securitymagazine.com, January 28, 2022, Maria Henriquez
Data Privacy Day is not just a day anymore. For the first time, it’s Data Privacy Week — a week-long effort to empower individuals and enterprises worldwide to respect privacy, safeguard data, enable trust, and just as important, raise awareness and promote privacy and data protection best practices.
This year, the National Cyber Security Alliance (NCSA) promotes and encourages enterprises to respect privacy. According to the Pew Research Center, 79% of U.S. adults report being concerned about how companies are using their data — as such, respecting consumers’ privacy is a crucial strategy for inspiring trust and enhancing reputation and growth in your business by being open and honest about what data is collected, used and shared with third parties.
In addition, the NCSA is encouraging enterprises to take the following steps to achieve and maintain privacy:
- Conduct an assessment: Conducting a review of data collection practices is a critical step to understanding which privacy laws and regulations apply to your enterprise. Just as critical is maintaining oversight of partners and vendors as to how they collect and use consumers’ personal information.
- Adopt a privacy framework: Researching and adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business. Get started by checking out the following frameworks: NIST Privacy Framework, AICPA Privacy Management Framework, ISO/IEC 27701 – International Standard for Privacy Information Management.
- Educate employees: Organizations can create a culture of privacy by educating employees of the role they play in protecting assets and information.
To create dialogues among stakeholders, raise awareness and encourage compliance with privacy laws, Security compiled detailed perspectives, as well as some tips for better protection of sensitive corporate data, from the following security industry experts:
Ryan Abraham, virtual CISO, Wisetail:
Data privacy is incredibly important in the HR industry. HR professionals are entrusted with employees’ sensitive data — from social security numbers to phone numbers to home addresses and more — so it’s vital that every company takes the proper steps to ensure that data is safe.
One important step here is to certify your organization as SOC 2 compliant. SOC 2 is based on five factors — security, availability, processing integrity, confidentiality, privacy — and the certification tells users that your organization maintains a high level of information security and handles their data responsibly. Additionally, SOC 2 compliance ensures that your organization has implemented security practices to defend itself from cyberattacks and breaches.
Another great way to honor Data Privacy Day this year is to start regular employee training on data privacy best practices, which can be easily created and assigned to your team through a learning experience platform (LXP). These training courses can educate employees on how to spot a phishing attack, create strong passwords, avoid suspicious and dangerous websites, and more. Your employees are your first line of defense against data privacy threats, so it’s essential that they are equipped to keep themselves and your business safe.”
Software bots — little pieces of code that do repetitive tasks — exist in huge numbers in organizations around the world, in banking, government and all other major verticals. The idea behind them is they free up human staff to work on business-critical, cognitive and creative work, but also help improve efficiency, accuracy, agility and scalability. They are a major component of digital business.
The privacy problem arises when you start to think about what these bots need so they can do what they do. Much of the time, it’s access: If they gather together sensitive and personal medical data to help doctors make informed clinical predictions, they need access to it. If they need to process customer data stored on a public cloud server or a web portal, they need to get to it.
We’ve seen the problems that can arise when humans get compromised, and the same can happen to bots — and at scale. If bots are configured and coded badly, they can access more data than they need to, the output might leak that data to places where it shouldn’t be.
Likewise, we hear about insider attacks and humans being compromised to get at sensitive data virtually daily. Machines have the same security issues; if they can access sensitive data and they aren’t being secured properly, that’s an open door for attackers — one that can put individuals’ privacy at risk. Attackers don’t target humans to get to data; they just target the data. If machines-especially those in charge of automated processes (think repeatable tasks like bank transfers, scraping web data and moving customer data files) are the best path to take to get to it, that’s the one they will choose.
Read the full article on securitymagazine.com here >
Read the full article on industrytoday.com here >
Read the full article on drj.com here >
Read the full article on vmblog.com here >
Read the full article on enterprisesecuritytech.com here >
Read the full article on thecyberwire.com here >
Read the full article on industrytoday.com here >
