January 28 is Data Privacy Day, with the theme of Respecting Privacy, Safeguarding Data and Enabling Trust. The idea of this annual international event is to encourage businesses and consumers to recognize the need for data privacy and to promote education and training to enhance that awareness. Data Privacy Day takes a higher profile in Europe this year as the General Data Protection regulation (GDPR) prepares to come into effect in 2018, and studies show that less than half of businesses are familiar with the new compliance, which is meant to strengthen overall data protection. As Netskope's Krishna Narayanaswamy told me in an email comment:
Data security concerns hit an all-time high in 2016 and, as we move forward in 2017, data breaches will continue to hit the headlines. Data Privacy Day is a reminder to all organizations - regardless of where business operations are based.
One area where we have to worry about privacy leaks is in the cloud. Netskope’s January 2017 Netskope Cloud Report found that even as cloud use is on the rise, the vast majority of cloud services – 95 percent – aren’t enterprise ready yet, and are often used as shadow IT. This lack of oversight on cloud use puts data privacy at risk.
So what can you do to improve your data privacy efforts, in terms of both data stored in the cloud and stored in-house? Kevin Watson, CEO of Netsurion, provided me with the following tips:
- Use a professional service to help mitigate privacy risks. The single most important best practice is to add a managed security services provider (MSSP) to your team, Watson said, and you’ll want to look for an MSSP that specializes in small businesses and supports clients remotely without having to come onsite in order to keep costs low.
- Install a managed firewall. Most organizations already have several firewalls in their PCs, cable modems and servers — and perhaps even a dedicated firewall device. But, Watson added, an improperly configured firewall is no defense at all, and managing it properly is a highly specialized skill, beyond even what highly trained IT support generalists can do.
- Stop data from getting out. Most organizations are so fixated on trying to protect hackers from getting in, that they forget an essential and extremely effective practice: preventing data from getting out of their systems unless they know and trust where it is going.
- Limit remote access. As Watson pointed out, many businesses leave their firewalls open to outside entry by allowing access for managers working remotely or vendors who routinely perform maintenance on systems. He suggested changing default firewall settings to allow only essential access, and limiting remote access to secure methods such as VPN.
- Segment the network. In a properly configured network, for example, Watson said, POS data traffic is separate from Wi-Fi, security cameras, digital menu boards and other connections. Wi-Fi hotspots for guests, customers or employees’ personal use are isolated from all business systems. And if managers are allowed to connect to the POS via Wi-Fi, connect them through a virtual LAN that separates authorized traffic into a security zone.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba