As an AV integrator in 2018, you cannot be as clueless about the value of data privacy as Senator Orrin Hatch was about the existence of advertisements on Facebook during the Mark Zuckerberg hearing (see the video above). In light of the Facebook privacy hearing, we thought we’d take a moment to remind integrators why you are responsible — at least in part — for your customers’ privacy with these data privacy tips.
An increased focus on data-driven business in several key AV markets is all the more reason to consider these data privacy tips.
Here are a few data privacy tips in light of the Zuckerberg hearing:
Small businesses are targets, too
One of the largest shifts in data leaks in 2017 was a re-focusing on the size of businesses that are regularly targeted. “As larger organizations take additional steps to protect their data, cybercriminals will turn their focus towards stealing data from “smaller” targets,” says Will Quick from law firm Brooks Pierce.
People are a serious problem
Human error causes a significant chunk of data breaches, emphasizing the need for businesses to train their staff in best practice and increase awareness on the level of risk. Businesses need to treat cybersecurity as a shared responsibility that is part of everyone’s duties.
Unintended disclosures — such as health customer data collection passed over to the wrong patient, or a cloud server being misconfigured to allow public access — are, at the end of the day, incredibly preventable.
Privacy policies should be considered internally AND externally
What is your policy for handling employee and customer data. How is it used and how is it stored? This should be available to any/all that ask.
BYOD is a potential failing point
Many companies have employees on their personal devices messaging customers, downloading attachments to emails and storing data on their devices without any sort of mobile device management solution.
This isn’t necessarily something that needs to be eradicated, but it shouldn’t be ignored.
Important security questions to consider:
- Which users, devices, applications, and data centers need a connection to an IoT system? How will that access be granted and managed?
- Does the IT team, with its projected resources, really have the ability to own tasks like micro-segmentation and policy orchestration in-house?
- Does the organization currently employ a prevention-focused security strategy? Should prevention efforts fail, how will the organization detect a security incident or breach?
- Should this project utilize a software-defined perimeter for greater network security and management?
- Of all the potential security risks associated with this IoT system, which pose the greatest threat to the business?
- What is the worst-case security scenario associated with this project? How likely is that scenario? How would the company eliminate the possibility of such an outcome, and what investment would be required to do so?