Google fine, countersuit puts data privacy and GDPR enforcement in spotlight
Long before the Internet, search engines and the GDPR, there was Convention 108 – an international treaty dealing with data privacy and data protection, signed on January 28, 1981, by the Council of Europe. That is why today – Data Privacy Day in the U.S. and Canada, and Data Protection Day in Europe – is set aside for observing the need to drive greater awareness and education around individual privacy and personal data protection.
The stakes are high
The Facebook and Cambridge Analytica story, and last week’s news about Google being fined $57 million by France, show us that honoring an individual’s right to privacy and protecting his or her personal information has never been more important.
There’s always been the risk that a violation of privacy would damage an organization’s reputation and negatively affect the business. Today, with the GDPR and similar legislation going into effect worldwide, a financial risk comes into play.
Good security practices are required to be good stewards of personal data
Data Privacy Day is a perfect time in your security awareness program to focus on security best practices for protecting personal information and addressing compliance demands as you obtain, work with and retain personal data.
A focus on data privacy rights and responsibilities and a few security topics can help employees operate with a security and privacy mindset and avoid mistakes that could result in private data being compromised.
Data privacy rights and responsibilities – Informing employees about the nuances surrounding privacy rights and educating them about the appropriate actions to safely handle personal information will help protect private data and fulfill privacy obligations.
Phishing – A phishing attack is often the “way in” for hackers planning to steal personal information. Ensuring employees are prepared to identify and report phishing attacks – instead if take the bait and let bad actors in – is essential to protecting personal information and privacy.
Clean desk, clean screen – Standard security best practices such as keeping a clean desk, void of private information, is essential for data privacy. And locking your computer to keep a “clean screen” when away from your desk, also can help protect personal and proprietary information.
A security awareness program is designed to change employee behavior, instill a culture of cyber security and better equip your organization to keep the private data held within your business just that – private – and avoid the reputation and financial impacts from a privacy or compliance violation.
Five easy steps to security and privacy awareness
You can have the most powerful, cutting-edge security technology in the world, but if a user clicks on the link in a malicious email, lets a stranger tailgate into your building or uses 1234 as their login password, they unwittingly open your organization up to a security breach. The fact is that the human risk factor remains your greatest point of vulnerability when it comes to cyber security and data privacy, with human error accounting for 90 % of all security breach incidents. In other words, your people are your “weakest link.”
The best way to fix this situation is to create behavioral change and a culture of security across your organization. You need to find ways to encourage your users to reduce their high-risk behaviors so that security awareness and data privacy becomes second nature—a mindset—and they become your “strongest link” and a key part of your cyber security defense strategy.
To effectively change behaviors and build a security culture, you need a comprehensive program that is carefully planned based on your organization’s specific needs and objectives. You will ensure your program’s success when you view security awareness not as a one-time project with a beginning and an end, but rather as a program and an ongoing process. With this in mind, the most successful programs include multiple campaigns, which you release over time. Your program should have long-term strategic goals and each campaign should have its own specific objectives.
Most importantly, your program should follow a methodological framework built on a series of key steps:
The Terranova Security Awareness 5-Step Framework has been used by thousands of organizations to deliver security awareness training to millions of users and build a workforce that is cyber aware.
Start building measurable and powerful security and privacy awareness programs today!
Download this infographic and learn more about the Security Awareness 5 Steps Framework.