In the first part of this series, we discussed 5 of the most common security mistakes and how diligent employees can prevent many issues. Preventing data breaches is a bit more complicated---it requires organizations to be vigilant, and to put great stock in knowledgeable cyber security developers.
Here are some ways to prevent data breaches:
- The Importance of Consent
It is of the utmost importance, both legally and ethically, to ensure you have the consent of any individual or entity providing data to your organization. That’s not as easy as it sounds; the requirements for what constitutes consent varies based on location. For example, the EU redefined “data collection consent” in a law that will go into effect in May 2018. It’s important to make sure your organization is meeting the requirements of the law in the locations where you are doing business.
- Know Your Data
This goes beyond simply knowing what kind of data you store. It’s essential to thoroughly understand how that data is used, how long you store it, and (if applicable) how that data is shared. Related to the sharing of data, you also need to fully understand the ins and outs of how your data is transported, and the data transfer laws that apply in the “originating” and “receiving” locations.
- Clean Desk Policies
A clean desk policy goes a long way in protecting the data that you store and your organization’s integrity. Whether it be from disgruntled employees, visitors, or even simple human error, a clean desk policy minimizes the likelihood that data security will be compromised simply because it is in view.
- The Changing Laws
Even if organizations that store data meet all legal requirements and standards in place at the time, it’s important to realize that the legal landscape is rapidly changing. And as lawsuits against companies that have been accused of comprising data move forward, the laws regarding data breaches will continue to change. Organizations must make a commitment to routinely review those changes in order to stay compliant.
- Encrypt on Portable Device
Portable storage devices (such as USB flash drives) may “feel” safe because they stay in our possession, or in a desk drawer, or plugged into our computer, but---as all too many of us know—they can be lost or misplaced. To protect the data (and themselves), organizations must have auditable policies that ensure the data on these devices is encrypted.
- Utilize a Data Breach Response Plan
Although data breaches are largely avoidable, organizations should prepare for the possibility that a breach may occur. An easily-accessible “data breach response plan” should be developed, shared with, and fully understood by all staff who may be involved in responding to a data breach. If a breach occurs, time is saved if staff is able to immediately follow the established response plan, rather than scrambling to figure out what the plan is.