Your Employees Are Integral To Enterprise Privacy: Three Tips For Protection
CEO and Co-founder of Living Security, turning people from cybersecurity risks to strengths.
Privacy concerns are top of mind for businesses right now as the U.S. government gets ready to propose stricter rules requiring companies to be more transparent about data breaches and leaks. The cost of these breaches is also growing. For perspective, it's estimated that the most expensive data breach of the 2020s to date cost the company upward of $58 million.
An organization's employees are the key to mitigating this type of risk by delivering regular training and creating a culture in which end users feel comfortable coming forward to report potential attacks. Employees also need to have a firm understanding of data security and the company's privacy policies so that they are aware of the important role they play in protecting the business and its customers.
Here are three actions to take to make your employees your best defense in data protection.
1. Take an inventory of your current private data, back it up and delete anything that you don't need.
Cybercriminals most often target the most important and private data to secure the largest ransom possible if they are able to penetrate your network. If you have that data backed up, they'll have less leverage. Furthermore, if you don't have an inventory of what data you have and where it is stored, it can take an inordinate amount of time to verify what is compromised and missing, leading to costly losses in employee productivity and system downtime.
Take inventory of what documents you have and where they are stored. That includes employee files. Keeping an unnecessary backlog of records once an employee has left the company, for example, is a liability and will result in far more individuals being involved if a breach does occur. Create a record retention policy and be transparent with employees about how you'll dispose of private information should they leave.
Also, regularly remind employees about their own part in making sure that customer data and other proprietary information that they are storing on their own devices and even in their email accounts are secure. Even emails sitting in an employee's junk or trash folders can lead to unnecessary risks.
2. Emphasize the importance of reporting possible breaches, and remove the culture of fear.
3. Rethink your remote work and bring-your-own-device policies.
The shift to remote work has created a new and unique set of challenges for security professionals, including new privacy concerns. Employees have gotten used to working from home and often mixing their devices, using professional devices for personal use and personal devices for work.
This seems harmless, but it's a major security risk. Emphasize proper device use and data privacy measures with your employees, including limiting access to work devices to other household members, never opening confidential files from personal devices and regularly deleting all private data stored on a personal device. This is also a good time to update basic employee cyber hygiene habits regarding password creation and using multifactor authentication.
The waters surrounding data privacy are only going to get murkier. Regular conversations with your employees to create a culture where securing data is second nature is the first step in preventing a costly breach that damages both your bottom line and your organization's reputation.