The National Cyber Security Alliance has deemed today Data Privacy Day, and there probably isn’t anyone with a phone or an internet connection who hasn’t become deeply concerned about this issue in recent months. Guidance Software customers and our fellow information security professionals work in some of the most well-defended organizations on the planet, and we have learned a lot from collaborating with them on security in the age of assumed compromise—since the barbarians have breached the gate.
So although I’m certain that everyone reading this blog post knows far more about data security than the average citizen, I do have some recommendations. To begin with, the chief information security officer (CISO) at one of our customers, a global auto manufacturer, added a very important new facet to his internal data security training program.
Start with a Natural Focus: Personal Interest
This CISO knows that a single, annual 30-minute webinar on security awareness training will not be enough to establish best-practices data handling for the employees of this global company and the many third parties who are part of their information ecosystem. To interest employees in improving corporate data security, his team focuses a variety of courses year-round on the individual employee’s personal data privacy and security. People are naturally more invested in topics that improve their personal lives, and have found that that employees trained to appreciate data security will apply those same security principles when working with corporate and customer data at work.
One of the tenets of such training, of course is “Trust, but verify,” a familiar mantra for the security professional. So my advice to anyone who asks on Data Privacy Day is: take the security principles you use at work home with you and teach your family the “Trust, but verify” policy for everything from the big stuff on the street (“stranger danger”) to the information they share on Amazon and fandom forums. Beyond the installation of “Net Nanny” software and browser privacy settings lie a smorgasbord of small decision points that your family and friends face each day.
When your mother is checking out of a major department store’s website, will she allow the site—or her browser--to store her credit-card details for “easier checkout later?” When your teenager updates the fandom page she admins with a clever image uploaded from her smartphone, is her GPS turned on? Does anyone you know ask you to check his e-mail while he’s on vacation, just in case? You may trust Nordstrom, Amazon, and your children’s native intelligence, but educating everyone in your social circle about these smaller choices can help bolster their data security and privacy. And, while you’re pondering this topic, take a look at some of our concerns and predictions about data privacy and “the internet of things.”