So, its Data Privacy Day.
Data Privacy if you are unaware, refers to the way in which your data is being used, collected and shared across digital platforms.
This week is an opportunity for businesses and individguals to come together, across generational and international lines, to discuss ways to better safeguard data and protect privacy.
There’s a lot going on in this campaign, from events held by the National Cyber Security Alliance to 2022 updates.
Making it easy to feel, especially if your new to considering Data Privacy, pretty overwhelming.
You might even be asking yourself: “Where do I start?”
If this is you, don’t worry. We’ve taken a look at the agenda for data security week, and come up with what we think are the two biggest things businesses should be focusing on.
These are firstly your mindset, and secondly, the way your organisation handles logins.
We here at The Final Step encourage a security first mindset in all things. Your organisation’s data privacy is no different.
Data privacy should be a consideration in everything your business does. The financial and reputational consequences of a breach or potential data exposure can be catastrophic. So the more you strive to protect your data privacy, the better.
For this reason, evaluating your data privacy need to be built into your business decision making. When I say this I mean that data privacy should be considered as a matter of course when embarking on new projects or designing new strategies.
If you have project templates when you run something new, do these templates have a section devoted to the impact this project will have on privacy? Do you ensure that the people running a project or changing a process are considering privacy by default?
Also, remember data privacy is not just an issue that crops up with individual projects. It is a major company-wide concern that impacts each department you have differently. For this reason, you should consider asking your departmental heads, from sales to marketing, what their biggest privacy risk is and what actions they take to mitigate it.
Once you start asking what this risk is, how often it’s reviewed and what precautions are being taken, you start opening up wider, useful discussions in your organisation about data security. Discussions from which you can create and establish helpful procedures, rules and requirements to preserve your data security.
You and your staff should have the mindset that data privacy is something you are responsible for at both the individual and collective level.
As data is exchanged, used, collected and shared across digital platforms, the way in which you access these platforms is critical.
How do we access most platforms? Logins.
There are two aspects of logins that must be considered when it comes to data privacy.
The first is a critical component of almost all logins that can be a major security risk - passwords.
The second is a method you can use to improve the security of your logins - Multi Factor Authentication (MFA).
We have long discussed the security risks associated with passwords. Poor password habits, from people using their pet’s name to re-using logins across multiple platforms, are unfortunately widespread in society. As we found from the results of our quiz.
This is a serious problem when a password remains a user’s primary defence against hackers gaining control of their accounts. You need to educate yourself and your employees on healthy password habits in order to shore up your data security and privacy.
This education can’t just be a single PowerPoint at the start of the year without any follow up. As your employees get on with work and need to create new accounts for new processes and platforms, the likelihood they will practice healthy password habits is going to decrease.
Why? Because it takes more time, and when workers need to save time pushing ahead with projects they are likelier to choose convenience over security.
So this education must include frequent refreshers on password security. It must include time spent evaluating password habits within your organisation. And it must include rigid expectations surrounding passwords that everyone within the organisation, including yourself, follow.
Something which we strongly recommend that can improve password habits in your organisation is mandating the use of a password manager. A password manager massively assists in your ability to keep track of an abundance of logins, providing a secure and easily accessible place to access all your passwords.
Furthermore, when it comes to passwords, we believe in a simple principle - if you do it at work, you should do it at home. Due to the rise of remote working, more and more of your employees will be accessing work-related accounts from their personal devices. These devices should have a password manager, the same standards for passwords and of course, MFA.
Speaking of MFA, you should also mandate all your employees enable MFA on their devices and accounts. Something we will discuss in more detail now.
You want MFA enabled as a default on your organisation’s systems, meaning that any time a new user is created it’s a requirement to use it.
MFA can come in many different forms, from secondary identifying questions to biometrics like fingerprint scans. Whatever form it’s in, MFA is the bread and butter of data privacy and security. It’s an absolute essential.
You should have MFA enabled for all of your core services, from logging into your desktop to accessing your main data repository to using collaboration platforms. You should have MFA enabled in fact for all the online services you use while at work. Does your HR software use MFA? Does your software for scheduling in employee leave, use MFA? Does your Amazon account, use MFA?
It may help to make a list of every platform and app used in your organisation, and tick each one off when it has MFA enabled. You may need to investigate if certain apps offer MFA, and if they don’t why this is, but most apps and platforms will have MFA available or have it on their roadmap. Software providers often allow users to suggest and vote on enhancements they would like. If you can - vote for MFA to be put in place.
You also have options as a business owner to make MFA more sophisticated. You can set up certain work devices and locations as secure, to prevent users from needing to use MFA when signing in. You can set up Single Sign On so that you can log into multiple accounts via one MFA login.
And you can even coordinate your MFA with your password database, to make the entire logging in process significantly more streamlined.
There are other areas of data privacy we all should care about, like your privacy settings for sites, but these tend to impact us on the individual instead of on the organisational level.
Like with all cyber security risks, education, awareness and taking the time to establish specific companywide rules are the key to combatting poor data privacy.