While data security has always been an important issue for businesses, after the massive data breaches suffered in 2014, it has become a critical priority for IT leaders across the world. In an effort to raise awareness and promote privacy and data protection best practices, January 28th has been declared Data Privacy Day. It’s currently recognized and celebrated in the United States, Canada, and 27 European countries.
Businesses of all sizes can benefit from clear, actionable tips on how to improve their data security. In fact, Iron Mountain’s 2014 Data Protection Predictors survey reveals that data loss is IT leaders’ primary concern. Fueling their anxieties is the fact that the amount of data they manage continues to soar — and this data lives in multiple formats throughout their enterprise.
Here are five steps you can take this month to celebrate Data Privacy Day and improve your security plan.
Improving Data Security
Click through for five steps organizations can take to improve data security, as identified by Iron Mountain.
Step #1: Learn where your data lives.
You can’t complete your security plan until you know exactly what you’re protecting and where it’s stored. Most businesses store data on multiple media types: local disks, disk-based backup systems, offsite on tape and in the cloud. Each technology and format requires its own type of protection.
Step #2: Implement a need-to-know policy.
To minimize the risk of human error (or curiosity), create policies that limit access to particular data sets. Designate access based on airtight job descriptions. Also be sure to automate access-log entries so no one who’s had access to a particular data set goes undetected.
Step #3: Beef up your network security.
Your network is almost certainly protected by a firewall and antivirus software. But are those tools up-to-date and comprehensive enough to get the job done? New malware definitions are released daily, and it’s up to your antivirus software to keep pace with them.
The bring-your-own-device philosophy is here to stay, and your IT team must extend its security umbrella over smartphones and tablets that employees use for business purposes.
Step #4: Monitor and inform your data’s lifecycle.
By creating a data lifecycle management plan, you’ll ensure the secure destruction of old and obsolete enterprise data. As part of this process, you should:
- Identify the data you must protect, and for how long.
- Build a multipronged backup strategy that includes offline and offsite tape backups.
- Forecast the consequences of a successful attack, then guard the vulnerabilities revealed in this exercise.
- Take paper files into account, since they can also be stolen.
- Inventory all hardware that could possibly house old data and securely dispose of copiers, outdated voicemail systems and even old fax machines.
Step #5: Educate everyone.
Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as social engineering attacks increase.
Talk with your employees about vulnerabilities like cleverly disguised malware web links in unsolicited email messages. Encourage them to speak up if their computers start functioning oddly. Build a security culture in which everyone understands the critical value of your business data and the need for its protection. Because when you think about it, every day is Data Privacy Day.