"Data Privacy Day?"
Did you know that January 28th was "Data Privacy Day?" We didn't either! However, a few organizations did "celebrate," particularly the Online Trust Alliance (OTA) by releasing its 2011 Data Breach and Loss Incident Readiness Guide: The OTA Data Brach Incident Readiness Guide aims to raise awareness of the severity of a data breach while helping businesses and organizations prevent and mitigate data security and privacy crises. Walking readers through the key points of designing a Data Incident Plan (DIP), the guide offers insights, prescriptive advice and actionable recommendations for businesses of all sizes. The guide aids businesses in creating an internal plan for what to do in the aftermath of a security breach. Providing plan fundamentals such as creating a 24-hour response team, developing vendor and law enforcement relationships, and ideas for a crisis communication plan, the OTA readiness guide gives key insights into questions that companies need to ask themselves to ensure they are taking all the precautions they can. While the guide has a lot of sound ideas to put together an effective plan, and even goes as far as to identify issues with "data at rest," it has a glaring omission- data masking as a solution for protecting data itself. Here's what they do outline: Security Best Practices ï‚· Use of Secure Socket Layer (SSL) for all data collection forms ï‚· Extended Validation SSL Certificates for all commerce and banking applications * ï‚· Data & Disk encryption ï‚· Multilayered firewall protection ï‚· Encryption of wireless routers ï‚· Default disabling of shared folders ï‚· Dual factor authentication to limit or control access ï‚· Security risks of password re-set and identity verification security questions ï‚· Upgrading to browsers with integrated antiphishing and anti-malware ï‚· Email authentication to help detect malicious and deceptive email and web sites ** ï‚· Upgrading to current browsers ï‚· Enabling privacy and data collection controls ï‚· Automatic patch management for operating systems, applications & add-ons ï‚· Inventory system access credentials ï‚· Remote wiping of smart phones ï‚· Use of DNSSEC (Domain Name System Security Extensions) Encryption as a standalone data security method is not only an antiquated way of thinking, it offers a false sense of security that can be costly for businesses later.