Protecting personal data has always been a serious compliance issue for businesses. Privacy breaches and cyber-attacks could occur anytime no matter the industry and size, so it is essential that steps are taken to protect your employees, customers and intellectual property.
The National Cyber Security Alliance (NCSA) is leading the Data Privacy Day project on January 28th and aims to raise awareness, promote privacy as well as highlighting the best practices for data protection. They have identified five stages that can help businesses protect assets and mitigate the losses during any future incidents:
The first step is to identify the main components that are critical to your business. These will be any assets and systems that could cause your business difficulty operating if they were compromised and/or could be a high value target for cyber criminals.
Once a business understands how valuable its data and technology is, it is better positioned to protect it and identify potential security weaknesses. This is essential for data law compliance as The General Data Protection Regulation (GDPR) states that companies will be more accountable for the data they hold and can face costly fines if not protected correctly.
Once you have identified your critical business assets you must then implement a plan to protect them. The GDPR reiterates that data protection is fundamental to every business as you are responsible for protecting the privacy of each and every asset and individual within the company.
Your goal is to teach employees how to protect themselves and the business and understand the cyber risks as your business grows or new technologies are added. Implementing basic cyber security processes and protocols will help all employees understand the role they play in making sure privacy is achieved and maintained.
Detection is all about knowing the threats applicable to your business. You must make sure you have in place the right security services which can help to monitor your networks.
If you train your employees to spot potential threats then they are likely to discover an incident faster. This means you have more time to mitigate the impact and return to normal operations.
This will become more important, as come the 25th May when the GDPR comes into force, if a breach occurs, businesses only have 72 hours to notify the data protection regulation agency or face the costly repercussions of non-compliance.
If you do fall victim to a cyber-breach you must make sure your business is prepared to respond in the best possible way. You need to make sure that customers and employees are able to trust you to get things back to normal, quickly. You will need to be ready to:
- Resolve the problem (e.g. fix your network, restore data)
- Identify what’s been lost and who has been impacted
- Continue operations while problems are fixed
- Communicate with customers and employees
- Comply with applicable laws
- Report to appropriate agencies
The final step to keep your business secure is to plan a recovery strategy should a cyber-incident take place. You must assess:
- The type of attack that took place
- When the attack took place
- What assets were affected
- How it will affect customers
Your recovery tactics all depend on the type of cyber-attack that has taken place. For example, if private customer information was stolen you must respond to your customers in line with applicable laws and with the advice of communications and legal counsel. You must then make sure that stronger security protocols are applied to your business and all employees are trained in protecting credentials and made aware of which apps and websites are safe to use at work.
Ultimately, you should be making sure that you’re continuously monitoring the cyber health of your company. This includes implementing a risk review of new technologies you may incorporate into your business and plans for maintaining the cyber-security of the new technology over time.
Are You Data Privacy Aware?
Businesses constantly rely on the confidentiality, integrity and availability of data. However many are still unaware of, and uninformed about, how their personal information is being used, collected or shared in our digital society. It is important that businesses follow steps to ensure information is kept as secure as possible and employees are educated in data awareness and protection. Click here for more information on Data Privacy Awareness.