7 ways to improve your organization’s security posture this Data Privacy Day
Data Privacy Day serves as a reminder to both individuals and businesses about the need to safeguard data online.
The importance of data in business is universally understood. It allows you to communicate with potential customers, market products to them, process payments, and remarket post-purchase.
Unfortunately, the importance of protecting data isn’t always as appreciated. Through the years many companies have underestimated or ignored the great responsibility that comes with data management and suffered breaches that impacted millions of people around the world.
As a consequence, consumer trust has been significantly damaged. As many as 79% of people are concerned about the way their data is being used by companies, and many doubt that those companies would take responsibility if they experienced a breach.
When consumers don’t trust your business to safeguard their personal information, they won’t buy. In fact, nearly half of consumers have switched away from companies because of data policies or data sharing practices.
This Data Privacy Day, take time to evaluate your organization’s data protection efforts and determine how your overall security posture can be strengthened. Here are 7 ways to get started.
1. Review and comply with evolving data privacy regulations
At least 66% of countries around the world have data privacy laws, and more are adopting them every year. If you conduct business in these countries, you must abide by their regulations or risk incurring financial penalties.
The EU’s GDPR is one of the most important laws to comply with. Take time to review the requirements and follow these 12 steps to achieve compliance.
2. Adjust personnel access to data
As people join your company, leave your company, and get promoted it’s important to ensure they have the appropriate level of access to data for their role. Keep data in the right hands by conducting regular audits of personnel data access, and revoke privileges for anyone who no longer needs them.
3. Update your password policies
It’s important for everyone within your business to secure all business accounts and platforms with long and unique passwords, and use multi-factor authentication when possible.
Recent advice from the National Institute of Standards and Technology (NIST) defers somewhat from traditional password best practices. They do not recommend requiring periodic password updates as this tends to cause users to choose weaker passwords. Instead, they suggest organizations screen passwords against blacklists containing commonly used and compromised credentials.
4. Practice good data hygiene
When your company no longer needs certain data, or when regulations require it, it’s important to practice good data hygiene.
Remove any inactive user data and follow through on any data removal requests from customers. Remember to remove the data everywhere it lives, including third-party apps and data processors. Before deleting customer data, it’s a good practice to send an alert in advance, and give customers the option to keep their data stored if they wish.
5. Ensure data is transmitted securely
Stolen financial data, like credit card numbers, accounts for nearly half of all identity theft.
Make it more difficult for attackers to access customer data transmitted to your site by encrypting with TLS certificates on all of your websites.
Establish a regular schedule to review your certificates to ensure that none are missing or expired. If your website does not have a valid certification, visitors will be informed that their session is not secure by a broken lock icon displayed in their browser.
6. Analyze your attack surface
Your attack surface may be expanding without your realization. When developers add new websites and services, and acquisitions bring in new assets into the fold, your attack surface grows. If assets get lost in the shuffle and are left insecure, your business becomes susceptible to a potential attack.
TrustedSite Security’s attack surface management solution helps you get a full view of all your exposed assets regardless of platform, network or operating system, and creates a map of your cloud attack surface. We then monitor for potentially vulnerable services, open ports and server configuration inconsistencies and help you determine which issues are most important to remediate when they are discovered.
7. Show that your website is secure
About 47% of people have greater trust in companies that commit to privacy compliance. But your customers won’t know about your security practices if you don’t tell them about it.
Displaying TrustedSite’s suite of trustmarks on your site shows visitors that you care about their security and have taken steps to keep their data protected. By earning TrustedSite certifications like Certified Secure, Data Protection, and Secure Cloud, you can display these trustmarks throughout the customer journey and build trust each step of the way.
This Data Privacy Day, we encourage you to respect privacy, safeguard data, and foster trust with your customers. Learn how to accomplish that with TrustedSite here.