Data Privacy Day is here and an important reminder of the value of privacy and security when it comes to protecting our data, both at home and within the workplace. Getting our employees involved in the conversation about being #PrivacyAware is a good place to start in creating a culture of privacy within your organization. Follow us on Twitter @KPAudit to join the conversation and share how you help employees be #PrivacyAware.

In the meantime, here are a few tips we’ve come up with. What other ways are you encouraging employees to be #PrivacyAware?

1. Create a Culture of Privacy

When trying to create any kind of culture, it’s important to recognize that the impact is greater when the stakeholders and leaders are clearly invested. So, when trying to create a culture of privacy within your organization, it’s important to remember that it must start with the tone from the top.

Other great ways to encourage Privacy within your organization can be things such as hanging posters around the office with tips and best practices for ensuring the privacy and security of data.

2. Talk frequently about Privacy and Security

Continuous conversations surrounding privacy and security and what is expected of employees when it comes to protecting sensitive data is a great way to keep these things on the forefront of employees’ minds. How is privacy and security important to your business and what role do your employees play in achieving these business goals? Regular meetings or updates on new privacy and security trends and reminding employees of best practices is a good way to keep the conversation going and keep it relevant.

3. Teach Employees to recognize Phishing and Social Engineering Attacks

Every minute, someone becomes the victim of a phishing attack. Ransomware and social engineering attacks are constantly evolving as the cyber threat landscape grows. It’s more important than ever to teach employees to recognize phishing and social engineering attacks so they can be prepared to avoid giving out sensitive information that could lead to a breach or loss of data. Phishing emails and fake links that look like legitimate websites are still the most common form of attack. Social engineering is another common way to manipulate others into giving out sensitive information and employees should be taught to never give sensitive information out over the phone such as passwords and usernames without thoroughly vetting and verifying the identity of the person on the other end of the line.

There are online resources to help with data privacy awareness training.

4. Utilize a secure wireless network at work and at home

Connecting to free/public Wi-Fi leaves your information vulnerable and at risk. Be sure to connect only to secure networks to ensure data security during transfer over wireless networks. Consider subscribing to a VPN (Virtual Private Network) to reduce the risk of your sensitive information being stolen by cybercriminals. Securing your home network so that others can’t access your wireless network is another best practice for managing privacy and security. It’s important to remember that it’s equally critical to secure the privacy of your data at work and at home.

5. Regularly install updates

Keeping operating systems and applications updated to the latest version is a critical task that must be done to ensure privacy and security of data. Updates are complete with the latest patches for vulnerabilities and bugs, which can be used to exploit your network and gain access to sensitive data. When possible, enable automatic updates to add an extra layer of security and help reduce the risk of being vulnerable to cybercriminal attacks.

Follow us on Twitter @KPAudit and share how you’re helping your employees to be #PrivacyAware. Looking for more ways to get involved in Data Privacy Day? Visit www.staysafeonline.org for details. For a free consultation regarding what you’re currently doing to ensure privacy and security at your organization, contact us today.

With the holiday season always comes a rise in cyber crime and data theft. With that in mind, it’s a perfect time to remind ourselves of important information security tips to keep us safe and secure this holiday. So don’t let the Grinch ruin your holiday. Here are 5 things the Grinch can teach us about information security:

1. Beware of Social Engineering

“With this coat and this hat I look just like St. Nick!” These infamous words led the Grinch straight through Whoville, sneaking into homes, successfully impersonating someone they trusted, and stealing Christmas. This popular form of hacking, known as social engineering, can be avoided by training your employees to never give out sensitive information (e.g., username and password combinations or unauthorized access to an area) without fully identifying the other person.

2. Ensure Network Security

Don’t let the Grinch slide down your chimney unannounced. Ensure Network Security by implementing and maintaining a firewall configuration. As auditors, a common gap we see when performing audits is a poorly maintained firewall. Maintaining a secure firewall is important in order to monitor incoming and outgoing packet requests and blocking unauthorized requests. Ensure network security by having effective and fully documented policies and procedures.

3. Secure your Last Line of Defense

Train the little Cindy Lou Who’s to recognize security incidents when they happen. Regularly training your employees on security awareness and policies and procedures is a critical component of your organization’s security. You’re only as strong as your weakest link, so continually train employees on logical and physical security responsibilities to ensure your employees will know how to respond in the event of a security incident.

4. Perform Annual Risk Assessments

Don’t let the Grinch rob you blind – Protect your assets from theft and breach. The first step in safeguarding your business from theft or a data breach is by performing an annual risk assessment. Risk assessments are a way to identify assets and prioritize risks to those assets, allowing organizations to ensure the proper controls are put in place to protect those assets from vulnerabilities and threats.

5. Test your Incident Response Plan

The Whos didn’t let the Grinch ruin their holiday. They were prepared to move forward in light of a security incident. Have a plan in place that you have tested and train employees on your incident response plan policies and procedures. Your Incident Response Plan should include policies and procedures that dictate to your organization the immediate actions that are to be taken following the detection of an incident.

Stay safe over the holidays, and don’t forget these 5 important tips to ensure the Grinch doesn’t ruin your holiday.