Ostra
  • Email Sign Up
  • Contact
  • Home
  • Technology
  • Clients
  • Partners
  • About
    • Careers
  • Blog
  • Contact
  • Search
  • Menu Menu

Awareness Leads to Action: Why Data Privacy Matters

January 25, 2022/in Cybersecurity 101, Security /by Stacey Kusnier

By Michael Kennedy

To anyone who is familiar with Ostra’s history as well as our team culture, it is no surprise that we are passionate about data privacy. Ostra is a proud 2022 Data Privacy Week Champion because we were founded on the belief that all businesses and individuals have a fundamental right to data privacy and security.

January 24 – 28, 2022 is Data Privacy Week—a global initiative to generate awareness about the importance of online privacy. In addition to educating citizens on how to manage and secure their personal information, Data Privacy Week encourages businesses to respect data and be more transparent about how they collect and use customer data.

What does data privacy mean?

Individuals and businesses approach data privacy in slightly different ways:

  • As individuals, we are usually more concerned with protecting our personal information, securing our financial or health records, keeping our families safe on social media, or reducing the risk of personal property being stolen.
  • For businesses, however, data privacy is more complex. It’s not just about protecting the data of their company, employees, or investors. They also need to be accountable for how they are handling data for their clients, vendors, or any other organizations that they interact with.

But in all cases, data privacy is simply about minimizing opportunities for others to exploit data for personal, professional, political, social or financial gain.

The path to action

According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies.

Yet, at the same time, many of us in the information security industry hear comments like, “Who cares if Big Brother is listening to what kind of cereal I like?” People know they are being targeted, but the outrage has worn off.

When Ostra conducts cybersecurity assessments for our clients, we typically try to find out where they fit on the scale of concern for their data security and data privacy.


After spending more than 20 years in this industry, I’ve seen attitudes about data privacy that range from apathy to paranoia. Both ends of this spectrum are problematic.


How can we best position ourselves to champion data privacy? I am a big fan of awareness that leads to action. This concept is illustrated below:

On the left side, Apathy leaves people unmotivated, leading to careless inaction. On the other end, Paranoia creates a fatalistic outlook, which can be just as paralyzing. Neither of these extremes tend to move people forward. But right in the middle is Awareness, which leads to action.

Businesses can build employee awareness about data privacy by asking these questions:

  • Whose data do we have?
  • What kind of data do we have? (Financial, personal/health information, etc.)
  • Should we even have this data?
  • Who has access to this data? (And is anyone overseeing these permissions?)
  • How do we secure this data?

Individuals can take data privacy more seriously by thinking about:

  • Where is my personal data being stored?
  • Who has access to my personal data?

Privacy Frameworks

As companies dive further into the topic of data privacy, they should also develop an official Data Privacy Policy or framework if none exists.

What is a Data Privacy Policy? It is simply a roadmap that your company can follow to keep sensitive data secure. Your policy might outline the following:

  • Methods you use to manage/store private data
  • Standards or procedures for encrypting your data
  • What to do if an employee is on the receiving end of private data that they should not have access to
  • Procedures about who is a gatekeeper for sensitive, confidential or HIPAA-protected data
  • Definitions about what is considered private or confidential data
  • Guidelines for sharing or forwarding data to non-gatekeepers

Train your employees (and then train them again, and again…)

A policy is only as good as the people who follow it—or don’t. So once you have a framework in place, it’s time to ensure your employees are properly trained, regularly updated, and are inspired to share your commitment to data privacy.

Training topics or roundtable conversations might include:

  • What is protected information?
  • What are some scenarios where private data might be exposed, unintentionally?
  • What should I do if I accidentally receive something from a client or employee that I shouldn’t?
  • How do I report a data privacy breach or incident?
  • What are best practices for keeping my laptop, smartphone or network files secure?

Data privacy training doesn’t have to be formal or complicated. It could be a casual lunch-and-learn or Q&A session. The goal is to get employees thinking and talking about their role in ensuring data privacy at the company.

At a minimum, I recommend that businesses host quarterly or monthly data privacy trainings for every employee and contractor. Since Ostra believes so strongly in data privacy, our security team talks about it at least once per month—sometimes as part of our all-company town halls, or even more frequently at smaller gatherings. We know that regular, ongoing conversations about data privacy are crucial to proactively protecting ourselves, our company and our clients.

Links between personal & business data privacy

Your personal and company data might be more interconnected than you realize. Cybercriminals are constantly looking for cracks in the armor to help them gain access to a company’s client list, financial data, intellectual property, or other important information.

Whether you are the CEO or a part-time intern, it’s important to consider:

  • How much information are you sharing on your personal social media accounts that might make your password easier to crack? (i.e. birthdates, anniversary dates, middle names, location details, etc.)
  • Do you participate in online surveys or quizzes that gather your personal details? If so, could your answers be used to put your data at risk?
  • Do you ever check email from an unsecured network—e.g., while at home or at your local coffee shop?
  • Have you checked the privacy settings on the many apps have installed on your smartphone?

By collecting unsecured personal information, impersonators can build profiles of employees to gain access to sensitive data at the places where they work.

Of course, many people can’t imagine their company might be a prime target for things such as ransomware—especially those who work for SMBs. But cyber attacks are not just aimed at multi-national, Fortune 100 corporations. A 2Q 2021 Coveware report stated that more than 75% of ransomware cyberattacks occur on companies with less than 1,000 employees.


Impersonating employees by researching their personal data is a common strategy that criminals can use to initiate ransomware attacks, credit card fraud, industrial espionage and more.


About Data Privacy Week

January 24 – 28, 2022 is Data Privacy Week. In 2022, National Cybersecurity Alliance expanded its annual Data Privacy Day campaign from a single day (January 28) to a week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe, which commemorates the Jan. 28, 1981 signing of the first legally binding international treaty dealing with privacy and data protection (known as Convention 108). For more info about Data Privacy week and other initiatives from the National Cybersecurity Alliance, visit staysafeonline.org.

About Ostra

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. The result is a multi-layered, 360° solution that allows you to set it and forget it. For more information, visit www.ostra.net.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail

Subscribe to our Newsletter

Recent Posts

  • Protecting What We Value: Why Data Privacy Is Worth the Effort
  • Ostra Cybersecurity Expands Partner Success Team
  • Ostra’s Year in Review
  • Ostra Cybersecurity Adds Director for Rapidly Expanding Channel Partner Network
  • Employee Spotlight: Eunice Asemnor, Security Analyst
  • PRESS RELEASE: Ostra Cybersecurity Secures Capital to Bring Fortune 100-Caliber Protection to Small and Mid-Sized Businesses
  • “Who Can You Trust” – A Hacks and Hops Session Recap
  • Why Businesses Keep Losing the War on Cyber Terror: Part 3
  • Why Businesses Keep Losing the War on Cyber Terror: Part 2
  • Why Businesses Keep Losing the War on Cyber Terror: Part 1

Archives

Contact

Ostra Cybersecurity, Inc.
6101 Baker Rd
Suite 202
Minnetonka, MN 55345

contact@ostra.net    (866) 336-7872

Subscribe to our Newsletter

Get Social

© 2023 Ostra Cybersecurity, Inc. -
  • Website Terms & Conditions
  • Privacy Policy
  • Terms of Service
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

Accept

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy