Operations

1/26/2018
01:30 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Tips for Building a Data Privacy Culture

Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Previous
1 of 7
Next

(Image: Alfa Photo, via Shutterstock)
(Image: Alfa Photo, via Shutterstock)

Given the expanding threat landscape, security professionals may think that the public at large doesn't have a good grip on what counts as sensitive information.

But MediaPro's 2018 Eye On Privacy Report shows that the industry has made some progress.

For example, 89% of US employees rank Social Security numbers as most sensitive on a scale of 1 to 5, with 5 being the most sensitive. And another 76% rank credit card information as most sensitive.

Other evidence that employees are more aware than in the past: 87% chose to correctly store a project proposal for a new client and design specifications for a new product in a locked drawer. And nearly three-quarters of all respondents chose to either destroy an old password hint and an ex-employee’s tax form from three decades ago in a secure shredder.

"While we've made progress, I have to wonder about the 11% who didn't rate a Social Security number as most sensitive," says Tom Pendergast, chief strategist for security, privacy and compliance at MediaPro. "It would seem to me that the Equifax case from last year would have sufficiently alarmed people."

In honor of Data Privacy Day on January 28, here are key steps for creating a corporate culture of data privacy, based on interviews with MediaPro’s Pendergast and Russell Schrader, the new executive director of the National Cyber Security Alliance. 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.