Expert Tips to Protect Personally Identifiable Information (PII)
Protecting personally identifiable information (PII), while staying audit-ready for a growing number of state, federal, and global data privacy regulations is no easy task for IT teams. While the goal feels frighteningly out of reach at times for many organizations, there are a few back-to-basics data privacy tips that can help you stay ahead of the long chase.
3 Tips to Protect PII
- See everything. Reducing your risk exposure starts with comprehensive IT asset management. But when mapping out your long list of IT assets, keep in mind each one represents far more than the visible machine. Beyond the basic hardware, you must consider how the asset encompasses not only devices but also data, apps, and users. Taking it one step further, identify all asset locations, how they're being used, and by whom.
Read Why IT Asset Management is key to Data Security
- Analyze the risk. PII is spread across more endpoints than you think. To identify all the pockets where sensitive data resides, use lexicographic crawling — the equivalent of Google for all of your endpoint data – that will alert you to any data hiding out there in dark corners. This step sees you transitioning from a mindset of traditional IT asset management to one of embracing assets as providing an intelligence service for your organization.
- Apply rapid response. You need the ability to find data for individuals who request you delete it, for regulators who require proof of protections, and validation that you are mitigating exposures quickly and, of course, before hackers can gain unauthorized access to it. Make sure you can reach any device with fine-tuned commands to restore privacy protections and meet applicable legal requirements that demand proof of protections and validation that you are mitigating exposures quickly.
Data privacy is continually growing in urgency as hackers get smarter and change their tactics, and global laws – like GDPR – are being created and enforced. So, how should your organization stay on top of this evolution? Promote a strong data privacy culture across your organization and maintain vigilance over your data privacy strategies.
For more information and expert tips on how to improve your organization’s data privacy efforts, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
Video Transcript:
Welcome back! Josh here from Absolute. In our last episode, we looked at the latest in data privacy. Now, let's consider how to maintain privacy with confidence.
In 2018, 33% of successful attacks targeted personally identifiable information.
At the same time these criminals are doing their thing, data privacy regulations are popping up all over the world.
You're trying to win the battle on two fronts: defeat would-be attackers and stay audit-ready for regulators. That's hard.
But here are some tips to meet the challenge for your IT and security teams.
First, see everything. Try to think of IT assets as more than just machines - physical or virtual - and consider a new definition of 'asset' that embraces devices, data, users, and apps.
Start by pinpointing all the places these assets are and how they're being used.
This moves us away from run-of-the-mill IT asset management into a mindset that sees asset management as an intelligence service for your organization.
Having scooped up all that asset intelligence, let's identify all the pockets of sensitive data.
Now that we can see the landscape, we need to start crawling through the assets to find sensitive data.
The preferred technique is called lexicographic crawling, because the crawler is continuously looking for key data markers like names, addresses, phone numbers, and other personal identifiers. When you get a 'hit', you know where the data is camped.
Now that we've located sensitive data, we move on to our next step: analyze the risk.
By assessing the risks that are unique to your organization, you're able to rationalize which follow up actions are needed based on risk tolerance, instead of assumptions or intuition.
This brings us to the final step for protecting data privacy: rapid response. Most of the legal requirements demand proof of protections and validation that you are mitigating exposures quickly.
We need the ability to REACH any device with fine-tuned commands to restore privacy protections.
By automatically regenerating controls, apps, or agents when they're disabled, you're positioned to thwart the criminals and bring smiles to the faces of regulators, auditors, and most of all...those individuals whose data you have.
Protecting privacy is a moral concern because it has the potential to cause harm to real-life people, but with the steps we've outlined here, you can be audit-ready and withstand the onslaught of cybercriminals.
Pull every asset into view, crawl for sensitive data, analyze the 'hits' for risk, and respond in an instant to restore protection.
Be sure to subscribe and don't hesitate to drop your comments below. I'll see you next time!
