If You Collect It ? You Must Protect It

Sunday, January 28th is National Data Privacy Day, a strong reminder of why it is critical we respect privacy, safeguard data and enable trust in our digital world.  As cybersecurity professionals we must live by the “CIA Triad” – (confidentiality, integrity and availability) every day as privacy is the positive byproduct of it. Confidentiality helps us control what sensitive information can be shared with others and when. Integrity guides us on how information can be stored and accessed safely and legally. , Availability ensures the data is available and retained for the appropriate time. 

It is imperative organizations take this responsibility seriously and look closely at their privacy programs. If you don’t know what sensitive information matters most or where it is, then you can’t protect it. Organizations must determine what data matters most, classify it, make it useless to others, back it up, and then monitor it.  With looming regulations, like the EU General Data Protection Regulation (GDPR), this will become even more important as it will be costly – carrying fines of $20M Euros or 4% of global revenue, whichever is more.

Many organizations are moving towards an omni-channel experience for their customers, which will allow them to better engage anytime, anywhere and from anything.  It also means that companies can have a complete view of their customer, not just from a marketing perspective, but also leverage this information from a security perspective.  In our interconnected digital world an identity is now made up of infinite factors – every bit of meta data we leave behind in our digital footprint can be used to create a credential and help better distinguish between customers and criminals.  Yet, organizations must do it in a way that allows users to opt in, understand what is being collected and how it is being used, only shares information that is really needed to transact and obfuscates the data to the point of making it useless to anyone trying to steal it.

In our personal lives, one of the biggest digital privacy threats emerging is around IOT or the internet of me.  Most of us just get excited to use new toys and technologies without really understanding the bigger picture consequences.   Think about all your interconnected devices and the type of personal data we are tracking and sharing like financial, health, driving patterns and home living information. Individuals need to better understand and control what data is being captured and who are they giving permission to share and use it. Here are some great tips from staysafeonline.org on ways to protect your privacy:

  •  Treat your personal information like money – because many organizations will often monetize it – as will cybercriminals too
  • Own your online presence – or someone else will for you. This means ensure you take a look at the privacy and security setting
  •  Lock down your login  – take advantage of the many simple modern authentication methods that are secure and easy to use

Bottom line – if you collect it, you must protect it.

 

Join in and help spread the word around the #PrivacyAware campaign



*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Angel Grant, CISSP. Read the original post at: http://www.rsa.com/en-us/blog/2018-01/if-you-collect-it-you-must-protect-it.html