For most companies, enabling employees to work from home has become a necessity. With some studies showing that 70 percent of the workforce will be remote by 2025, advanced technologies such as cloud networks are critical. And while the pandemic has shown us how resilient our technology can be, we must also consider ways to safeguard it.
Data has the potential to be weaponized as criminals use it to target the personal and financial health of individuals and organizations alike. With data privacy increasingly being called the “new corporate social responsibility” and data the “new oil,” organizations must treat personal data with the utmost care.
Here are five steps to improve data privacy at your organization:
1. Take inventory
If data is the new oil, then like any good refinery, you must have inventory. Your organization cannot protect something if you don’t know you own it. To better manage inventory, ensure that you have the tools to provide continuous insight into your security posture – especially in this new era.
2. Understand your risk posture
As we shape the post-pandemic world, many people are implementing changes that make their professional and personal lives easier. Now is the time to step back, take stock, and decide what’s next.
Given the scramble to adapt in the early days of the pandemic, architectural assessments and penetration testing were helpful for organizations to identify their current risk postures. However, now that those temporary changes are likely to become permanent, most companies have limited visibility on what changes happened, how things are connected, and how to move forward.
Fully understanding your organization’s risk posture not only helps you address new vulnerabilities but also identifies opportunities to consider full security redesigns and other more disruptive changes you may have pushed to the back burner due to change fatigue.
3. Establish policies
As mentioned above, data privacy is the new corporate social responsibility. Currently, 80 countries around the globe have enacted some sort of privacy law, with Europe’s GDPR leading the way. Gartner studies predict that 65 percent of the world’s population will be covered under modern privacy regulations by 2023, up from 10 percent.
In the United States, some personal information is gathered, sold, and exploited with very few reprisals. By setting and publishing policies around how to handle data, you can get ahead of future regulations – or at least manage your own data securely and avoid potential breaches.
4. Create a risk-aware culture
Privacy has started to converge with security. It is important that your subject matter experts understand how to protect data in both contexts. Certifications like ISACA’s Certified Data Privacy Solutions Engineer can ensure that your organization has competent privacy technologists to build and implement solutions that mitigate risk and enhance efficiency.
You also need to focus on your end-users. Since much of the world’s workforce will not be in an office this year, training should focus on security at home. In the traditional office environment, organizations had oversight and governance into the technologies and solutions employees utilized and could offer protections on-premises. This new era of training should encompass how people should protect personal assets that now share the same network as their work assets.
5. Implement tools that promote continued security hygiene
Any good security roadmap should incorporate tools that enable the organization to constantly improve. For example, encrypting data both at rest and in transit is paramount. Consider tools to build governance into cloud environments.
One of the most important investments your enterprise must make, regardless of your security maturity level, is to secure your identity. If you have already implemented identity protection, your investment should focus on endpoint visibility, management, and security. If your organization is further along in its digital transformation journey, data protection is key, so consider raising that bar.
Ultimately, organizations must treat personal data responsibly, and citizens must push for repercussions on companies that treat personal data without due care.