3 Reminders for Data Privacy & Protection Week

For Data Privacy Week, a reminder from SAI360’s CISO that cyber vigilance needs to be maintained on three fronts.

The start of a new year is a common time for organizations to reset and reinforce employee protocols such as Code of Conduct, Security Awareness, and Data Privacy and Protection training. It’s also a great time of year to re-examine your company culture to ensure it’s aligned with your business goals.

January 24-28 is #DataPrivacyWeek, and Jan. 28 is #DataPrivacyDay, dedicated to increasing awareness about the importance of data privacy and protection, as well as safeguarding personal and professional data, to build trust between technology users and the organizations we all interact with.

At SAI360, digital risk management is a core part of who we are. We help organizations monitor for IT risks whether they come from direct cyberattacks on your own organization, or by monitoring those risks that you may be exposed to through vendors or third-party suppliers.

Whether your organization is in financial services, retail, manufacturing, or healthcare, today’s digital supply chain of software and technology partners is interwoven – and through all of these data connections, organizations are bound by GDPR and CCPA laws to ensure user and customer data is protected. We’re proud to be a data privacy champion in partnership with the National Cybersecurity Alliance.

So, with all the websites and devices we’re using to log in and log on, amidst all the headlines on how to protect your data, where do you start?

Cybersecurity: Monitoring for threats is a constant requirement

As organizations from government to technology have learned in the last few years, cybersecurity threats can lurk behind almost every click of the mouse. Digital risk management is no longer an IT department issue – with the ability of bad actors to capture data, systems and networks that can bring a company to a standstill – it’s now a boardroom concern that covers everything from business continuity and operational management to reputation risk management. A robust IT risk management approach that is integrated with other risk disciplines is a must-have.

Educate your employees on data privacy – and then do it again

As the workforce moves back and forth from remote to hybrid to on-site, and as in-person conferences and meetings may start up again through lulls in the pandemic, employees need to be aware that their data privacy and protection measures will change, too – as we step out of the house while our devices are still connected across home and work networks.

 

Two important reminders I give to our team at SAI360 are to turn on multi-factor authentication (MFA) for any user accounts and applications where possible and to use password managers to create and store strong passwords and login information – whether for web-based tools you use for work or personal applications that you and your family use for fun and entertainment. If you use MFA on your accounts, you are 99% less likely to get hacked, according to the U.S. Cybersecurity & Infrastructure Security Agency (CISA).

We’re finding that bad cyber actors are looking for any kind of vulnerability on a connected device to try to gain access to company networks, whether that’s a link in a phishing email or text, getting access to a mobile phone on a free WiFi network, or trying to tap into other connected devices, wherever you go. (To see how easy it is, request a free view of our Learning video, below.)

SAI360 offers popular Learning and Code of Conduct courses that organizations can use to train employees on data privacy requirements and best practices, including focused training on maintaining compliance with GDPR.

Monitor your partners and vendors

Data privacy and cyber awareness doesn’t stop within your organization’s walls, virtual or not. Third-party partner and vendor risk management are also mission-critical capabilities in today’s digital supply chain. Organizations need to be able to evaluate the security and operational status of vendors and suppliers since their connected and integrated systems can also be points of vulnerability to your organization. The U.S. healthcare sector is one example where third-party oversight is an emerging compliance need.

According to Gartner research, 60% of organizations work with over 1,000 third parties, and these numbers will only continue to increase as business ecosystems expand and become more complex. Gartner’s analysts note that “compliance programs are focused on third-party risk more than ever before, with more than twice the number of compliance leaders considering it a top risk.”

It’s just as imperative to have a mitigation and communication plan in place with vendors and suppliers if a data breach happens, and then be able to work through established checkpoints for both parties to mutually return to normal.  It’s a topic we recently explored in a recent webinar and whitepaper.

Data privacy week isn’t just a point in time, it’s a step in a never-ending journey to protect your organization and your workforce from cyber threats. This #DataPrivacyWeek, make a commitment to continually monitor and improve upon your data security initiatives.

 


How easy is it for cyber attackers to attack personal data?

Data Privacy Day: SAI360 Learning course, Tripwire

This attention-grabbing video hooks learners on the topic of data protection and privacy. It demonstrates just how quickly and easily personal data can be compromised, through an eye-opening and common scenario where a business lunch is overheard. Our customizable Code of Conduct course helps learners recognize how personal data can be exposed and explains why data protection and privacy are important to both individuals and organizations.

   




Additional resources:

 

Keep Reading