Jodi Daniels, an Entrepreneurs' Organization (EO) member in Atlanta, is founder and CEO of Red Clover Advisors, which helps businesses simplify their data privacy practices to go beyond compliance, while building customer trust and gaining a competitive edge. We asked Daniels what steps leaders can take to protect their data during the global pandemic. Here's what she shared.
Some of my favorite pairings these days: Peanut butter and jelly. Sherlock and Watson. Work-from-home and Zoom.
And, of course, privacy and security.
You can't have one without the other. Remember this critical fact in our digital-living, remote-working, virtual-learning world: Without data security, data privacy isn't possible.
It's especially true for small and medium-sized businesses, which may not have the benefit of robust IT departments, or data security and privacy officers to guide them. Not only does this limit resources and expertise, but it also places them at higher risk for security and privacy incidents.
Here are six steps to take in the right "protection direction" to keep your data safe:
1. Keep passwords on-point.
Protecting your data and systems through strong passwords is common sense. But because it's common sense, it's easy to let your guard down. Don't make exceptions, though. A strong password is one of your most potent defenses against cyberattacks. It might not be new or sexy advice, but it's true.
Do your passwords pass the following strength assessment?
- Contain no personal information or real words.
- Utilize special characters, numbers, upper and lower case letters.
- Are sufficiently long (at least 10 characters).
- Changed on a regular basis.
- Unique to each account.
- Never typed on a network that you don't control.
Multi-factor authentication (also known as two-factor or 2FA) also plays a role in robust security. These single-user passcodes are sent to a phone or third-party app to verify your identity. It's not as seamless as automatically logging in, but it's a heck of a lot more seamless than a security incident.
2. Consider who has access.
Don't rely on passwords alone to protect your data. You also need sturdy access controls. Access controls let you verify users and ensure they have appropriate levels of data access.
Not sure where to start? Consider role-based access controls as a model. It's efficient, reduces admin and IT work, and can help you meet audit requirements. (And yes, it protects your data.)
3. Know the data you keep.
Get familiar with your data. Who has access to it? Do they have the right level of access? How much data are you keeping around? Where are you storing it, and for how long? Are you collecting too much information for the job at hand?
That's a lot of questions. Here's another way to look at it: You can't effectively protect something unless you know the risks. You wouldn't send a Marine to guard a bake sale, and you wouldn't ask a Girl Scout to patrol a military base perimeter. (Or maybe you would, Girl Scouts are tough!)
The point is, you will only know the risks your data faces when you conduct regular and systematic assessments of it.
Where do you start? A data inventory will get you oriented to your data and identify your security priorities.
4. Third-party practices.
It's not just your business and your customers anymore. It's your business, customers, and third-party vendors.
Third-party vendors can have access to significant amounts of valuable, sensitive data. If you aren't certain that they're good stewards of it, then it's time to reevaluate your contracts.
A friendly reminder: While it's easy to hop on board the do-our-vendors-protect-our-data train, make sure that you're upholding your end of contracts--privacy and security-wise.
5. Protect business data when WFH.
If the most significant concession you make to drawing a line between your work-home life is switching sides of the couch at the end of the day, then we probably need to talk.
It's essential to keep clear lines between home and work, especially when it comes to file management. Do not mix your customer files with vacation photos. Use approved business platforms to store and share work documents.
And if you haven't started using a virtual private network (VPN), today is the day. VPNs provide a secure, encrypted channel for transmitted data wherever you may be (the right side or the left side of your couch).
6. Security training for everyone.
You can never, ever go wrong by providing quality security and privacy training for your team. Up to 90 percent of data breaches result from human error. Yikes!
Training goes a long way toward reducing this risk. Training helps your team avoid attacks, protect your business, and safeguard customer data. Whether online, in-person, department by department, or your whole team together, the key is to make security training a regular practice.
This is especially important as Covid and WFH-related scams are rampant and surprisingly sneaky. Take a look at the most commonly used phishing subject lines for Q3 2020. You can't afford to treat privacy and security awareness like another line item on your to-do list.
It's a mistake to think of security and privacy as out-of-reach. It's not something that only larger corporations can achieve. There are small, everyday steps that every business owner and employee can take to protect their data better. By implementing these six steps, you'll find it's easier than you expected.