Data Privacy Day: 5 Best Practices You Can’t Ignore
Data Privacy Day is a good opportunity to up the ante on data protection in the workplace.
Held every January 28th, Data Privacy Day, which is also known as Data Protection Day, highlights the importance of data security and privacy in and out of the workplace.
Protecting data is more important than ever. The Breach Level Index from digital security company Gemalto showed that in the first half of 2016 there were 974 publicly disclosed data breaches resulting in the theft or loss of 554 million data records around the world. That’s a 31% increase compared to the previous six months. Those numbers also translate to 3.04 million records being compromised every day.
Data Privacy Day is designed to help. This year the theme is ‘Respecting Privacy, Safeguarding Data, and Enabling Trust’. To create awareness, the National Cyber Security Alliance (NCSA) and the Online Trust Alliance (OTA) encourage workplace initiatives such as ‘lunch and learn’ sessions, a speaker series with security experts, and workplace reminders including privacy posters, corporate email signatures, and web banners.
Here are 5 best practices to highlight on Data Privacy Day:
Password hygiene. Stolen user credentials are often used in data breaches with about 63% of them using weak, default, or stolen passwords, according to the 2016 Verizon Data Breach Investigations Report (DBIR). Effective password management includes multi-factor authentication, a password manager for generating and storing passwords, and a log-in abuse detection system.
Encryption: A data encryption policy is important defense against a breach becoming a corporate crisis. Encryption makes digital information unreadable whether it is at rest, in storage, or in transit. That helps protect the information if it is lost or stolen. Encryption can help contain an attack, and it may pre-empt notification as specified by breach regulations, advised OTA.
Mobile device management. According to a 2015 Citrix Mobile Analytics Report, 61% of the workforce do their job outside the office at least part of the time with help from an average of 3 plus mobile devices. With this kind of reliance on mobile devices, organizations need a comprehensive mobile device management program. Some of the privacy safeguards to put in place: authentication to unlock a device, locking out devices after failed attempts, and teaching employees to never leave equipment unattended.
Social media guidelines. Increasingly, people are tweeting, linking, and connecting on company equipment and networks. A social media policy can help protect corporate information and ultimately, an organization’s reputation. Provide on-going training about the policy, and teach everyone to be mindful about what they post online. Set privacy and security settings on web settings and devices.
Secure information destruction. Some workplaces still need to improve information disposal practices.The 2016 Shred-it State of the Industry Report showed that only 57% of C-suite executives and 43% of small business owners (SBOs) have a protocol for storing and disposing of confidential paper data; there are similar statistics for digital data disposal. Partner with a reliable company that provides secure destruction services for paper documents and hard drives and e-media.
Learn how a document management policy protects confidential information from creation to disposal.