5 Data security tips every IT manager should know

The past few months have been full of news coverage around data breaches and the need for data awareness. From hospitals to universities to children’s toys, data attacks are coming full force, and IT pros …

3 Questions answered by the Verizon Data Breach Report

Verizon’s annual Data Breach Investigations Report has become a hallmark of the security industry’s progress, as well as its preparedness against attackers and breach incidents. This year’s theme is, “Security should be a driving force, …


Great product teams play bingo, not basketball

I totally admit that I drive product folks crazy. I am a huge believer that it is the responsibility of every person in a company to help ensure complexity and gratuitous innovation don’t creep into …

3 simple ways to celebrate Data Privacy Day

While most CISOs like to think that we’re protecting our employers’ sensitive data all the time, Data Privacy Day offers an opportunity for a reality check. It’s easy to focus on putting security measures in place such as firewalls, encryption, and data loss prevention without really thinking about what you’re ultimately trying to protect: the privacy of your customers and employees.

1. Understand what information you’re collecting, where it lives, and how people in the organization are using it.
It’s hard to determine how to best protect your data if you’re not 100% aware what’s in it. Make sure you know what information you’re collecting about your customers and employees, and how that data flows through the system. What starts off as a piece of information on a paper form may end up as a PDF, a column in a spreadsheet, or proliferated across the system with bits and pieces incorporated into various file types, all used by different staff members in different departments. You have to consider where each piece of data lives and how it’s used to outline a data governance policy that balances protecting privacy with ensuring your knowledge workers have the information they need to do their jobs. On the other hand, are you collecting or storing information you no longer need? If so, this is a great opportunity to streamline what data you’re gathering.

2. Develop (or update) policies governing how the business manages different classes of data.
Keep in mind that it all goes back to the customer. While having one customer’s credit card number stolen by a dishonest employee is a completely different order of magnitude than a million-record data breach, the impact on the individual is the same. Any customers whose privacy has been violated are likely to reconsider doing business with your organization—but if you can convince them that you had reasonable measures in place to protect their information, your odds of retaining those customers increase. Make sure you clearly outline how you’re storing and securing sensitive data. Bonus points if you have systems in place that can help you ensure compliance.

3. Create an organizational culture that values data privacy.
For your privacy and governance policies to work, every employee needs to uphold them. But first, they need to understand them. What are you doing beyond giving your staff a copy of the policy to read (and possibly sign for their HR files)? Are there fun ways you can educate employees on their role in protecting customer privacy? Why not host a lunch & learn or conduct a quick pop quiz where anyone who answers all the questions correctly qualifies for a prize? You don’t have to go nuts here, something as simple as a $5 gift card for a cup of coffee can spark people to participate.

Not sure where to start with your data governance policy? Check out the data security pop quiz SlideShare for some questions to consider.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.