Categories: Workspace

I’m With Stupid: The 5 Dumbest Privacy Mistakes Companies Make

Global businesses are reevaluating their data privacy programs this year as new privacy regulations targeted at businesses take effect.

The European General Data Protection Regulation is a new privacy regulation with fines as high as four percent of annual global revenue for companies that fail to safeguard data of EU citizens and residents.

In the US, 16 states recently introduced new, ACLU supported data privacy legislation. In spite of efforts to improve privacy protections many enterprises are not doing enough to protect consumer data.

Tim Erlin, director of IT risk and security strategy for Tripwire, said: “Data privacy day is a great opportunity for organisations to reevaluate their privacy program.

“Privacy is often treated as part of larger security initiatives. While this approach addresses some key privacy issues, others may not get the attention they deserve.”

According to Erlin, the top five data privacy mistakes businesses make are:

  1. Keeping anything other than essential consumer data

Many companies keep a lot of customer data in case they need it ‘someday’. While this approach may seem prudent this data can easily become a major target for cyber attackers and, because it isn’t business critical, it may not receive the same protections as other, more sensitive data.

2. Failing to encrypt customer data

While there are some regulatory requirements for encrypting customer data, companies need to establish internal processes to keep data encrypted. Leaving customer data unencrypted makes it much easier for attackers to grab.

3. Not securing access paths

Encrypting customer data is important, but it must be decrypted for use in an application at some point. Attackers will aim to compromise the applications that use customer data in order to get to that data. “Don’t worry, the data is encrypted,” is a dangerous mind set.

4. Failing to patch known vulnerabilities

Security experts may be more interested in the technical analysis of the latest malware, but successful attacks are more likely to exploit the three year old web server vulnerability that gets them access to high value data. Patching systems isn’t glamorous but it’s essential to protecting data.

5. Not monitoring and controlling simple misconfigurations

More than one of the breaches that have been in the headlines recently has been the result of a misconfigured database or server. If you’re not monitoring sever configurations for change, you have a blind spot in your security that attackers can leverage.

How much do you know about data privacy? Find out with our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

4 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

4 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

5 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

5 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

6 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

6 hours ago