January 28 is an important day, not just because it is National Kazoo Day, Armenia’s Army Day or that it is New England Patriot’s kicker Stephen Gotskowski’s birthday, no it is important because it is Data Privacy Day. Now, I know that you are hearing this and potentially rolling your eyes and thinking about other strange holidays like “Take Your Dog to Work Day”; however, here is the thing, data privacy is more critical today than it ever has been before.
Just think about all the information stored on your home computer, tablet or mobile phone – would you be upset if a hacker got hold of it? I know that I would be. The good news is that you are not alone. Iron Mountain’s recent Data Protection Predictors survey found that “Data loss ranks as a number one concern of IT leaders.” Let’s look at seven things you can do to improve your data privacy.
1. Encryption – A great way to secure your information is to make sure it is encrypted irrespective of device. Many people think carefully about encrypting data tapes as they are transported outside the data center, but what about other assets that contain critical information such as phones, tables or hard drives?
2. Maintain an information lifecycle plan – Critical element of information security is storing what you need securely (see #1), but also removing what you don’t. Face it, information that is securely deleted is information that can’t be stolen. Thus, you should create a plan to manage the lifecycle of your information from creation through deletion.
3. Know where your information is stored – There are a range of storage options available to IT administrators including local disk, replicated disk, tape and cloud. You need to think carefully about which mediums you are using and how you are protecting your data stored there. It is not that any solution is inherently unsafe, but you might want stricter security and encryption on data that could be more easily compromised.
4. Secure password – The unfortunate reality is that passwords are the primary authentication mechanism in use today. You must think carefully about the passwords you use to ensure that you have complex ones that are hard to guess and ideally, you should further enable two-factor authentication for an additional level of security. Also remember that many people store passwords in some kind of file. How is that stored and protected (see #3)?
5. Create an end-of-life plan – Critical business information can hide throughout the organization. Basic devices like copiers, fax machines or even voicemail systems can yield a trove of private information if in the wrong hands. You need to create an effective end of life plan to ensure that these systems are disposed of in a consistent and reliable manner.
6. Network/PC security – While firewalls and virus scanning software is common place today, you can never be too cautious. You must make sure that both of these critical security elements are up-to-date with the latest versions and security definitions.
7. Education – Knowledge is the best defense and you must be sure that your entire organization is aware of information privacy risks. Remember that even the best security can be vulnerability to social engineering attacks and according to InformationWeek, 48% of large businesses have suffered from these costing between $25,000 and $100,000 per incident.
With today’s rapid data growth and our businesses becoming more and more data-centric, data privacy is more important than ever. We all must take an active role to ensure that our personal and corporate information is protected from loss or theft. While there is no foolproof solution, these seven simple strategies will go a long towards enhancing your information security. Happy Data Privacy Day and may your data be safe and secure in 2014!