With many organizations moving their operations online over the last year, consumers’ and employees’ privacy concerns are also on the rise. These concerns are especially crucial for businesses that are maintaining a remote or hybrid workforce.
Companies operating fully or partially remotely must take extra precautions to protect their employees' and organization’s private information. To that end, the members of Forbes Business Development Council share 14 tried-and-true strategies leaders can take to combat potential privacy breaches. Follow their tips to help bolster your business's internal cybersecurity practices.
Members of Forbes Business Development Council recommend strategies for handling and preventing privacy breaches in a business.
Photos courtesy of the individual members.1. Hire A Privacy Team
Invest in privacy teams. This will allow consumers to participate as regional, national and/or international observers providing real-time reports on emerging threats. - David Fanning, Paralyzed Veterans of America
2. Install Data Authentication Systems
Building a strong firewall and checking it frequently to make sure that it is not vulnerable can combat breaches. At the same time, companies have to implement a data authentication system for data security. Companies can verify the data requested by the user with a message, email, call or RSA token. - Sandeep Kumar Pothuraju, Emonics, LLC
Forbes Business Development Council is an invitation-only community for sales and biz dev executives. Do I qualify?
3. Backup Information On A Second Hard Drive
Privacy is at the top of all minds within the healthcare sector. Personally, we host two separate hard drives—stored in two locations—and back up data on a weekly basis. Any written communication with patient information is encrypted or faxed. We do not respond to emails with patient information, as it will identify that we know this individual, therefore exposing that they may be patients. - Maria Wu, Maud Medical Inc
4. Create A Confidentiality Policy
Companies should have an electronic and e-business security, privacy and confidentiality policy document as a minimum, or a policy-as-code as a superlative capability. Once they have a policy of expectations, requirements and preferred behaviors, they can use this to measure the characteristics of the online services provider’s or cloud company's privacy policy to see if they measure up. - George Earle, Thoughtworks Inc
5. Educate Employees About Privacy
Not only should you be concerned with online services, but there should be concerns with privacy and employees working from home. When you call a call center and need to verify personal info, what setting is that work-from-home employee in? What device are they inputting your social security number on and has it been compromised? Companies need to ensure best practices to protect info. - David Strausser, Vision33
6. Find A Reliable Service Provider
Privacy is a serious topic, though at the same time, a good cybersecurity specialist is a scarce resource. Picking up a reliable security services provider would be the right first step to define strategy and tactics on how to handle sensitive data. Do an initial audit, apply any corrective actions and maintain the policies moving forward. - Gregory Lipich, InfoSec Global
7. Stay Up-To-Date On Industry Advancements
Education on combating privacy breaches with the appropriate industry vendors based on their current setup is vital to making sure they are protected online for all business and consumer transactions. Keeping up with industry changes and legislation is key to staying on top of internal changes that need to be made on an ongoing basis to keep up with the bad actors. - Jack Wagner, Hawk Ventures
8. Keep Business And Personal Data Separate
Separate your business and personal accounts; not just bank accounts and credit cards, but emails and data storage, too. Keep them apart and have unique passwords for everything. You don’t want someone hacking into your personal email and suddenly having access to sensitive business data. Make sure employees also follow this practice. It only takes one small error to expose the whole company. - Sarah Knapp, Spruce Technology
9. Add A Chief Data Officer To Your Team
Companies can establish a Chief Data Officer position responsible for the company's overall data strategy, including data breaches mitigating. Or, promote a digital culture among employees—which means continuous efforts of working-with-data improvement and elaborating digital literacy. The better employees collect, store, organize and access data, the less the risk of privacy breaches. - Yulia Koroleva, Code Inspiration
10. Implement Continuous Training
Beyond partnering with a great information security firm, be sure your employees are trained on how they play a role in the company's security. Having worked in the information security (infosec) field for years, we know that the end user is the weakest link. Ongoing training for employees at all levels is essential and much less costly than cleaning up after a breach. - Lauren Mieli, Prudent Pet Insurance
11. Remain Vigilant Against Threats
Employee education in what is acceptable data usage and on the ways in which hackers may attempt breaking into systems or obtaining information is very important. It happens relatively often that people enable such breaches because of lack of awareness, as the attacks have become more targeted and resemble real communication, either from individuals they know or about topics that seem relevant to them. - Doina Popa, UiPath Inc.
12. Reconsider Data Collection Policies
Do you really need to keep all that data about your customers? Businesses should only collect the minimum amount personal data needed for the business process at hand. Focusing on data about customer behavior and preferences is what's most valuable, not the different addresses and phone numbers they use. - Tamas Hevizi, Automation Anywhere
13. Limit Access To Valuable Data
Companies should implement better access controls so only a very select few have access to the valuable data—and they should have better controls in place such as two-factor authentication to limit the exposure further. Companies should implement data encryption and network encryption for valuable data as well. - Dhiraj Chhabra, BuzzClan
14. Form A Team Internally
Create an internal team that actually tests for breaches across points of vulnerability, such as employee laptops. A dominant work-from-home model demands such an approach. These teams must be empowered to seek out lax approaches so they can test customer data privacy failure before it actually happens. - Vijay Sundaram, Zoho Corporation
