January 28 is Data Privacy Day and business owners will want to observe it this year.
A recent study by IDC found that consumers are overwhelmingly concerned about their data privacy. Eighty-four percent of the 2,500 U.S. consumers polled by the research group said they were worried about the security of their personally identifiable information (PII). Seventy percent said their concerns have heightened over the past few years.
As more of their business lives and personal behaviors are being tracked, people are beginning to feel the effects of a hyperconnected world. Seeking greater anonymity, consumers may turn against companies that play fast and loose with their private data.
"It is against this backdrop – when consumers feel their private information is in jeopardy – that they appear poised to take action," said warned IDC program vice president Sean Pike, in a statement. "Consumers can exact punishment for data breaches or mishandled data by changing buyer behavior or shifting loyalty."
To help entrepreneurs avoid that fate, this year Small Business Computing asked security specialists to provide expert advice on protecting valuable private customer and employee data. Here are their tips.
Don't Bury Privacy Policies in Legalese
Show your customers that you respect their privacy and clearly post your policies in plain English.
"In a post-Snowden world consumers are more educated and concerned about privacy than ever. While most people won't read the small print of privacy policies, they are interested in what information is being collected, and are frustrated with the difficulty and deceptiveness of many policies," Chet Wisniewski, senior security advisor at Sophos.
"By clearly explaining why you need someone's private information, that you will encrypt it to protect it while it is being used and describing how you will destroy it when it is no longer needed, consumers gain confidence and trust compared to their experiences with other companies or services," he continued.
Make People Part of the Solution
Stringent privacy policies and bleeding-edge security technologies aren't enough to keep private data out of the wrong hands.
"Effective cybersecurity relies on three things: products or services, processes, and people. Depending on only one of these isn’t enough," said Tony Anscombe, senior security evangelist at Avast. "Businesses should continually review who needs access to what and why – this is a process that tends to get forgotten."
It's everyone's job to safeguard private information, not just IT workers.
"At the heart of it, people are the key; everybody has a role to play in keeping a business secure," continued Anscombe. "A comprehensive cybersecurity architecture that restricts access to data and services to only those that need it should be built into business processes and employee training, not added on as an afterthought."
Mind the Digital-Analog Gap
Protecting your customers' and employees' data requires more than hacker-proofing IT systems and implementing new policies. It also requires that business owners get serious about managing one of their most often-used but overlooked pieces of office equipment: the printer.
"When taking steps to protect online privacy, SMBs [small and midsized businesses] shouldn't overlook documents that transition between paper and digital formats during their lifecycle," Chris Strammiello at print management specialist Nuance. "In particular, those transition points, such as document scanning and printing, can introduce risk that threatens data privacy. Documents from banks, healthcare providers and more can include sensitive information, such as social security numbers, bank account information and birth dates."
Studies have shown that 20 percent of all print jobs are never picked up by the original user, inviting all sorts of unauthorized access to confidential information, said Strammiello. He suggests using print management software that stores print jobs in a secure print queue until a user is able to physically retrieve the documents. Further, it can "be used to authenticate users at devices before printing, and also capture and maintain a log of all printing activities," he added.
If questions arise, a detailed print log can put them to rest. "For SMBs in regulated industries, like banking or healthcare, having an audit trail history on file can make all the difference if compliance is questioned," said Strammiello.