Today we celebrate Data Privacy Day 2019! Led by the National Cyber Security Alliance (NCSA), Data Privacy Day 2019 draws attention to the business practices utilizing personal data, the security risks concerning employee and consumer data, and better data privacy management.
In a press release Kelvin Coleman, Executive Director at the NCSA, dived into detail about the day. “As we continually share more data on our connected devices, businesses are collecting and using this personal information more than ever before. Just think about everything we do online – from healthcare and banking transactions to posting family vacation photos to pinpointing our location at any given time.”
“Data Privacy Day provides an opportunity for everyone to encourage organizations to improve data privacy practices and inform consumers about the number of ways their information is being used.”
“In short, privacy is good for business. If companies protect data and respect privacy, they will earn the trust of their customers. It is, however, up to all of us to learn about and practice simple steps to help protect our personal information.”
What can enterprises do to honor Data Privacy Day 2019? How can they improve their data collection practices to carry the spirit of the day throughout the whole year? Here are some best practices to follow:
Treat Data Valuably
If someone entrusted you with a diamond ring or the deed to their house for safekeeping, where would you put it? Would you just leave it on a countertop? Or would you put it in a secure spot only you and the owner knew about and could access?
If you said the latter, then you have the right attitude; now you need to apply it to your consumers’ and employees’ data. Their personal information is just as valuable, if not more valuable, than tangible objects. You should treat their data as such.
When collecting data, first make sure you only store the data you absolutely need. This reduces the damage a hacker could wreak if (worst case scenario) they do manage to penetrate the network.
Second, make sure the databases possess the proper authentication security surrounding them. Valuable data should only be accessible to the employees trusted to use it as a part of their work duties. You should utilize multifactor authentication and granular authentication to ensure its protection.
Don’t treat data as disposable. Treat it as a precious material, and secure it with that attitude in mind.
Communicate You Usage
Communication forms the other critical half of the equation of Data Privacy Day 2019. Consumers cannot adequately protect their data if they do not know what data your enterprise uses or collects. You should communicate with your consumers so they know what to expect when it comes to their data.
This not only includes what data you collect but also:
- The data you store.
- How long you store that data.
- How you transfer the data to third-parties.
- Why you transfer certain data to third-parties.
- A general outline of how you secure data.
In other words, sharing data usage information not only helps consumers understand their data privacy but also helps to build trust in your enterprise’s consumer base. You may feel communicating so directly risks damaging your business processes. However, transparency strengthens data privacy.
Share Only When Absolutely Necessary
Do not share consumer data arbitrarily. If we could repeat that mantra over and over again, we would. If you trust your consumers’ data with any third-parties, make sure you have vetted those third-parties and their cybersecurity thoroughly ahead of time. Above all, make sure you share data only when absolutely necessary for your business dealings.
Be More Privacy-Aware
What specific password security best practices can enterprises utilize on Data Privacy Day 2019? What identity and access management best practices can they learn? We gathered the opinions of IAM and cybersecurity experts for their thoughts on the day:
Scott Clements, CEO, OneSpan:
Passwords and personal identifiable information are almost guaranteed to be exposed in ever increasingly sophisticated and frequent data breaches. It’s more important than ever to secure and protect the entire digital customer journey, and the data captured within, by taking a layered approach to security. This helps capture and analyze multiple complementary authentication factors and correlational data to establish trusted identities, devices and transactions.
Michael Magrath, Director, Global Regulations & Standards, OneSpan:
Consumers who have not yet upgraded to multifactor authentication (MFA) to login to websites, more often than not, reuse a few static passwords across multiple websites. Given the vast number of password-related breaches over the past few years, the convenient, yet insecure reuse of static passwords exposes individuals to the credential stuffing attack used in this case. Consumers should always use MFA, where available, to add an additional layer of security to protect their privacy. Many websites support MFA today. The good news is, more and more are supporting frictionless solutions such as intelligent adaptive authentication and behavioral biometrics which balance ease of use with security.
Rod Simmons, Vice President of Product Strategy, Active Directory, STEALTHbits Technologies
In giving users flexibility to set any desired password we fail to fix stupid. Carbon-based life forms cannot trip over creating secure passwords. Our challenge as system owners is to prevent users from doing lazy and stupid things. For example, so I don’t forget my password let me include my logon name in it plus by date of birth. Users will go out of their way, unintentionally, and do the least secure thing possible. As an administrator, prevent it.
Martin Cannard, VP of Privileged Access Management Product Strategy, STEALTHbits Technologies:
Sharing passwords between sites is a recipe for disaster, especially when the same credentials are used for business. One exposed password along with an exposed username/password is all it takes to for attackers to brute force their way into your account. Today there is a plethora of personal password management tools which makes the process of maintaining unique credentials a no-brainer. Keep your passwords strong and unique, and NEVER use the same password for a business as you would for personal sites.
Thank you to our experts for their time and expertise today on Data Privacy Day 2019!