What is private Information and what is not?
Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.
This means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.
So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.
And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.
But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.
Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.
Tips for Training Employees on Security Savvy
- Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
- Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
- Show management is invested. Behavior changes start from the top down,
- Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
- Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
- Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
- Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.
Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.