World Privacy Day was technically January 28 but thinking about privacy from the perspective of both individuals and companies is important all through the year. As technologies advance, individuals spend more and more time online while companies collect data on their customers. it’s important to ensure that personal – and professional – data is sufficiently protected.
Darren Yablonski, Senior Director, Sales and Engineering for Canada, U.S. and LATAM at Commvault, says it’s important to put measures in place to keep data, including personal data, safe from a variety of threats, like “unauthorized access, use, alteration, or destruction. Data protection,” he adds, “encompasses data privacy and other areas, including backup and recovery, disaster recovery, data security, and more.”
We have discussed before how consumers can protect their data online. But what moves can a company take to secure their data? Here are a few tips to consider for your business.
Keep Data Encrypted
Particularly when the data is personal and confidential, with serious implications should it be released (think healthcare, financial, and legal sectors, for example), it’s important to ensure that data is encrypted so it is protected against cyberattacks.
Integrate Multi-Person Authentication
One strategy some companies are employing is multi-person authentication (MPA) for protected files and programs. This requires that any critical tasks within a company require multiple approvals from authorized users to be completed. It’s a simple measure but one that can help prevent someone from exfiltrating or even deleting critical files.
Conduct a Data Audit
Not all customer files and information need to be retained forever. Run data audits periodically to determine what legacy data is no longer relevant and thus can be deleted. Some industries, countries, companies, or even privacy policies require that certain data must be deleted by a specific timeframe or following a specific outcome (e.g. when a customer cancels an account or has been inactive for a certain period of time). There are ways to automate this process to prevent data from being potentially compromised when it shouldn’t even be there in the first place. Plus, this can also help your systems run more efficiently.
Develop a Plan for an Attack
No company ever wants to consider that it could be the victim of a cyberattack or some other type of data breach. But it’s important to be prepared for any scenario. Called resilience plan testing, notes Yablonski, or having a runbook, a “plan for attack” should entail a plan of action in the event that an unfortunate situation arises, like a cyberattack, malware, or even digital threat. This plan should be continually reviewed, tested, and updated as needed.
Keep on Top of Cybersecurity Training
When it comes down to it, it’s usually human error that leads to most cyberthreats, attacks, and data breaches. Keeping on top of cybersecurity training with employees will help eliminate any potential weak links in the company. This includes individuals both in and outside of the IT department. Training should include cybersecurity awareness and tips on how employees can navigate potential risks and handle potential situations.
Secure Phones, Too
While many companies focus on securing data that is stored locally and/or in the cloud, it’s easy to forget that many employees may have access to data from their business phones. This can provide a sneaky hole into the system. It’s just as important to keep personal and professional mobile devices protected, too.
In celebration of World Privacy Day and Data Privacy Week, Apple is focusing on this with a new Today at Apple session designed to educate iPhone owners on how to safeguard their data. The free, 30-minute session, called “Taking Charge of Your Privacy on iPhone” explores features like Mail Privacy Protection, Safety Check, Location Services, and passkeys. The idea is to teach customers how to customize each feature based on their individual privacy preferences. It is available at all Apple Store locations: you can sign up for an individual, group, organization, or class.
More articles on Cybersecurity