Today is Data Privacy Day, an event sponsored by the National Cyber Security Alliance. The intent is to promote awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. At a time when we transact with all manner of data in so many form factors, we are inclined to overlook the importance of measures that keep our data and content safe. The National Cyber Security Alliance’s efforts are important in helping instill into people the need for an effective culture and mindset around privacy and the governance required to maintain it. 

The impact of cyber threats have ramifications that are hard for most of us to get our heads around. We tend to look at major privacy breaches as catastrophic, but for most of us, they are removed from our daily activity. That kind of thing happens to other people, right? Or perhaps we get to an explanation of what’s really happening, but don’t really understand it. The media likes to fetishize the notion of complex technology being deployed by networks of sinister teams to wreak havoc. Sometimes that’s correct. More often than not, it’s far simpler than that, and we’re missing our role in all of it.

The reality is that protecting data is very much part of our world; our data is stored and transacted constantly in places and ways over which we have more control than we realize. So, an ounce of prevention is indeed required, and applying that prevention requires visibility into the data you’re using. Knowing who has access to it, how it’s being used, and providing structure to it is tied to almost every activity in which a business engages.

Just consider the facts around internal threats alone. The Verizon 2019 Data Breach Investigations report says that 34% of all breaches in 2018 were caused by insiders. In attempts to extract, ransome, and misuse data costs, on average, $513,000 per incident and can cost a company between $8 million to $11 million in a year. With an understanding of how data is accessed, especially sensitive data, companies can gird themselves with the right tools to be smart about how they manage and secure the intellectual property they create and use.

Data Privacy Day encourages individuals and organizations to be involved and get active. This kind of awareness is an important first step towards having a governance-minded approach to organizational data. These lessons are apt and powerful. For one thing, they remind us not to overcomplicate data governance. The way a hacker gets access to privileged data doesn’t always have to do with sophisticated technology. Hackers want “in” and will look for holes do get the access they desire. At issue is how they get in.

Hackers and threats are directed at behaviors where humans display vulnerability and it doesn’t always require savvy programming in order to take advantage of that. Again, the goal is to penetrate, get inside, and wreak havoc. The key to avoiding that is recognizing legitimacy, acting accordingly, and using checklists and best practices to operate safely.

What the National Cyber Security Alliance recognizes and is trying to educate people about is that data and technology are wrapped intimately into our lives. Just as we would take measures to be healthy, wear seatbelts, and lock our front doors, we must also take care to safeguard the digital life of the data for which we’re responsible for.

Photo by Michael Jasmund.

Comments are closed.