January 28 is Data Privacy Day (DPD). Observed since 2008, DPD brings awareness to the importance of data privacy and protection. This year is going to be no different from a threats perspective, which means data thefts will happen. However, you can minimize the possibility of a cyberattack or data privacy incident by strengthening network security and following some simple security tips.
Centralize monitoring and control: Continuously monitor your network and get a centralized view of the hundreds of security incidents happening in real-time. This is one of the most basic requirements if your organization is required to follow industry-standard compliance regulations like HIPAA, PCI DSS, etc.
Embrace data-driven forensics: Data-driven analysis of a suspicious event will result in better root cause analysis and forensics. A suspicious event can be as trivial as an increase in Web traffic from a known host during specific non-business hours over the last seven days, or repeat connection requests to critical assets (servers, databases, etc.) from an unknown host outside the network. Considering the worst case scenario that an attack has happened, you must be able to trace it back to the source, establish an audit trail, and document the findings and the action taken.
Watch out for malicious software: A term we may see more often this year is ransomware. Sensitive data is the main driver behind these types of malicious software penetrating the network, and a regular user can become an unsuspecting victim of this attack, spreading it to other computers/applications inside the network. Though anti-virus and anti-malware software can be installed to protect the systems, you should set processes in place that will alert you to suspicious application and file activities. Also, you must consider the fact that subtle file and registry changes are hard to detect without file integrity monitoring tools, and zero-day malware attacks dwell on this advantage.
Educate your users/colleagues: Patient records and credit card information are critical data. However, other data, such as social security numbers, ATM passwords, and bank account names stored on an unprotected desktop or document creates a prime opportunity for private data leaks. Period mailers and knowledge sharing among peers and with users can relatively improve your organization’s security.
You can learn more about the Data Privacy Day here. Do you think it’s time to stop, think, and formulate an effective data privacy policy for your organization? What plans do you have to improve data privacy in your organization this year? What roadblocks do you foresee that will stop or slow you down from implementing some right away?