7 data security lessons from SC Congress Boston
Every company has crown jewels, or sensitive data critical to the business’s success and its employees’ and customers’ protection. Identifying that sensitive data, learning where it lives and staying ahead of inevitable security threats are paramount to any company’s ability to overcome events like security breaches and attacks.
At the recent SC Congress in Boston, security executives and industry leaders came together to discuss strategies for this common goal. Below are some of our top takeaways from the event:
- Risk detection needs to be a key priority. No company can stop all third-party intrusions or network breaches, regardless of the resources at its disposal. Instead, teams need to be ready to react as soon as such events happen.
- Most data breaches occur due to human error. To combat risks and the frequency of security incidents, executives need to focus on employee behavior and promoting best practices through a combination of training, awareness, education and ongoing IT monitoring.
- Any security breach can be a learning opportunity. As suggested by Sara Cable, assistant attorney general with the consumer protection division in the office of the Massachusetts Attorney General, following a breach, executives should proactively share details with their employees about what happened, how it happened and who was involved. Then, they should explain what they’re doing to remedy the incident and what they hope to learn in the process. Employees should be informed about the ramifications and outcomes of a breach long before the media shares the news.
- Go beyond legal requirements when it comes to risk management. If you already know your company is likely to suffer a breach, don’t sit back and wait for it to happen. By taking proactive steps beyond the minimum to secure private data, organizations can reduce the eventual fallout from a breach and ensure data complies with industry regulations before the company is subjected to an audit.
- Avoid conflicts arising between teams within a company. Different team leaders may want to approach security conversations in various ways. Executives should discuss joint strategies and compromises with technical, security and business team representatives, and ensure all departments can operate on the same page for the company’s collective goals.
- Security and privacy should work hand in hand. As Greg Masters, managing editor of SC Magazine, recently highlighted, employees don’t always understand the distinction between data security and privacy. In response, companies should become familiar with regional laws concerning each and empower employees with strategies to help uphold them.
- Data security is more than a technology concern. Upholding security, privacy and risk management standards is a company-wide priority not just a technical issue. Key business leaders need to support data protection strategies and conduct behavioral best practices in order to improve the company’s overall security profile.
Do you know what’s in your data? Learn more about how to protect your company from security risks.
Image courtesy of SC Congress Boston.Like This