Do you have good privacy practices?

privacy awareness week 2020

Australian businesses are revamping their operations to cope with the challenges presented by the COVID-19 pandemic. Working from home, in particular, has become a crucial initiative among many organisations. As more business activities and interactions are moving online, protecting personal information is more vital than ever.

Privacy Awareness Week (PAW) is an annual event that highlights the importance of such issues and discusses essential cybersecurity measures.

The Office of the Australian Information Commissioner (OAIC) runs PAW in conjunction with state and territory regulators, and the Asian Pacific Privacy Authorities Forum. This year, PAW will take place from May 4 to 10. According to the OAIC, the event will serve as a reminder for businesses to “reboot their privacy.” Here’s what that entails.

Implementing good privacy practices

Privacy Awareness Week encourages businesses to make appropriate changes to information handling practices. For starters, businesses should collect only necessary personal information, and dispose (or de-identify) information if it’s no longer required. Financial records, for example, should be deleted after seven years to minimise liabilities if your database was compromised.

Since many privacy breaches are caused by mistakes like unauthorised disclosure of information, data sharing procedures must be improved. Everyone — from executives to employees — must know what data is deemed confidential. There should be guidelines about sending personal information via email or phone call. What’s more, the OAIC advises businesses to check account privacy settings, delete unused profiles, and wipe data from old devices.

You must also be transparent with clients regarding how personal information is handled. More importantly, if there are any privacy breaches, you must have a plan for promptly notifying the OAIC and any affected parties.

Utilising strong privacy controls

Another step to rebooting your company’s privacy is implementing a strong cyber security framework that includes:

  • Firewall and antivirus software – Firewalls block network-based attacks from reaching your devices and data. Meanwhile, antivirus software detects and removes harmful programs like spyware and keylogger malware.
  • Cybersecurity assessments – Reviewing the security settings of your accounts, applications, and devices identifies and mitigates privacy risks.
  • Password manager – Tools like 1Password and LastPass help employees create and remember long and complex passwords for their accounts.
  • Multifactor authentication (MFA) MFA provides an extra layer of account protection by requesting for additional login credentials aside from passwords. These could be in the form of SMS passcodes or facial ID scans. Whatever authentication factors are used, hackers won’t be able to break into company accounts by guessing passwords alone.
  • Access management – Security platforms like Duo let you set access restrictions based on employee authorisation levels, devices, and applications to prevent the misuse of data.
  • Secure browser – Popular web browsers like Google Chrome and Microsoft Edge have private browsing modes that delete cookies and clear browsing history at the end of each session. Also, make sure to update your browsers regularly and evaluate third-party browser extensions before enabling them.
  • Virtual private network (VPN) – VPNs hide incoming and outgoing traffic with military-grade encryption. As a result, online activities and sensitive data sent along your network are inaccessible to cybercriminals.

Security training for employees

In addition to strong privacy policies and controls, you must train employees to be more careful about online privacy. They should watch what they share on social media, verify recipients before sending personal information, and be careful of online scams.

When browsing the web, encourage employees to only access websites prefaced with HTTPS or a padlock symbol. This indicates that the website is SSL-certified and encrypts data submitted by the website visitor.

Finally, your employees should configure privacy settings for apps and devices. Disabling geotagging and camera access are especially important for preventing third-party tracking. Plus, if employees are using vulnerable applications like Zoom, having weak privacy settings can result in a devastating security breach.

How Empower IT Solutions can help

Protecting your company’s privacy is a massive undertaking that can’t be done in a single day. Privacy controls, policies, and training must be constantly updated. To promote better privacy awareness, the OAIC is offering PAW supporters toolkits like social media tiles and web banners. However, if you want to take privacy further, partner with Empower IT.

As the leading Australian managed IT services provider, we can help your company reboot its privacy. We provide dynamic cybersecurity solutions, expert recommendations, and security training. Call us now to ensure the confidentiality of your data.