10 best practices for data privacy
10 best practices for data privacy
By: Zack Vanderbilt, Director, Technology
Here at Kiosk, data security and data privacy are some of our top priorities and investments. After all, we have a whole team dedicated to them! And as Kiosk’s Director of Technology, one of my favorite parts of the job is keeping my fellow Kioskers informed about the latest data security best practices. In honor of Data Privacy Day, we wanted to share some of those best practices that you can put into practice within your organization today:
- First and foremost, always keep your devices and software up to date. That means staying on top of operating system updates, firmware updates, and other software such as your word processor or antivirus updates too. It also means regularly rebooting your devices to apply those updates as needed.
- Encrypt your data. All devices should have disk encryption enabled to ensure data is at least protected at rest. Whenever you handle sensitive data, such as personally identifiable information (PII), it must be encrypted in transit and at rest.
- Use antivirus software. Folks still often think because they are using a Mac, they are impervious to malicious threats. However, all operating systems are vulnerable to threats. In fact, Malwarebytes released a report which found that Mac threats outpaced Windows threats for the first time ever in 2019.
- Don’t be a data hoarder! If some data is no longer required to perform a task or job, or if the data is no longer legally required to be retained, it should be securely erased.
- Use the principle of least privilege. A subject/device/service/application should only be given the permissions necessary to complete its task. If a permission is not needed, it should not be given. The function of the subject/device/service/application should dictate the assignment of rights.
- Use unique passwords for each site or service you use (and better yet, use passphrases instead of passwords!). One of the more common ways folks are getting hacked is through password reuse attacks. An attacker has a list of known valid passwords for a given victim. That attacker then attempts to log in to various services such as online banking sites, social media, or company resources using those known passwords. If the victim doesn’t leverage different passwords for different sites and services, it becomes trivial for the attacker to compromise the victim on multiple platforms.
- Manage your passwords and passphrases securely. Do not, I repeat, do not store your passwords in plaintext on sticky notes or otherwise on paper. With the advance of password managers, no one has any excuse to ever write a password down on paper. Using a password manager means you won’t even need to remember your passwords anymore (except the one to unlock your password manager!).
- Take backups. Backups are critical to data security and integrity. Maintaining backups provides a way to restore critical data in the event of disaster. While I hope you never have to recover from a disaster, it is very important to be capable of doing so should the need arise.
- Be mindful of what you install. That app that promises to clean your mac or windows computer up with a single click is lying.
- Also be mindful of which emails you open. Phishing campaigns are extremely popular in times of duress. There have been many campaigns related to PPP loans, vaccines, and the Covid-19 pandemic at large. Phishers are taking advantage of these themes to craft believable emails to victims to extract money, data, etc.
We hope these data privacy best practices will help strengthen your organization, or serve as useful reminders for the individual actions we can all take to protect our data. As always, if you’d like to find out more about how to make your organization or your website more secure, give Kiosk a call and we’ll be glad to help you out.