January 28 is Data Privacy Day. An international event to raise awareness and promote privacy and data protection best practices. We took the time to sit with one of Mac Centre’s IT Security Engineers, Nick Alafogianis to pick his brain on all things data privacy and protection.
As someone on the frontline of IT Security daily, what would be some of the biggest obstacle’s businesses face when it comes to data privacy and protection?
The hardest part about data privacy is the treatment of personal and organisation data by and towards the end user.
Having poor privacy standards within an organisation can lead to end users becoming lax with their private data and having users that don’t protect their private data, or aren’t educated enough, can lead to breaches within an organisation. Essentially a ‘Duel-Edged-Data Sword’ that unfortunately is a daily occurrence practically everywhere in the world.
You, as the user should also be looking into the platforms and programs that you’ve signed up with to see how they handle your data. It’s better to have a glance over the privacy policy of the platform and see what is being used by where and by whom.
We’ve all seen those videos of people talking into their phone that are off only to see a number of targeted advertisements for cat food appearing on all your pages. Who’s to say that your lowered defences won’t click on a potential malicious URL and fall prey to identity theft?
So why is Data Privacy Day so important?
“But I have nothing to hide? I’m not important!”
This is a phrase that gets thrown around quite often by individuals about their data. Sure, it may never happen to you, but we’ve all got skeletons in our closet that should be locked (or encrypted) away.
Data exfiltration can occur over the simplest thing, such as leaving the wrong documents in your trash or having someone reading your screen over your shoulder. Can you imagine if it was someone sifting through your emails seeing everything you’ve ever sent or received?
What I’m trying to say is whether personal or organisational data, it is incredibly important to make sure you have the correct measures in place as it is a necessity in the age we live in. Having a day to promote such an impactful element of your day-to-day life, is nothing short of fantastic.
2022 saw a lot of organisations fall victim to cyberattacks and data breaches. What are your thoughts on this and how can organisations stay better protected?
Unfortunately, as we are living in the cyber world that we are now, these events are more common than we’d like it to be. It won’t change anytime soon due to how impactful breaches on companies are and the monetary value that can be gained by these malicious or state actors.
In saying that, many if not all these breaches occurred due to social engineering attacks that, as the name suggests, are targeted attacks on the human element of an organisation.
Stealing the phrase from a famous British property programme – “TRAINING, TRAINING, TRAINING”, the best thing an organisation can do is educate their staff about the dangers of the internet.
Security awareness training and phishing tests are possibly my favourite thing to implement in a company due to how impactful they are in conjunction to the more software related elements such as EDR, IPS/IDS or an MDM solution. You are only as strong as your weakest link and having end users without an understanding on what the elements of a phishing email are can cause a major catastrophe for your company with irreversible damages.
Can you give some guidance for Businesses on how best to approach Data Privacy across an organisation
Adopting the information that staysafeonline.org has kindly put out for everyone it’s best to follow these 3 principles for an organisation:
- Conduct an Assessment: This is a mixture of partner/vendor oversight, auditing the data collection process and in turn secure storage of said data (at rest, in transit, in use)
- Adopt a Privacy Framework: Companies should be looking at one of popular privacy frameworks that are available such as NIST or ISO/IEC. These standards are readily available
and heavily accepted and adopted by organisations and security professionals worldwide. - Educate employees: Did I mention this one yet? Getting that awareness training and phishing tests implemented is imperative for an organisation. Don’t just stop there, create a privacy policy, engage staff by provide recommendations for both organisation and personal data usage. Help them help you.
How can Mac Centre help businesses better protect their data and keep it private?
Through the use of identity managers, security solutions such as EDR, tenant audits for email platforms such as O365 and most importantly, education, we have a number of different ways we protect your data.
At Mac Centre, we strive to protect our client’s data and have incredibly skilled staff who are ready to implement the appropriate solutions to keep you and your employees safe.
For more information on how Mac Centre can help you with your security needs, contact us here.
