Whether it’s concerns over privacy on Facebook and Google, Adobe’s leak of data for nearly 150 million customers, or most notably, the NSA/Edward Snowden scandal, privacy concerns have been nightly news this year. These stories and many others have sent both individuals and enterprise organizations scrambling to evaluate the security of their own data, a trend likely to continue in 2014.
Social Doesn’t Mean Private
We are all consumers, living in a “social world.” As such, we must remember that typically with free services like social media, we are the product. The entire premise behind social networks is that the information you post is intended to be widely available. When you post information on Facebook, YouTube or your social site of choice, it is your decision to do so. You should always remember that the information you share will be a reflection on you today, tomorrow and as long as it is cached in the memory of a computer somewhere, even if you no longer want it to be there.
The more personal information you post, the more vulnerable you become, leaving you open for some type of identity theft. This has become such an issue that a new industry has cropped up to provide insurance against these kinds of concerns. The only way we as individuals can combat this is to keep a watchful balance of which information we choose to share and with whom, and to keep the sensitive information private.
Enterprises Under Siege
Private citizens aren’t the only ones struggling with this issue -- companies and government agencies around the world remain under constant threat of cyber-attack and potential theft of sensitive data. As the global workforce becomes more mobile, enterprise organizations around the world are struggling to balance the tension between collaboration and compliance.
Data protection and security practices of the past focused on building walls to keep information “in” and keep adversaries “out,” but how do you continue that approach in a business landscape where organizations now have transparent boundaries? How do you build a wall around information when that information is no longer maintained in a central system -- your own virtual castle -- but rather flows through different systems, accessed by people with different roles and across different devices?
Your 2014 Privacy Plan
Enterprise organizations should focus their efforts on what data they actually need to protect. What defines your “crown jewels”? Do you need to put the same level of effort behind protecting pictures from the company picnic as you do behind protecting your customer data or trade secrets? This is an essential part of the planning process for next year -- you need to decide what type of data is important before you can determine how to protect it.
Data aware security policies provide an opportunity for organizations to build a more layered approach to security, prioritizing where efforts (and costs) should be spent, and building multiple lines of defense.
Balancing increased employee collaboration with building a more secure environment includes implementing a culture and technology systems where privacy and security controls are not limited to once a year training sessions, but rather a culture of compliance where it is easier for your employees to do the right thing than to do the wrong thing. Companies must create a transparent security organization to discourage employees from working around security.
Always remember that an ounce of prevention is worth a pound of cure. Living in our social and interconnected world has and will continue to present a paradox with personal privacy -- one that both you and your organization will need to address throughout 2014.
Title image by Zsolt Biczo (Shutterstock)