Data protection and privacy challenges are constantly evolving the cybersecurity landscape. Ongoing threats to data security, like visual hacking, are prompting government and industry leaders to consider a more disciplined approach to cybersecurity protocols.
To help mitigate these risks, many Canadian enterprises are already adopting more structured privacy plans. How do you know you’ve taken the right steps to help protect your company and customers from data breaches?
Where is your data most at risk? Download whitepaper.
We asked Rebecca Herold, CEO and founder of The Privacy Professor consultancy, and co-founder and president of SIMBUS, LLC, an information security, privacy, technology and compliance management cloud service, for her top data protection and privacy tips to help you prepare.
1. Be informed on data security.
First and foremost, to create an effective privacy plan you need to have a strong understanding of what constitutes a data breach.
Rebecca defines a data breach as follows: “an incident in which sensitive, protected or confidential personal data has potentially been viewed, stolen, altered or used by an individual unauthorized to do so.”
2. Implement multiple layers of data protection.
You need multiple layers of data protection in your privacy plan to help avoid data breaches. Rebecca refers to this security approach as “defense-in-depth.”
Consider using multiple data protection tactics. This might include a combination of firewalls, data encryption, two-factor authentication, clean desk policies, and password protection screensavers.
Physical screen protection, like privacy filter screens, can also be an effective tactic. Products like 3M™ Privacy Filters, for example, help block out side views to help ensure data protection from visual hackers. These products are available in multiple sizes to accommodate various devices.
3. Be aware of your surroundings.
From open-concept office spaces to high-traffic areas, it’s important to help protect your data against visual hackers with privacy filter screens.
“I’ve personally witnessed visual hacking many times while traveling, increasingly so in recent years,” Rebecca says. “On planes, where seating is more crowded than ever before, it’s common to see at least a handful of people on their laptops, often doing business emails, working on spreadsheets, or writing/reviewing reports. I’ve even seen customer lists, with the company name in full view.”
4. Understand your legal obligations.
When you are dealing with personal information from your customers, there are regulations in place governing how it is protected and used. It’s critical that you understand and account for these data security requirements in your privacy plan.
“All four of the Canadian Privacy Statutes include provisions about safeguarding personal information,” Rebecca explains. “These provisions require companies to implement reasonable technical, physical and administrative measures to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, modification or destruction.” 1
“And, of course,” she says, “there’s the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. It will require organizations worldwide to implement comprehensive data protection programs that govern how they control and process personal data of individuals in, and citizens of, the European Union.”
5. Know how to respond when data security is compromised.
In the event of a data breach, you must be able to respond quickly.
“If information is obtained from screens or other physical security weaknesses, the data breaches could ultimately result in millions of dollars of fines, and penalties including many years of ongoing oversight from regulatory authorities,” Rebecca says. “Organizations may also be required to provide immediately upon request documentation to prove they have implemented comprehensive privacy controls.”
Having detailed roles, responsibilities, and processes in place can make a big difference, ensuring all stakeholders understand their role in mitigating data security breaches.
This article was originally published here.