SVP content strategy at the info-security and anti-phishing awareness firm KnowBe4, Anna Collard, shares advice for individuals and organisations to take control of their data.
For individuals
Declutter accounts and apps: Use Data Privacy Day to remove unused accounts and subscriptions. Minimising personal information available online reduces potential attack vectors.
Set up a reputable password manager: Migrate critical accounts—including email, financial, social media, and investment accounts—to the password manager. Reset weak passwords and use strong, unique ones generated by the manager.
Enable multi-factor authentication (MFA): Activate MFA—ideally with a FIDO token—for critical accounts as an added layer of protection.
Check social media settings: Ensure your accounts are private. Public accounts make all attached personal information accessible.
Block online trackers: Install tools that prevent advertisers or bad actors from monitoring your browsing habits.
For oOrganisations
Minimise data collection: Only collect and store data that is essential for business operations. Eliminate unnecessary personal or payment information.
Communicate transparency in privacy policies: Clearly explain what data is collected, how it is used, and with whom it is shared.
Train employees: Educate all employees on data protection regulations, while training them to recognise the latest social engineering attacks and other security risks.
Encrypt personal data: Protect personal data—at rest and in transit—from unauthorised access or exposure.
Vet vendors and partners: As a ‘responsible party’, your organisation is responsible and accountable for protecting the data of its subject – even if the processing is outsourced to third parties. Ensure that any external parties handling your organisation’s data maintain a high standard of privacy and protection.
“Data protection is no longer just a compliance checkbox—it is a cornerstone of trust in the digital economy, Collard adds. “With laws like General Data Protection Regulation (GDPR) and The Digital Operational Resilience Act (DORA), Europe is leading the way in mandating transparency, accountability, and operational resilience. However, compliance alone is not enough; and as a community, we should use Data Privacy Day as a reminder to adopt a proactive and privacy-aware security culture.”
Separately, the firm has released a research paper, “Cyber Insurance and Security: Meeting the Rising Threat.” Stu Sjouwerman, CEO of KnowBe4, said: “This latest research clearly indicates that organisations, regardless of size, must adopt a proactive and comprehensive approach to cybersecurity. Cybersecurity cannot remain an isolated IT function. Instead, it must be embraced as a core component of organisational strategy, ensuring that technological risk management is backed by informed human defenses and comprehensive risk management practices, including cyber insurance.”
Visit https://www.knowbe4.com/.
