by Daniel J. Solove
We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . .
The number of data breaches keeps rising. This year, there are 20% more than at this same time last year.
How should organizations be responding?
After reviewing countless data breaches, I’ve come to the conclusion that there are two things that can most help prevent data breaches.
First, upper management (often called “the C-Suite”) must truly understand the risks, the law, and the importance of good data security and privacy.
Second, significant attention must be given to addressing human behavior, which is the biggest data security risk. The best way to address human behavior is through effective training.
The recipe can be summed up in a simple rhyme:
- The C-Suite must care
- The workforce must be aware
These two things are the best preventative medicine.Ultimately, these two things are really about one thing: Data protection must be part of the culture of an organization. Data protection must be felt in the bones of an organization.
I say “data protection” because the term encompasses both security and privacy. Both are essential and go hand-in-hand.Strong data protection comes from both the top and the bottom.From the top, upper management understands the risks and provides the appropriate resources.From the bottom, all employees at every level know how to do their part to ensure strong data protection.
Much more work needs to be done at both the top and the bottom. At the top, the C-Suite needs a better understanding of the risks and the law. And much more can be done to improve workforce awareness. I will explore some of these issues in future posts. If you’re interested, I recently gave a webinar called Data Security: Risks, Law, and Human Behavior at BrightTALK, where I discussed some of these issues. You can see for free – it’s archived here.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security awareness training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 800,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter
Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security