Protect private data by building a culture of security
Find out why creating a culture of security within your organization is a critical step in meeting your data protection mandates.
This Sunday, January 28th is Data Privacy Day. The recognition of this day by governments and other organizations has been a reason for people and businesses to talk about data privacy and security. But first, we have to talk about what those words mean.
What is data privacy?
Countries around the world have passed legislation acknowledging that individuals have a right to privacy, meaning we should have the ability to control when and to whom access is given to our personal information. This type of legislation is more important than ever as technological advances have increased the amount of data we share.
Why should businesses care about data privacy?
Because it’s good for business. After all, we need consumers to trust us. Today’s businesses and many other organizations rely on data assets to support, sustain and fuel operations. When you look at the large-scale data breaches that have made the news, it’s clear that organizations have to step it up when it comes to protecting the data that keeps them going.
It’s easy and even instinctual to try to fix breaches by building a technological fortress, but that’s not a true long-term solution. Technology is only as strong as the weakest user password or passcode on a lost device. And let’s not forget the surge of shadow IT that circumvents the fortress. The connected nature of our world combined with the human nature of people means technology is an incomplete solution.
Organizations need to build a culture of security
When you actively seek to make security a part of the culture in your organization, you make education, awareness, and accountability an integral part of day-to-day work. It becomes habitual to look for and notify management about vulnerabilities.
- The door that doesn’t quite close all the way
- Visitors being admitted without signing in
- Confidential information left in public areas
- Badges branded with the company logo
- Laptops not secured to desks
These examples don’t necessarily relate to technology but ensuring the protection of data means addressing every access point – both physical and virtual.
How do you build a culture of security?
The responsibility for security can’t be shouldered by one person or even one department. And changing culture and behaviors isn’t easy, but the investment will pay off in protecting your business and the data you collect and generate. Here are some steps you can take to get started.
1. Educate employees about data
The security policy new hires sign during orientation isn’t enough. Make ongoing education about data and data handling a priority. People need to understand what data is sensitive so they know to take appropriate steps to protect it. But you can’t guarantee that people will just know your policies and practices. Only when people know how to identify and handle data appropriately can they be accountable for doing so.
2. Promote ongoing awareness
Establishing a shared responsibility for security only works when people are aware. Make awareness an ongoing effort. Hang posters that grab attention and share tips. Send emails with stories and examples of people raising concerns. Make it a community effort and encourage peer recognition. Get help from security advocates or champions who speak up and help the cause.
3. Use technology to enhance and enable security
A tight culture of security is the first and best line of defense against data breaches. But mistakes happen and vulnerabilities get exposed. Providing tools that help users identify the type of data they’re using so they use, share, store, and dispose of it appropriately makes it easier to prevent and/or contain breaches. These tools are like a seatbelt for your data: Once you’re in the habit of using them, you don’t feel as safe handling data without them.
Data privacy is an ongoing concern
The conversations about data that start around Data Privacy Day each year are important to have, but just like the ongoing effort of building a culture of security, we have to keep the conversation going throughout the year.