Today is Data Privacy Day. So, what’s important to know this year? In short, a lot of things.
Thanks to COVID-19, we are all a little more digital these days. This, of course, means there is more information being transmitted digitally and thus there is more exposure and risk – for both individuals and for businesses.
When it comes to data privacy, the first thing to do is to assess what kind of data you have, and then you can work towards protecting it. To keep things simple, I like to classify data into these three categories:
- First, there is financial data, which is pretty self-explanatory.
- Second, there is personal data, including data about your customers and employees.
- Third, there is strategic data, or anything you would not want your competitors to see.
There are more complex definitions with specific regulatory requirements, but these three categories generally hold up across industry, size and stage.
So, what do you do to protect your data? The answer comes down to a combination of people, process and technology.
People
Ninety-one percent (91%) of cyber-attacks start with phishing. Phishing attempts to trick you into entering your credentials into a fake website or prompting you to download malicious files or apps. Phishing works about 12 percent of the time, which is why it is popular.
All phishing types require you to take action. Make sure that everyone in your family and office know how to catch and release a phish:
- Check the email address and link. (It is Netflix or Notflix?)
- Check the grammar and tone. (Would your boss really ask you to buy gift cards?)
- Confirm with a trusted phone number. (Did your CFO get a new work number?)
LABUR has helped a number of clients secure their supply chains. More attackers are using small suppliers as a way to get their large company customers. A cyber-savvy workforce is the best way to show that your organization is a secure part of the supplier ecosystem.
Process
Processes are often used to create a climate of fear. The average breach takes over six months to discover. You want your people to come forward. Make security interesting to make it stick.
We tailored a Spotify playlist and internal podcast for one client to support refreshed security policy training, in addition to making the training mobile friendly. Otis Redding wants security. Don’t you?
A number of our clients with engineering teams operate Agile methodologies. By incorporating security into Sprint 0 at the beginning of a project, client teams significantly reduce their amount of rework.
Technology
Over 80 percent of the successful cyberattacks in the Verizon Data Breach Investigations Report (VDBIR) use exploits that have patches that were available for over a year. Ouch.
When we initially engage, most LABUR clients struggle to keep their systems current. Their biggest issue is a problem of priority. We have helped a number of CIOs make a case for setting aside team capacity to catch up on maintenance to reduce business risk and improve performance.
Be proactive, and focus on minimizing your security risks in the same way you work to minimize your financial risk or your customer/brand risk.
Wishing you and yours a very pleasant Data Privacy Day. If you’d like to reach out and connect with me about any of the experiences or ideas mentioned above, please do! Be well, and stay safe!