Data Privacy Day: Data protection tips and best practices for your organization

By Jonathan Crowl

It’s only a matter of time before any business suffers a security breach. Research has found that as of 2016, at least 90 percent of businesses had already suffered a hack of some kind, Computerworld reports.

And that was before major attacks like WannaCry plagued businesses and governments around the world. At the enterprise level, the threat of security breaches only continues to grow, especially as the proliferation of mobile devices creates new entry points to exploit. Effective data protection requires multiple layers of security and constant monitoring by security personnel. Furthermore, businesses must stay on top of evolving security trends and threats to keep their security front agile.

January 28 is observed as Data Privacy Day. In honor of this holiday, here are the top tips and best practices to keep your business data safe in 2018:

Review your data protection and classification practices

Effective data protection requires that data be classified appropriately to ensure it receives adequate security coverage. As new data enters your enterprise system, it must be categorized according to its identity, its level of sensitivity and its storage location, among other considerations. This process of managing data creates categories and sub-segments that can be used to roll out relevant security measures.

Most businesses already have their data classified in some form, but IT should lead a regular audit process to make sure data continues to be categorized properly. This data classification is extremely important when it comes to managing mobile security through data provisioning and permissions. When data is properly classified, access through mobile and remote devices can be controlled so that highly sensitive data isn’t at risk of being compromised. Permissions is a common focal point for mobile security, but it’s a pointless exercise if data isn’t sorted and classified first.

Implement security automation tools

It’s no longer practical to expect security personnel to stay ahead of impending security threats, especially where phishing is concerned. The frequency of phishing attacks is so high that proactive security measures are needed to catch new threats before they strike your business, BizTech Magazine reports — adding that automation tools can implement constant vigilance online by assessing the risk profiles of websites, identifying new phishing techniques early and alerting security teams to vulnerabilities before they’ve been compromised.

These automation tools offer surveillance that human security teams can’t match, and it provides personnel with a simple way to prioritize investigations and threat mitigation.

Take a look at copy data management

As TechTarget points out, copy data management has gained a lot of traction among business owners over the past year, and it promises a solution to owning multiple, unnecessary copies of data — and having to pay to store them. But there’s a security element to consider as well: If data is stored in multiple copies, then each copy represents another way for that data to be breached. A copy data management vendor not only streamlines your data storage and saves money by making data management more efficient, but also limits the ability for security threats to access this data.

Respect new GDPR rules

Even if your business isn’t based in the European Union, the new General Data Protection Regulation is something every business needs to consider. If you have customers in Europe, this new regulation will affect how you collect consumer data, and what protections must be in place to minimize a security breach. Failure to comply can lead to penalties from the EU, even if no member of your company has ever set foot on European soil. These regulations went into effect at the start of 2018, so if you haven’t already audited your security to make sure you’re in compliance, there’s no time to waste.

Establish a protocol for timely software updates and patch management

It’s the most basic step in ensuring mobile security across an enterprise, but it bears repeating due to the high stakes: Many security breaches could be prevented by a timely software patch.

When it comes to enterprise mobility, IT needs to establish a plan for managing these updates across all devices, including BYOD smartphones and tablets and devices owned by remote workers. Educate employees on the importance of keeping up-to-date with these patches and updates to minimize the risk of being compromised by a known, preventable vulnerability. New strategies for improved security continue to emerge, but it’s all a waste of time and money if you aren’t covering the basic steps.

Mobile data threats aren’t going anywhere, but by following best practices and staying on top of proactive defense, organizations can keep their risk at a minimum in 2018.