January 21, 2022

Eight Key Data Protection Strategies for Data Privacy Week

Every January 28, individuals and businesses around the world recognize Data Privacy Day. For 2022, the National Cybersecurity Alliance has expanded the campaign to a full week to spark dialog and grow awareness about data security.

There has never been a more important time to address data privacy and security. According to Shred-it’s 2021 Data Protection Report, the number of U.S. businesses that have experienced a data breach continues to grow, with nearly 75% of large companies and 61% of small- to medium-sized ones affected by this type of event. Similarly, nearly 70% of U.S. consumers have been personally impacted by a data breach, as compared to 53% just a year ago.

What Can I Do to Protect My Data?

As people access social media, shop online, and use their phones or other electronic devices for everyday tasks, they generate data about their preferences, activities, locations, and more. This wealth of information is valuable to businesses, but it is also attractive to criminals. Fortunately, there are simple strategies both consumers and businesses can use to protect confidential data and make sure it doesn’t end up in the wrong hands. 

Be discerning about granting access. Apps, websites, and other digital products frequently ask for access to your personal information. By granting access, you may be able to take advantage of an app or website at little to no cost. However, it’s important to think carefully about whether to share data with certain businesses and weigh the convenience against potential security risks. Also, be wary of apps or services that ask for information they don’t need to deliver the services they offer. This could be a red flag. By deleting unused apps on internet-connected devices and performing regular updates on the apps you do use, you can safeguard information further.

Use strong passwords. Passwords are a critical line of defense for devices, software, and online accounts. The ideal password should contain combinations of upper and lowercase letters, numbers, symbols, and be at least 8 to 12 characters long, making it hard to guess. You should have unique passwords for different logins and change them frequently, so fraudsters can’t access multiple apps or sites by cracking a single code. To keep track of different passwords, consider using password management software, which can safely store passwords using encryption and generate new ones when needed. Do not write them down or store them in a place that could be accessible to others (such as a sticky note by your computer.) 

Watch out for phishing schemes. Phishing is a social engineering scam where fraudsters pose as legitimate companies, people, or institutions in emails or text messages, with the goal of tricking recipients into sharing sensitive information. Schemes ask people to open an attachment or click on a link, which installs malware or reroutes the individual to a fake website that asks for information. These communications are designed to look familiar, so they can be hard to recognize. However, there is usually something off about the sending address—a misspelling or different name—or the request itself. You should avoid clicking on anything that seems suspicious. If you receive a dubious email at work, notify the IT department immediately. 

Avoid leaving documents lying around. Although society is becoming more digital, people still hold onto paper documents that contain sensitive information, including bank statements, receipts, and tax documents. Be sure to securely store any paper records that someone could use to steal your identity or financial information. If there are confidential papers you no longer need, you should consider working with a document disposal company like Shred-it to securely destroy the documents and help reduce the risk of identity theft. 

How Businesses Can Protect Their Data

Not only do businesses have a legal and ethical responsibility to protect sensitive data, but it also makes good business sense. More than 8 out of 10 consumers will decide who to do business with based on a company’s reputation for data security. Nearly 1 in 4 will stop doing business with a company that’s had a breach. By following these key strategies, businesses can improve data privacy protections. 

Know your data. For businesses to protect their data effectively, they must first understand what information they create, collect, use, store, and share. In addition, they should know where data is kept as well as whether a third party is involved with their data. By answering these kinds of questions, companies can get clarity about what their information protection plan should entail, where the risks are, and how they should prioritize mitigation strategies. 

Stay current with regulations. Data privacy laws and regulations have evolved in recent years to tackle the rising frequency and ramifications of data breaches. Historically, the United States has taken a state-by-state approach to consumer privacy and data protection legislation. For example, California, Colorado, and Virginia have recently enacted statutes that address these issues. Canada is also looking to enact new legislation to replace its existing data protection law, PIPEDA. Tracking what’s new and what’s coming in terms of data privacy laws and regulations can help a business ensure compliance and better protect their customers’ data. 

Build awareness. Employees at every level within a business must understand why preserving data privacy and security is so important. To help foster awareness, businesses should consider periodic training that discusses the impact of data security breaches; regularly test employees’ ability to spot potential cybersecurity threats; send reminders to change passwords frequently; promote a clean desk policy, and so on. The more employees are aware of and can practice their role in data security strategies, the more likely they are to consistently follow precautions and help the business be in compliance with relevant regulations.

Don’t forget about physical document disposal. As with individuals, businesses can generate a lot of paper. Employees should know what to do with any physical documents they no longer need, whether they are in the office or working from home. Having regularly scheduled document purges can help a business stay on top of the volume of paper. Businesses should also have a process for disposing of legacy technology that may contain sensitive data. Physically destroying the equipment is the best way to permanently remove any potentially sensitive data from old equipment. Partnering with a document destruction company like Shred-it can help ensure a business properly disposes of sensitive information and reduces the risk of data theft.

Learn more about how individuals and businesses can preserve data privacy and security.