Cyber Hygiene for Your Personal and Professional Life
Article on December 08, 2017
- Cyber Security
- Data Privacy
- Incident Response
ID Experts attended the 2017 Symantec Government Symposium in Washington, D.C. recently and we were glad to hear a speaker talk about the importance of investing in an incident response plan. The advice may sound basic but, in our experience, not everyone is prepared for the inevitable data loss.
Data losses, including the exposure of personally identifiable information (PII), happen. Whether the exposure is on a piece of paper left on a printer or a system being hacked, having a plan helps ensure a thoughtful, speedy and compliant response.
The comment got us thinking about some other basic cyber hygiene, and, as we approach the end of the year, I’d like to share some other best practices for our professional and personal cyber security.
First, know what PII you have, where it is and get rid of what you don’t need.
Download our eBookThe Art of War: Using Economics to Defeat Cyber Crime
For our personal data protection, the Federal Trade Commission (FTC) offers an excellent infographic about how long to maintain documents, ranging from sales receipts to birth certificates, and when to shred. In our professional lives, whether we are the Chief Information Security Officer, or simply a member of the workforce, we should also know the importance of being safe in cyberspace, protecting PII data and take steps to properly destroy what we can.
Large organizations realize that the workforce and/or customers are an important component of basic cyber hygiene – if not the first line of defense. Make sure 2018 includes a plan to educate users on practicing good cyber behavior, including password management, identifying potential phishing efforts, and which devices to connect to the network.
Lastly, take the time to teach your child, a student, intern or new employee about the importance of cyber safety in their personal and professional lives.
It is time to re-examine the way that we think about and what we expect from organizations impacted by cybersecurity breaches. A frank conversation on the responsibilities of company leadership, for both the C-Suite and the board, is long overdue. An organization’s responsibilities around consumer privacy in many ways remain somewhat ambiguous. Only by creating and upholding a consistent standard can corporate America ready consumers for the risks inherent in 21st-century levels of connectivity.
Thanks to recent data breaches like Equifax, identity theft and identity protection is now an international subject. The conference goers already knew the value of identity protection services and wanted to know how they could get protected now and how their employer could help.
The ancient Chinese general Sun Tzu said “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” While it’s unrealistic to think we can win every battle against cyber criminals, Sun Tzu’s words have a lot to offer. The problem that every privacy and security team faces is how to defend on every possible front with finite resources and budget. And the simple answer is, you don’t have to.