The National Cyber Security Alliance has deemed today Data
Privacy Day, and there probably isn’t anyone with a phone or an internet
connection who hasn’t become deeply concerned about this issue in recent
months. Guidance Software customers and our fellow information security professionals
work in some of the most well-defended organizations on the planet, and we have
learned a lot from collaborating with them on security in the age of assumed
compromise—since the barbarians have breached the gate.
So although I’m certain that everyone
reading this blog post knows far more about data security than the average
citizen, I do have some recommendations. To begin with, the chief information
security officer (CISO) at one of our customers, a global auto manufacturer, added
a very important new facet to his internal data security training program.
Start with a Natural Focus: Personal Interest
This CISO knows that a single,
annual 30-minute webinar on security awareness training will not be enough to
establish best-practices data handling for the employees of this global company
and the many third parties who are part of their information ecosystem. To
interest employees in improving corporate data security, his team focuses a
variety of courses year-round on the individual employee’s personal data
privacy and security. People are naturally more invested in topics that improve
their personal lives, and have found that that employees trained to appreciate
data security will apply those same security principles when working with
corporate and customer data at work.
One of the tenets of such training,
of course is “Trust, but verify,” a familiar mantra for the security
professional. So my advice to anyone who asks on Data Privacy Day is: take the
security principles you use at work home with you and teach your family the
“Trust, but verify” policy for everything from the big stuff on the street
(“stranger danger”) to the information they share on Amazon and fandom forums.
Beyond the installation of “Net Nanny” software and browser privacy settings
lie a smorgasbord of small decision points that your family and friends face
each day.
When your mother is checking out
of a major department store’s website, will she allow the site—or her
browser--to store her credit-card details for “easier checkout later?” When
your teenager updates the fandom page she admins with a clever image uploaded
from her smartphone, is her GPS turned on? Does anyone you know ask you to
check his e-mail while he’s on vacation, just in case? You may trust Nordstrom,
Amazon, and your children’s native intelligence, but educating everyone in your
social circle about these smaller choices can help bolster their data security
and privacy. And, while you’re pondering this topic, take a look at some of our
concerns and predictions about data privacy
and “the internet of things.”
No comments :
Post a Comment