SVP content strategy at the info-security and anti-phishing awareness firm KnowBe4, Anna Collard, shares advice for individuals and organisations to take control of their data.
For individuals
Declutter accounts and apps: Use Data Privacy Day to remove unused accounts and subscriptions. Minimising personal information available online reduces potential attack vectors.
Set up a reputable password manager: Migrate critical accountsโincluding email, financial, social media, and investment accountsโto the password manager. Reset weak passwords and use strong, unique ones generated by the manager.
Enable multi-factor authentication (MFA): Activate MFAโideally with a FIDO tokenโfor critical accounts as an added layer of protection.
Check social media settings: Ensure your accounts are private. Public accounts make all attached personal information accessible.
Block online trackers: Install tools that prevent advertisers or bad actors from monitoring your browsing habits.
For oOrganisations
Minimise data collection: Only collect and store data that is essential for business operations. Eliminate unnecessary personal or payment information.
Communicate transparency in privacy policies: Clearly explain what data is collected, how it is used, and with whom it is shared.
Train employees: Educate all employees on data protection regulations, while training them to recognise the latest social engineering attacks and other security risks.
Encrypt personal data: Protect personal dataโat rest and in transitโfrom unauthorised access or exposure.
Vet vendors and partners: As a โresponsible partyโ, your organisation is responsible and accountable for protecting the data of its subject โ even if the processing is outsourced to third parties. Ensure that any external parties handling your organisationโs data maintain a high standard of privacy and protection.
โData protection is no longer just a compliance checkboxโit is a cornerstone of trust in the digital economy, Collard adds. โWith laws like General Data Protection Regulation (GDPR) and The Digital Operational Resilience Act (DORA), Europe is leading the way in mandating transparency, accountability, and operational resilience. However, compliance alone is not enough; and as a community, we should use Data Privacy Day as a reminder to adopt a proactive and privacy-aware security culture.โ
Separately, the firm has released a research paper, “Cyber Insurance and Security: Meeting the Rising Threat.” Stu Sjouwerman, CEO of KnowBe4, said: “This latest research clearly indicates that organisations, regardless of size, must adopt a proactive and comprehensive approach to cybersecurity. Cybersecurity cannot remain an isolated IT function. Instead, it must be embraced as a core component of organisational strategy, ensuring that technological risk management is backed by informed human defenses and comprehensive risk management practices, including cyber insurance.”
Visit https://www.knowbe4.com/.
