurity relates to keeping data protected and secure, data privacy involves ensuring that only the right people have access to sensitive information," said Tsai. "To keep their networks locked down and guarantee the privacy of their data, SMBs need to plan ahead by preparing and implementing policies that cover people, processes and technology."

This is easier said than done, however. The National Cyber Security Alliance found that only 28 percent of U.S. small businesses have formal internet security policies, leaving the remainder at risk, explained Chris Schueler, senior vice president of managed security services at Trustwave.

"Establishing a strict set of security guidelines and training protocols allow businesses to be proactive and gives them a peace of mind in knowing that their employees are capable of handling sensitive and personally identifiable information," Schueler said.

Creating security and privacy guidelines is an excellent way for small businesses to celebrate Data Privacy Day (January 28). Here are some other tips:

Make Sure Employees Understand the Risks

Employees need to stay informed about the potential security implications of their actions, particularly when managing sensitive corporate data, Tsai pointed out. "There's always a danger that workers won't think through data privacy concerns when sending emails, sharing files or using cloud services. However, if employees are aware of the risks, they'll at least think twice before they act."

MORE: What Mr. Robot Can Teach IT Professionals

Adopt Applications Designed to Secure Data

Set Data Privacy Day as a time to renewed focus on adopting and implementing applications and tools that will secure apps and data with all files including emails, whether the files are at rest or in transit, suggested Adrian Phillips, senior manager of product marketing at Citrix.

Stop Collecting Unnecessary Data

The best way to protect privacy is simply to not collect unneeded data to begin with, advised Sophos senior security advisor Chester Wisniewski. "Data you don't have can't be stolen, subpoenaed or lost."

Consolidate Identities

Verizon’s 2016 Data Breach Investigation Report reported 63 percent of data breaches involve weak, default or stolen passwords. For this reason, said the security professionals at Centrify, it is critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible.

Know Your Administrators

In addition to a carefully enforced provisioning and de-provisioning process for your users, make sure you know who in your company has admin access to your resources, Ethan Ayer, CEO at Resilient Network Systems, advised. "It is common for rights to be granted when someone is on vacation or to solve some short-term problem, but rarely do people systematically return to each critical resource to remove admin privileges that live on beyond their usefulness."

Restrict Public Wi-Fi

Many businesses offer public access to Wi-Fi internet connections, said Charles Lee Mudd Jr., the principal attorney at Mudd Law, who focuses his practice in data security and technology. "If your business offers Wi-Fi, the Wi-Fi should not be on the same router or modem as the internal network to which the business computers and data connect."

If, however, public Wi-Fi has to share a modem or router with company Wi-Fi, keep the public separate from the internal network. "In other words, a computer on the Wi-Fi network should not see devices on the businesses's internal network," Mudd added. Additionally, the Wi-Fi password should be set to a password other than the manufacturer's established password, and any shared access should require a password to connect.

Ensuring data privacy is a task that requires the cooperation and effort of everyone in the company. Because Data Privacy Day always falls on January 28, it's easy to highlight the date on your calendars to take the time to review and update privacy policies.

Comments