More mindful data protection
We’re all so busy. So many things are tugging at our attention. Way too many distractions continuously draw us away from the important tasks at hand. We constantly find that we need to force ourselves to be mindful of the moment and the important tasks we have at hand.
For me, as an information security professional, one of the most important tasks in everyone’s day – both in the office and at home – is protecting our data. It’s not an easy task. Moreover, it’s a task that has gotten harder; largely because of the proliferation of data we all have around us, the distractions that pull at our time and attention, and cyber criminals that are getting more clever in finding ways to hijack our data.
Just consider how much data we create, store and carry around with us. More than 50% of the US population owns a smartphone. By the year 2020, an estimated 10 billion smartphones will be in use. Every day, there are 294 million emails and 230 million tweets sent. Every year, we create more data than the year before. We store it online and on paper. We access it via our desktops, print it out in spreadsheets and file it in cabinets.
Because of the amount of data we have at our fingertips, we don’t always give thought to how valuable it could be for someone else. That’s why being mindful and heightening our awareness about data protection is so important.
While schedules may be busy, we can’t let our cybersecurity defenses fall by the wayside. Cybersecurity is too often considered a technical problem, something that the IT department can handle. However, it is a people problem, one that relies on help from all of us. Fortunately, some effective cybersecurity measures can be taken to make us all more aware of the data we touch daily and the skills and habits we can easily employ to protect it.
Be more mindful
To protect data, we need to know what we’re are protecting. Organizations and individuals alike are wise to be aware of the information they have or have access to daily. How is it stored? Who else has access to it? How are they using it?
For many organizations it also means not collecting data that is not needed to conduct business. Having more valuable data and information sets up an organization as a bigger target. Therefore, if it’s not required, don’t collect it. Don’t keep it.
Understanding the kind of data assets a business has and why a hacker might want them helps build the best strategies to protect data, protect colleagues and customers’ privacy, and protect our business bottom line and reputation.
Understanding what data is also collected and how it is used is also now very important in the world of privacy compliance. Laws like Europe’s GDPR and the new California Privacy Act of 2018, which goes into effect January 1, 2020, is requiring companies to keep tighter reins on data, including informing individuals how their information will be used if it’s being collected. (See our recent Fast Fast Forward article “GDPR-style consumer data protection comes home.”)
Today failing to keep data safe has broader ramifications for companies. Therefore, raising more awareness throughout an organization about information security concerns, and the new rules and regulations about data, helps keep us all more attuned to the importance of protecting what we have.
As employees are the first lines of defense in these phishing attacks, constant and consistent educational programs help us build a strong defense."
Hackers and other cyber criminals like to catch us off guard. That’s exactly what phishing scams -- the most common scheme that hackers use to access organizations --count on. According to Wombat Security State of the Phish, 76% of businesses reported being a victim of a phishing attack in the last year.
Given those statistics, it’s easy to see why a major emphasis on data security programs is focused on employee awareness. As employees are the first lines of defense in these phishing attacks, constant and consistent educational programs help us build a strong defense. Helping employees keep up with the newest types of attacks and helping them spot cues before responding to, or opening attachments, or clicking suspicious links has proven very effective.
Additionally, many information security teams like mine test our employee’s new skills with internal phishing tests to help them stay on their toes or remind colleagues what they need to be wary of in the future. (To learn more, read Ransomware's Greatest Adversary: Employee Cyber Awareness.)
A good information security awareness program does not focus on phishing attacks alone. Lessons on physical security, password security, wireless security, malware and safe internet browsing all have to be part of the lessons shared.
Make it a habit
The lessons learned about cyber and data security help us form new protocols and new habits. Even the little things we do can be impactful. For instance, we all know data shouldn’t be left unattended. Therefore, make it a habit to lock computer screens when we walk away. Don’t share personal data over a mobile phone in a public space. If you print out a spreadsheet, collect it ASAP. Adopting simple, everyday habits can help assure that our data is not left to be easily snagged.
Committing to being more mindful of the data we have at hand and making strong security behaviors a habit can go a long way in data protection.
About the author
Jessica Robinson is Chief Information Security Officer for AXA Insurance Company in New York. Even as a junior safety patrol volunteer in elementary school, Jessica knew she was destined to take on some security role, like the one she has protecting AXA Insurance Company’s employees, data and information systems. To learn more, reach out to Jessica at firstname.lastname@example.org.