Data privacy ignorance could cost you big time

September 8, 2016

 

data privacyAs a parent, when you hear that your child has gotten into some sort of altercation with another child, you may immediately think the other party was to blame. There’s no way your perfect, well-behaved kin could have caused such a ruckus. Surely you have raised them better than that?

david darmstandler

David Darmstandler

When you think of security and protecting your business’s greatest assets, you think about outside threats. You think of attacks and threats that come from external efforts, like hackers or malicious data terrorists.

Similar to how you think of your child’s behavior, some of your greatest data threats are under your own roof — quite possibly working just down the hall.

Statistics show, data privacy — ensuring that data isn’t misused, misappropriated, or publicly exposed by those who have authorized access — is a growing concern among IT pros.

There are more and more cases where misused internal data has been the root of a major privacy breach or disaster. I know it’s hard to fathom, but your workforce may be misusing private and/or restricted data right now.

You don’t need to be told about the urgency behind data privacy and security. Amid all the news about breaches and mishandled sensitive information, and your own business’s changing infrastructure, government regulations and data growth, it’s hard to keep up with the current state of the market — and what you need to do to stay ahead.

According to a recent survey by Dimensional Research, 93 percent of businesses are challenged by data privacy. A recent survey of IT professionals responsible for corporate data in their organizations sheds light on attitudes, approaches, and challenges around ensuring the privacy of sensitive business and customer data.

Creating a tangible framework for privacy has never been more relevant. We’re constantly confronted with organizations succumbing to epic data breaches. Target, Staples, Anthem and Home Depot have all been victims of complex attacks that exposed huge amounts of customer health and financial data.

But to run a successful business, we must certainly collect personal data — private information about our employees, customers and vendors.

We are forced to capture dates of birth, Social Security numbers, credit card and health information. But the sanctity of this data must be of paramount priority to the organization that is in control of it. Treating private information with anything less than the utmost care isn’t just morally irresponsible, it’s a major legal liability and potential PR suicide.

So where do we store this most private information? How many staff members have access? How and where do we back it up? Do we protect the backup as much as the data itself? These are just a few of the topics that would arise during an examination of an organization’s data practices.

In most cases IT is put at the helm of these data practices. While information will circulate through many departments, in the end it’s placed at the feet of IT to safeguard the company against data loss and leakage. Highly sophisticated network attacks, rather than physical breaches, require IT to act as the first line of defense in our modern, data-driven landscape.

The chosen security platforms and the IT team managing these platforms are essential. Your team is likely working overtime to ensure a secure environment: enforcing strong password policy for all users, managing up-to-the-minute anti-malware subscriptions, requiring encrypted VPN connectivity for all remote workers.

While this is an excellent start, each one of these systems has break-points that must be fully understood. Security is a fast-moving target with each day bringing entirely new exploits that cybercriminals are thrilled to leverage.  We all know it’s possible to lose the forest in the trees — or vice-versa.

A compelling solution is to hire an outside firm specializing in security auditing. Nobody likes the idea of an audit — strangers rooting around in your systems to expose weaknesses. However, if you’re in charge of data security for your organization, an annual review by a reputable firm could provide more peace and shut eye than popping two Ambien.

Investing resources into real solutions for security will not only protect the organization;  it’s just the right thing to do.

Don’t be an ignorant parent. Don’t ignore the warning signs or think that your workforce is perfectly well-behaved. People are people and mistakes happen. Don’t let that mistake be with your critical company information.

David Darmstandler is CEO of Datapath, an IT services company with headquarters in Modesto. You can reach him at david@mydatapath.com.

Leave a Reply

Your email address will not be published. Required fields are marked *