Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy
January 28, 2022
January 28th is Data Privacy Day, an international effort to empower individuals and support businesses in the endeavor to respect privacy, safeguard data, and enable trust. This year, the National Cybersecurity Alliance has extended the data privacy campaign to be a week-long initiative. Data Privacy Week aims to create awareness about online privacy, educate citizens on how to manage and secure their personal information, and support businesses in respecting data and being more transparent about how they collect and use customer data.
Data collection and use are present in almost every facet of our lives. This includes the obvious platforms like social media and online shopping, and the less obvious, like exercise equipment and even kitchen appliances. Simply put, our personal data has never been more accessible or valuable !
Governments and regulators around the world work hard to implement regulations and policies to protect personal and private data. But even with the push we've seen in the last year to crack down on negligent data security, technology and innovation continue to grow at a rate that makes it difficult for slow-moving bureaucratic processes to keep up. What's more - the pandemic has forced many businesses and individuals’ daily tasks online. This complicates safeguarding data and has made it a particularly difficult problem to manage. This is why the issue of data privacy is so significant and why individuals and enterprises alike should view the protection of personal data as a team effort.
The responsibility of ensuring good, ethical data privacy practices is on all of us. For the past two years, it's been easy to brush off data privacy risks for the benefit of being able to access and/or purchase anything we needed without having to leave the comfort or safety of our homes. The mountain of delivery boxes in my garage can vouch for that ! But in the rush to transition online, we were all made more vulnerable to cyber infiltrations and scams than ever before.
Since the pandemic began, cyber experts and privacy professionals have noted that forced digital transformation and the need to make systems, processes, and services accessible to employees and clients was a higher priority than ensuring their cybersecurity strategies could keep up. This included privacy and data protection. Likewise, many individuals sacrificed good data privacy habits like only using secured websites to purchase goods, in order to adapt and survive during the pandemic.
Take this as your wake-up call. After two years of simply getting by and brushing best security and privacy standards under the rug, it's time to re-evaluate and reinforce your data privacy practices.
Enterprises have a responsibility to be transparent with and profoundly protective of the data they collect. Good business sits on a strong foundation of trust with all stakeholders and implementing good data privacy practices is one of the best ways to foster trust.
Here are a few tips on how your organization can work to safeguard the personal data you collect.
8 Ways to Improve Your Enterprise Data Protection
Be Transparent
First and foremost, be open and honest about what data your enterprise is collecting and what it will be used for. Include information on how you store and keep the data safe as well. Make this information easy to find on a privacy policy web page.
Collect the Least Amount of Data Necessary
Only collect data that is necessary for the execution of your business and don't keep it for longer than it is needed. Not only will this support your data privacy and security programs, but it also reduces the cost of storage and mitigates the scope of compliance. Once the collected data is no longer necessary, make sure you have processes in place for safe and effective data disposal.
Leverage Privileged Access Management (PAM)
A robust PAM program ensures that only the necessary end-users have access to your organization's assets, including collected data. Regulations including the GDPR require Personally Identifiable Information (PII) to be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing.” A strong PAM program will ensure access to PII is only given to authorized end-users and only for the amount of time necessary.
Assess Your Privacy Compliance & Regulations on a Regular Basis
Regularly follow any compliance directives and regulations that may impact your organization. Keep apprised of your country's privacy laws and national data protection authorities to ensure you are meeting the proper standards. I recommend doing this at least once a year.
Secure Your Supply Chain
Assessing third-party partner and vendor cybersecurity is essential when protecting your enterprise, including the data you have collected. In incidents like the SolarWinds data breach, cyber adversaries can leverage vulnerable security controls of third-party partners in an organization’s supply chain to indirectly target your organization and the data you have access to.
Invest in Security Information and Event Management (SIEM)
Utilize SIEM and leverage a third-party Managed Services support to streamline data logging, correlation & threat intelligence gathering.
Assess Your Security Strategy on a Regular Basis
Ensure that your existing security controls are regularly updated. Determine where you are most vulnerable to cyber-attacks with regular assessments and reinforcements, particularly when it comes to how you are storing, processing, or transmitting data.
Take a Security and Privacy Oriented Approach
Develop your business systems and processes with data privacy and security standards in mind. This will ensure your operations and data privacy strategy are not only aligned but optimized. This includes training and educating your team to be aware of your enterprise privacy standards and be held responsible for upholding the internal security policies and cybersecurity best practices.
Data privacy will continue to be a non-negotiable priority as we move forward. It's important to remember that with great innovation and progression comes an increase in risk. I don’t say this to dissuade anyone from embracing the exciting and impressive advancements we've seen these past two years. Rather, I want to encourage you to consider the risks and opportunities we now have to address them and make our world a more cyber-safe place.
This Data Privacy Day, I challenge you to look for ways to improve your data privacy - whether that's through implementing stronger protocols at work, or even being more mindful when giving your personal information on your digital devices.
To Your Success,
To learn more about how Herjavec Group is advancing the security profiles of enterprise organizations around the world, click here.
I’ve been in infosec for over 30 years and have had the great privilege of evolving and learning as a cybersecurity executive in a space I love. I’m the Founder & CEO of Herjavec Group, one of the world’s most innovative cybersecurity operations leaders. We pride ourselves on keeping enterprises around the world secure from the threat of cybercrime.
This blog has been set up to help me share the insights I’ve gained and experiences I’ve had with all of you…Every month I will post some advice and recommendations for my fellow Cyber CEOs – from current events to forecasted trends, and enterprise security best practices. Make sure to subscribe below and feel free to reach out here with the topics and questions you’d like to see covered!
Let’s collaborate and communicate as we strive to keep our organizations (cyber) safe.
Take the First Step
In Transforming Your Cybersecurity Program
Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.
