Employers are, in many situations, required to teach their employees about good data security and data privacy practices – especially in regulated industries. This does not, however, mean that they do so effectively. But they should.
A large percentage of corporate data breaches are caused by non-malicious employee errors. They are caused by mistakes which, were employees better-educated on data privacy, could have been easily avoided. And it is not just data breaches you should seek to prevent, either.
“Statistics show that data privacy – ensuring data isn’t misused, misappropriated, or publicly exposed by those who have authorized access – is a growing concern among IT pros,” writes Central Valley Business Journal Columnist David Darmstandler. “There are more and more cases where misused internal data has been the root of a major privacy breach or disaster. I know it’s hard to fathom, but your workforce may be misusing private and/or restricted data right now.”
You need not look far to see evidence of this mishandling. Every other week, it seems as though there is another breach in the news, another case where private data has wound up in the wrong hands. If you do not wish to be the next headline, you must enact measures to ensure that your business manages private data more effectively.
Ask yourself the following questions:
- How is this data protected? What sort of encryption am I using? How strong is my firewall (you might consider using one of Liquid Web’s firewall products if you can’t answer that last one)?
- Am I doing enough by law? Are there any security or industry regulations that I must comply with in regards to its storage and transmission?
- Who has access to this data? More importantly, who needs to have access to it?
- How do we handle data backups? Where are they stored? How are they secured?
- What procedures are in place for a breach?
- How much do my employees know about data privacy?
That last question may well be the most important – and the answer starts with teaching your staff to better manage their own private data.
“By teaching employees and consumers how to make better and safer decisions when they are outside the boundaries of the office, they are empowered to make better [security] decisions,” explains Wombat Security Technologies President and CEO Joe Ferrara. “Security Awareness Training is no longer an option for “Best in Class” companies, and it’s imperative to effectively change user behavior.”
When teaching your employees about data privacy, cover the following topics:
- The basics of privacy legislation in your region
- How to dissect privacy statements and TOS documents
- Application permissions – what they mean, and when an application is asking for too much information
- The importance of regulating their presence on social media
- How to recognize common phishing scams and social engineering attacks
- What to do when their personal information is compromised
- The difference between secured and unsecured wireless networks, and why a secure tunnel is essential when connecting to the latter
- Good password practices
While it is still essential to secure your network and infrastructure, you must not neglect your employees. By making staff more mindful of their own privacy and security, you will by association give them a better understanding of the private data they manage within the workplace. And the more they understand, the better-equipped they’ll be to protect your business – the less likely they will be to make a mistake that ends with corporate data in the hands of criminals.