Data Privacy Day: 5 Steps to Privacy Awareness and Protection

Proud To Sponsor Jason's World Marathon Challenge
OfficeTeam Proud To Sponsor Jason’s World Marathon Challenge
December 20, 2017
The Six Major Risks and Benefits of Supplier Consolidation
January 23, 2018

Protecting personal data has always been a serious compliance issue for businesses. Privacy breaches and cyber-attacks could occur anytime no matter the industry and size, so it is essential that steps are taken to protect your employees, customers and intellectual property.

The National Cyber Security Alliance (NCSA) is leading the Data Privacy Day project on January 28th and aims to raise awareness, promote privacy as well as highlighting the best practices for data protection. They have identified five stages that can help businesses protect assets and mitigate the losses during any future incidents:

1. Identify

The first step is to identify the main components that are critical to your business. These will be any assets and systems that could cause your business difficulty operating if they were compromised and/or could be a high value target for cyber criminals.

Once a business understands how valuable its data and technology is, it is better positioned to protect it and identify potential security weaknesses. This is essential for data law compliance as The General Data Protection Regulation (GDPR) states that companies will be more accountable for the data they hold and can face costly fines if not protected correctly.

2. Protect

Once you have identified your critical business assets you must then implement a plan to protect them. The GDPR reiterates that data protection is fundamental to every business as you are responsible for protecting the privacy of each and every asset and individual within the company.

Your goal is to teach employees how to protect themselves and the business and understand the cyber risks as your business grows or new technologies are added. Implementing basic cyber security processes and protocols will help all employees understand the role they play in making sure privacy is achieved and maintained.

3. Detect

Detection is all about knowing the threats applicable to your business. You must make sure you have in place the right security services which can help to monitor your networks.

If you train your employees to spot potential threats then they are likely to discover an incident faster. This means you have more time to mitigate the impact and return to normal operations.

This will become more important, as come the 25th May when the GDPR comes into force, if a breach occurs, businesses only have 72 hours to notify the data protection regulation agency or face the costly repercussions of non-compliance.

4. Respond

If you do fall victim to a cyber-breach you must make sure your business is prepared to respond in the best possible way. You need to make sure that customers and employees are able to trust you to get things back to normal, quickly. You will need to be ready to:

  • Resolve the problem (e.g. fix your network, restore data)
  • Identify what’s been lost and who has been impacted
  • Continue operations while problems are fixed
  • Communicate with customers and employees
  • Comply with applicable laws
  • Report to appropriate agencies

5. Recover

The final step to keep your business secure is to plan a recovery ­­­strategy should a cyber-incident take place. You must assess:

  • The type of attack that took place
  • When the attack took place
  • What assets were affected
  • How it will affect customers

Your recovery tactics all depend on the type of cyber-attack that has taken place. For example, if private customer information was stolen you must respond to your customers in line with applicable laws and with the advice of communications and legal counsel. You must then make sure that stronger security protocols are applied to your business and all employees are trained in protecting credentials and made aware of which apps and websites are safe to use at work.

Ultimately, you should be making sure that you’re continuously monitoring the cyber health of your company. This includes implementing a risk review of new technologies you may incorporate into your business and plans for maintaining the cyber-security of the new technology over time.

Are You Data Privacy Aware?

Businesses constantly rely on the confidentiality, integrity and availability of data. However many are still unaware of, and uninformed about, how their personal information is being used, collected or shared in our digital society. It is important that businesses follow steps to ensure information is kept as secure as possible and employees are educated in data awareness and protection. Click here for more information on Data Privacy Awareness.

 

Sources:
https://staysafeonline.org/
https://blog.malwarebytes.com/101/2017/02/what-to-do-after-recovering-from-a-cyberattack/
http://www.meetpie.com/documents/archives/MIT_383775_DATA%20PROTECTION.pdf

You might find this interesting:

Leave a Reply

Your email address will not be published. Required fields are marked *