By Mitch Christian, Information Security and Infrastructure Officer—CCIP-CSIM

Did you know that 45.6% of websites use cookies to track your web activity? And 83% of Americans report seeing targeted ads due to those cookies. That’s not all, 82% of web traffic contains Google Third-Party Scripts, and almost half of those scripts are tracking users [1]. But they aren’t the only ones; Facebook tracks 15% of all web traffic, and both Twitter and Microsoft track around 4% of traffic [2].

Why are we talking about data privacy? Beyond the fact that data breaches can cost organizations hundreds of millions of dollars, it’s Data Privacy Week.

In today’s digital-first work environment, data privacy is a huge focus worldwide. And rightfully so. It’s crucial to understand who and how data is handled as it has numerous ramifications related to the ways business is conducted. Furthermore, it’s more important than ever to ensure that client and consumer data are handled correctly and protected as cybersecurity threats and vulnerabilities increase in complexity and frequency. An organization’s ability to track and detect data movement has become critical in today’s increasingly digital world.

To account for today’s environment, Synergy follows a strict philosophy of multiple frameworks and proactive risk assessments to secure its business and client data. But that won’t stop all threats. As such, we believe the combination of solid policy on the business level combined with proactive, collaborative personnel policy is the only way to maintain the integrity of an organization’s data.   

Cybersecurity Holistic Approach

Synergy believes in a holistic approach to cybersecurity and privacy to ensure its security program is proactive and in a constant state of improvement. We’ve implemented programs to continually improve the organization’s security posture and feel this philosophy is the best way to protect Synergy’s data and, most importantly, to ensure we are not a liability when it comes to handling our clients’ data.

One component of our approach is a concept called Zero Trust architecture. This type of architecture significantly improves an organization’s security posture by only allowing confirmed and trusted hardware and identities access to its systems. In the past, security was done by simply authenticating an identity with a sole password, but that’s not enough in today’s cybersecurity landscape. By updating the way users login to their systems, organizations will limit vulnerabilities by making the process more secure, which, in turn, will actually make it easier for the users to login—a win-win for both sides.

Training

Another critical component of cybersecurity, data privacy, and keeping systems secure is ongoing staff training programs. For example, each new staff member at Synergy must take cyber-security and data privacy training as a part of their onboarding process. The training is designed to raise awareness about proper data handling and secure computing procedures.

Furthermore, employee testing and communication are critical components of any well-rounded staff cybersecurity and data privacy training program. These custom programs help staff experience real-world penetration tactics to better understand how cybersecurity policies play out in their daily tasks and activities.

Beyond the architecture design and training, an organization’s security posture should cover three critical components:

  1. Privacy framework—outlines how data is handled and the expected outcomes
  2. Cybersecurity framework—the specific controls and privacy protections/strategies that are in place
  3. Risk Assessment Practices—SOC2 Type II audits/yearly risk assessments to identify risk related to the protection of data and what is required to continue to improve protection

Altogether, a Zero Trust architecture enacts a shield of defense at the point of entry. From there, the privacy and cybersecurity frameworks collaborate to protect, analyze and detect the movement of the data the organization stores. Through ongoing training, audits and risk assessments, organizations can proactively understand vulnerabilities in their systems and identify the processes required to stay ahead of new threats.

In Synergy’s case, combining these five elements enacts a truly transformational security posture, ensuring we remain an active partner and do our part to protect our clients’ data.

Protecting Personal Data

The following are a few tips to help ensure the data on personal devices is protected while engaging with various digital assets, portals, and environments.  

Devices

Above all, it is so vital to secure the device you use to process data.

  • Put a passcode on your tablets and smartphones, or the use of face recognition or a finger id is ideal.
  • If you have a laptop, try to use fingerprint ID or, at a minimum, implement a strong password at the point of logging in.

Downloading Apps

Believe it or not, installing apps on your phone triggers one of the greatest threats to your data privacy.

  • When you install an app on your phone, it’s very important to carefully read the terms and conditions, specifically what data or other apps the app requests access to.
  • Don’t mindlessly click “allow all,” as many of these applications will be able to track your contacts, email, GPS location, and collect information about your internet browsing history.
  • If possible, opt-out of as much access to your phone as you can without preventing the application’s functionality.
  • You can always change the app’s permission levels via most phones’ setting menus. To check the apps tracking permission on your smartphone:
    • iPhone: Settings > Privacy > Tracking
    • Android: Settings > Apps & Notifications Menu > Tap the Specific App > Permissions

Disable WIFI and Bluetooth on your phone when not in use

Did you know some stores and locations that offer free Wi-Fi can track users’ activity if they use the Wi-Fi? Or, in some cases, they even track your movement throughout the store.

  • It is recommended to turn off Bluetooth and Wi-Fi features when you aren’t actively using them.
  • And in general, be very careful about using public Wi-Fi.

Updating your Computer or Phone

Keeping your devices up to date is one of the easiest things you can do to protect your data.

  • Enabling automatic updates on your phone and computer will ensure you’re always running the most up-to-date firmware and security settings. Security updates come out regularly and can significantly improve your device’s security posture.
  • Also, it is a best practice to delete any programs or apps you do not use or are out of date.
  • Overall, it is best to manage your device’s privacy settings proactively. To learn more, please visit staysafeonline.com to learn how to adjust your settings from some of the most common apps and websites.

Summary

As a business, Synergy is committed to protecting our client and employee data. Many tools are used to ensure our data security program is never static and constantly improving. The program is comprised of a combination of over-arching cybersecurity philosophies and frameworks, training programs, staff communication, and risk assessments to help maintain our protection from external threats.

As an individual, you can follow the above tips to help protect yourself and your data. It is encouraging to note that privacy laws will continue to evolve and protect people from predatory practices. While seemingly arbitrary, I always recommend making your client and family’s data privacy a priority.

Above all, be aware of what data is at risk of being exposed and be familiar with the tools you can use to protect privacy.

This article was drafted by Mitch Christian, Synergy’s Information Security and Infrastructure Officer. Mitch holds both the CISSP and CISM security certificates and is an active member of ISACA, an independent non-profit dedicated to industry-leading knowledge and practices for information systems, and (ISC)², an international non-profit membership association focused on inspiring a safe and secure cyber world.

References:

  1. https://www.cloudwards.net/data-privacy-statistics/
  2. https://arxiv.org/pdf/1804.08959.pdf