It is officially Data Privacy Day—an effort led by the National Cyber Security Alliance (NCSA) that dates back to 2008. This annual initiative commemorates the Jan. 28, 1981, signing of the Convention 108, which was the first legally binding international treaty dealing with privacy and data protection.
NCSA recognizes a number of Data Privacy Day Champions each year. These individuals and organizations demonstrate an unwavering dedication to empowering others to respect privacy, safeguard data, and enable trust online. And BARR Advisory is proud to be a champion once again.
In honor of this global effort, we asked three BARR associates a few questions about data privacy. Take a look!
Q: Why is data privacy so important for companies to keep top of mind?
Ostrowski: Data is one of a company’s most valuable assets. Customers place a great deal of trust in organizations to collect and use their data ethically, which is a big responsibility. Companies who keep data privacy top of mind will ultimately be more successful in the long run.
Kline: Data privacy is extremely important because the company’s reputation is at stake in the event of a data breach. Customers rely on companies to store their data in a secure way, and any data breach could cause a loss of customers as well as, potentially, pricey lawsuits.
Bialy: Let’s imagine staring into a jewelry store late at night. There typically would be security such as bars over the windows, the jewelry gone from sight and locked away, nothing of value in the window of the store, and security cameras inside and outside the building. For technology companies, data is like jewelry in a jewelry store—one of a company’s most valuable assets. While data may not be as tangible as diamonds, it should still be secured just as carefully. If businesses are creating their value and wealth using personal data, it is so important to keep data privacy top of mind!
Q: What are some easy ways to protect data?
Ostrowski: One simple way is to use a password manager. The setup may seem daunting, but it is easier than you think and requires very little maintenance after being established. People and businesses will find value in the convenience of not needing to remember usernames and passwords, while also utilizing a password manager’s strong encryption and multiple security layers, like multi-factor authentication (MFA).
Kline: People and businesses can protect their online data by implementing strong encryption protocols and requiring users to utilize strong password configurations and multi-factor authentication.
Bialy: Many people choose easy passwords or reuse on multiple websites because it is difficult to remember so many passwords. But if you do this and one of your accounts is compromised in a data breach, it is easy for a hacker to get access to all your other accounts. I suggest using a password manager, such as Lastpass, to store encrypted passwords online.
Q: How can companies create a culture of data privacy?
Ostrowski: Have a steering committee dedicated to ensuring data protection practices are active and adjusting as the cybersecurity industry evolves. Involving employees from different departments also ensures each facet of the company is represented and held accountable.
Kline: Implementing strong security awareness trainings and data breach tests can help companies create a culture of data privacy standards.
Bialy: I believe company cultures are created from the top down. Employees look to the top for guidance and best practices. As important as policies and procedures are to help guide behaviors, I think it is vitally important that leaders in organizations, “walk the talk.”
Q: Any other tips you’d like to share?
Ostrowski: Work with customers who also value data privacy. The digital word, as a whole, can only improve if we all work toward making it a more protected place.
Kline: Carefully read and inspect the email address when you receive an email that requests confidential information. Cybercriminals will use email addresses that look identical to legitimate company domains. If you are ever unsure about an email you receive, contact your IT security team.
Bialy: While it is important to have robust privacy policies, it is equally important to make sure you are following through with the obligations and commitments made within these policies. For example, a company may have a robust password policy, but if they aren’t implementing this policy on their systems then the policy has no value. Make sure to review policies regularly to ensure your commitments are being followed through on.
Contact us to learn more about how to protect your customer data or your own.