Data Privacy Best Practices for Organizations

Topics: Govern Information | Information management: Best Practice Guides

There are many good and relatively inexpensive practices enterprises can employ to ward off cyber criminals and limit the amount of damage if their networks are penetrated.

In 2015, protecting data privacy is no longer just the concern of chief information officers and chief security officers. According to PricewaterhouseCoopers, it is now a core concern for 48 percent of chief executive officers. This comes as no surprise, since 2015 is predicted to again set a new record for cyber crime, and the associated fallout thereof could potentially take down executives and their companies.

There is not now, and likely never will be, a silver bullet to completely safeguard an enterprise and the data it protects. While great advances are coming, there are still many good and relatively inexpensive practices that can be used to ward off some cyber criminals and limit the amount of damage if a network is penetrated.

Encrypt, Encrypt, Encrypt

There is no excuse not to encrypt all data at all times, whether at rest or in motion. Indeed, there is no reason not to encrypt both the device's storage and data. Encryption schemes can be broken, but just as most burglars look for unlocked doors, most cyber thieves look for unencrypted data. To protect data in motion outside the firewall, use encryption via a virtual private network and device management to enforce all other desired policies. Encryption is also available for network traffic inside the corporate firewall.

Beef Up Authentication

Inexpensive enterprise password management tools should be used at every enterprise. These tools can be used along with policies to enforce strong passwords, regularly changed passwords and two-factor authentication. Though many users have adopted password management tools for their own devices, they should also be mandated on every device that is authorized to access corporate data.

As biometric authentication schemes using fingerprints, retinal scans and activity patterns become more widespread, stronger and more user-friendly two-factor authentication schemes are available. Also, never keep system IDs and passwords in unprotected text files.

Harden All Endpoints That Access Corporate Systems

Whether an enterprise limits employees to company-supplied endpoints or permits bring-your-own-device policies, every device that is allowed to access corporate networks and data should be managed with device management tools that enforce all corporate security policies.

Your organization is only as secure as its weakest endpoint. In one recent incident, a bank had updated all its servers to require two-factor authentication. Unfortunately, the bank missed one server among its thousands. Guess which server provided the access to cyber thieves? That's right — the only one they missed. As with encryption, there are methods to spoof two-factor authentication that might have worked, but the bad guys went for the weak link.

Get Rid of Inactive Data

Old non-production applications, old devices and old tapes all need to be taken offline, secured if retention is required and securely destroyed if they are not needed. Thieves cannot steal what they cannot see.

Stop Creating Smoking Guns

For a long time, lawyers advised their corporate clients to avoid creating messages they would not want to see turn up in litigation processes. These days, however, litigation is not the only concern. Cyber criminals' top targets include financial records, health records and internal communications you would not want to see printed in the New York Times. This can subject a company to blackmail and potential legal liability. The risk to corporate reputations from ill-advised messages can be larger than legal liabilities.

Getting your organization on board with data privacy best practices can help you achieve enterprise-wide protection in 2015 and boost your data storage management efforts.

Do you have questions about data management? Read additional Knowledge Center stories on this subject, or contact Iron Mountain's Data Management team. You'll be connected with a knowledgeable product and services specialist who can address your specific challenges.


Offsite Tape Vaulting
Offsite Tape Vaulting

Topics: Offsite Tape Vaulting

Your organization operates in a world where hardware malfunctions, human errors, software corruption, and man-made or natural disasters are an ever-present threat to your data. And you’ve probably invested significantly in backing up your data should one of these incidents impact your operations — but that’s only one part of the story.

Preserving the World's Heritage
Preserving the World's Heritage

Topics: Data Archive

Our charitable partner CyArk is out to digitally preserve world heritage sites like Mount Rushmore using 3D-laser scanners. To preserve these sites, they require a long-term, cost-effective solution for protecting and managing the data. Read this case study for the surprising answer to this important challenge.