What’s so special about 28 January? It’s Data Privacy and Protection Day, an international event created to promote the need for personal and business data protection across the globe. Businesses of all sizes can benefit from clear, actionable tips on how to improve their data security.
Here are five steps you can take to celebrate Data Privacy and Protection Day and improve your security plan.
Step #1: Learn where your data lives. You can’t complete your security plan until you know exactly what you’re protecting and where it’s stored. The best way to do that is to use an up-to-date centralised information map. Most businesses store data on multiple media types: local disks, disk-based backup systems, offsite on tape and in the cloud. Each technology and format requires its own type of protection.
Step #2: Implement a need-to-know policy. To minimise the risk of human error (or curiosity), create policies that limit access to particular types of information. Designate access based on airtight job descriptions. Also, be sure to automate access-log entries so no one who’s accessed a particular data set goes undetected.
Step #3: Beef up your network security. Your network is almost certainly protected by a firewall and antivirus software. But are those tools up-to-date and comprehensive enough to get the job done? New malware definitions are released daily, and it’s up to your antivirus software to keep pace with them.
The bring-your-own-device philosophy is here to stay, and your IT team must extend its security umbrella over smartphones and tablets that employees use for business purposes. And start planning to protect sensitive data that can be collected by wearable devices.
Step #4: Monitor and inform your data’s lifecycle. By creating a data lifecycle management plan, you can ensure the secure destruction of old and obsolete data. As part of this process you should:
- Identify the data you must protect, and for how long
- Build a multi-pronged backup strategy that includes offline and offsite tape backups
- Assess the consequences of an attack, then address the vulnerabilities revealed in this exercise
- Take paper files into account, since they can also be stolen
- Inventory all hardware that could possibly house old data and securely dispose of old copiers and fax machines, as well as outdated voicemail systems
Step #5: Educate everyone. Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as data attacks increase.
Talk with your employees about vulnerabilities such as cleverly disguised malware and web links in unsolicited emails. Encourage them to speak up if their computers start functioning oddly. Build a security culture in which everyone understands the critical value of your data.
To find out more about the changing EU framework for data privacy and protection, read our paper, Data Protection and Privacy Day – an opportunity to plan and manage the impact of legal change