What's so special about January 28th? It's Data Privacy Day, an international event created to promote the need for personal and business data protection across the globe. In the U.S., Congress has officially declared January 28th as National Data Privacy Day.
Businesses of all sizes can benefit from clear, actionable tips on how to improve their data security. In fact, Iron Mountain's 2014 Data Protection Predictors survey reveals that data loss is IT leaders' primary concern. Fueling their anxieties is the fact that the amount of data they manage continues to soar—and this data lives in multiple formats throughout their enterprise.
Here are five steps you can take this month to celebrate Data Privacy Day and improve your security plan:
Step #1: Learn where your data lives. You can't complete your security plan until you know exactly what you're protecting and where it's stored. Most businesses store data on multiple media types: local disks, disk-based backup systems, offsite on tape and in the cloud. Each technology and format requires its own type of protection.
Step #2: Implement a "need-to-know" policy. To minimize the risk of human error (or curiosity), create policies that limit access to particular data sets. Designate access based on airtight job descriptions. Also be sure to automate access-log entries so no one who's had access to a particular data set goes undetected.
Step #3: Beef up your network security. Your network is almost certainly protected by a firewall and antivirus software. But are those tools up-to-date and comprehensive enough to get the job done? New malware definitions are released daily, and it's up to your antivirus software to keep pace with them.
The bring-your-own-device philosophy is here to stay, and your IT team must extend its security umbrella over smartphones and tablets that employees use for business purposes.
Step #4: Monitor and inform your data's lifecycle. By creating a data lifecycle management plan, you'll ensure your enterprise's secure destruction of old and obsolete data. As part of this process you should:
- Identify the data you must protect, and for how long
- Build a multipronged backup strategy that includes offline and offsite tape backups
- Forecast the consequences of a successful attack, then guard the vulnerabilities revealed in this exercise
- Take paper files into account, since they can also be stolen
- Inventory all hardware that could possibly house old data and securely dispose of copiers, outdated voicemail systems and even old fax machines
Step #5: Educate everyone. Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as social engineering attacks increase.
Talk with your employees about vulnerabilities like cleverly disguised malware Web links in unsolicited email messages. Encourage them to speak up if their computers start functioning oddly. Build a security culture in which everyone understands the critical value of your business data and the need for its protection.
Because when you think about it, every day is Data Privacy Day.