Security is not privacy: ways to keep personal data secure

This blog has been updated January 2023 and continues our cyber security user awareness campaign, all of which can be viewed here:

1. How to fight fraud with security intelligence
2. The 6 biggest email security risks for enterprises
3. Security is not privacy: ways to keep personal data secure
4. Building a mobile threat defense for your enterprise devices
5. How to cut security risks for remote workers
6. 10 surprising security risks in your office
7. Do you know all types of internet security threats?
8. Steps of a successful cyber security user awareness program
9. How to reduce security risks in the future

Do you know how your data is being handled or what the potential cost of a data breach could be for your company? The numbers tell the story, and that story says that the global average total cost of a data breach is $3.92 million – and a data breach isn’t a rare occurrence. In fact, hackers attack every 39 seconds, and in 2019, the number of data breaches in the United States exposed more than 164.68 million sensitive records.

However, not all is lost. The good news is that 70 percent of organizations report significant business benefits from investing in privacy measures, and more than 40 percent are seeing benefits at least twice that of what they spent on that investment. But before that can happen, you must understand the difference between data security and privacy, the ways your data could be compromised, and how to keep that data secure. Let’s take a closer look.

Learning the difference between security & privacy

Data security and data privacy are two essential components of a successful strategy when it comes to data protection, and the terms are often used interchangeably. However, while they do both contribute to safeguarding critical information, they have notable differences and serve to achieve distinct goals.

Put simply, data security entails protecting sensitive data. The goal is to prevent unauthorized access to that data — such as with breaches or leaks — regardless of who the unauthorized user might be. To achieve this, tools and technology such as firewalls, user authentication, network limitations, and internal security practices are put into place to deter this event. Data can also be encrypted, which makes the information practically inaccessible to unauthorized parties, while approved users can easily access the data with a special digital key. In the case of a breach, this often thwarts cyber criminals from accessing sensitive data.

Data privacy, on the other hand, is about the collection, usage, preservation and destruction of personal data. This means informing individuals upfront of which types of data will be collected, the purpose of that collection, and the names of anyone that it will be shared with. Once this transparency is provided, an individual must then agree to the terms of use, which allows the organization collecting the data to use it as agreed upon.

Although both data security and privacy work together, the key is knowing that while privacy protects identity, security protects the data.

Understanding the ways your data could become compromised

There are many ways that sensitive personal data can become compromised, and it doesn’t always come from an outside hacker. Around 28 percent of enterprise data security incidents actually come from inside. While that most likely doesn’t mean employees have malicious intent, it’s still an issue and it’s important to know how your data could potentially be compromised.

Data leaks

As the name implies, a data leak is when unauthorized transmission of data from within an organization is exposed to an external destination or recipient — either electronically or physically. These threats typically occur through web and email but can also happen through mobile data storage devices and cloud data storage devices, which exposes sensitive and personal data to the Internet.

Data loss

Data loss is any event or process that results in corrupted data, deleted data, or data rendered unreadable by a user or application. Most often this happens accidentally when data is deleted or corrupted in some way, shape, or form.

Whether it’s through a virus or formatting error, data is rendered unreadable not just by humans but also by software, and it comes at a high cost in terms of both time and money. In fact, 94 percent of companies that experienced catastrophic data loss never recovered, and 93 percent of businesses that suffer data loss for more than 10 days file for bankruptcy within one year.

Improper data backup

Improper or unsuccessful data backups — or failing to backup altogether — can result in the loss of personal data. Data changes constantly, which means there needs to be a consistent (and frequent) system to back up the data in place to make sure the information is not put at risk.

Besides, many companies have employees working remotely or on their mobile devices, all of which might not be synced to a backup regime and are more vulnerable to being lost, broken, or stolen — along with the data that they’re securing.

Unattended computers

A great rule of thumb when it comes to data privacy and data security is to never leave a computer unattended because it puts confidential data in jeopardy. Whether someone walks by and sees what you’re working on or goes as far as to steal the device, it’s critical that you’re always attending to your computer to minimize the possible risks to sensitive data. In case you have to leave your computer, remember to lock it before you go.

Removable media

Removable media is any type of storage device that can be removed from a computer while the system is still running, such as USB devices, SD cards, or smartphones. They’re convenient, but they’re also a possible target for a data breach. If the removable storage device isn’t write-protected, they’re unprotected from malware and viruses that can easily replicate and distribute themselves throughout the whole company’s system resulting in the unauthorized use or loss of confidential information.

How to prevent breaches & keep personal data secure

Knowing how your data can be put at risk is important, but it’s critical that you also know how to prevent any security breaches in the future. There are a few steps you can take to ensure personal data stays secure.

First, always back up your data, and if possible, store your backups in a physically separate location. This helps to prevent the potential that the data is lost from physical destruction or theft. Next, consider data encryption, which scrambles information you send over the internet, making it useless to those who don’t have the key to decrypt the data. Apply layers of protection — such as firewalls and restricted peer-to-peer traffic — to make it harder for an attack to occur.

Keep all your passwords and devices secure and attended and ensure that anyone using a mobile device to access sensitive information can do it securely — or even limit the use of removable media unless specifically authorized. Also, consider providing cyber security awareness training to staff so that everyone is on the same page when it comes to the risks involved.