Updated: Jun 27, 2018
Data privacy is a constant topic and a real headache for companies who either fail to take it seriously, or fail to properly safeguard their data. Need we say much?
As digital transformation moves forward, as an AV integrator, we see this more clearly.
Issues concerning data privacy affects us all and places the onus on yourselves to protect yourself and your clients (especially where sensitive personal data, or vulnerable people are involved).
So what can you do to protect yourself and your clients?
Data Privacy Tips
Policy - start formalising your policies or revisit your existing policies and frameworks. Are they watertight? This should be available for anyone to review. Not just your own, be sure to understand your clients' data privacy policies as well, to make sure you are in sync.
Strategy - For a strong cyber-security strategy, it might be best to outsource this function, unless you have a robust internal IT services team.
Whether carried out in-house or outsourced, such strategies should describe how the security program will protect and share information, counter new and evolving threats, and support the integration of cybersecurity as a best practice for everyday business operations.
Education - For many, it may seem that the data your company stores is mundane – of no interest to potential hackers. But if hackers find an avenue to breach, they will take it and make use of the data at hand.
While the information stored may seem mundane, the goal is to educate and put policies in place so that the act of data protection itself becomes mundane, just part of a days work.
BYOD - Honestly, a bring your own device culture is not making anything easier. Employees are carrying data with them everywhere they go, including right out of the office. BYOD is a great convenience, but it comes at the cost of higher vigilance.
Be sure your organisation has in place, and encourage your clients to have in place these policies to protect data on devices that go wherever their owner goes. Not an exhaustive list, of course.
· Up-to-date Anti-virus software
· MDM software to manage and store company related data on mobile devices
· An understanding that a company reserves the right to share data with appropriate authorities during litigation, investigation
· Policy for lost, damaged or stolen devices
In order to put these data privacy tips to use, here are some security questions to consider from a recent article at Commercial Integrator:
· Which users, devices, applications, and data centers need a connection to an IoT system? How will that access be granted and managed?
· Does the IT team, with its projected resources, really have the ability to own tasks like micro-segmentation and policy orchestration in-house?
· Does the organization currently employ a prevention-focused security strategy? Should prevention efforts fail, how will the organization detect a security incident or breach?
· Should this project utilise a software-defined perimeter for greater network security and management?
· Of all the potential security risks associated with this IoT system, which pose the greatest threat to the business?
· What is the worst-case security scenario associated with this project? How likely is that scenario? How would the company eliminate the possibility of such an outcome, and what investment would be required to do so?
Data is a part of your business and ours too. Keeping it secure must be a priority and equally a responsibility. With policy, strategy and education in place, you can prevent data breaches before they happen, and take the actions needed for data security an ordinary, everyday – almost mundane – part of doing business