Skip to main content

Rod SmithI attended a Certified Professional Education (CPE) conference out-of-state.  My group’s assigned topics evolved around data privacy and data security.  As we shared introductions, I recognized that some folks in our group spoke interchangeably of the two.  However, data security focuses more on the enforcement side of data and data privacy aligns with policy control and access.  As our discussion continued, one person at our table naively said that he couldn’t relate to these topics because they weren’t a concern of his and these basics weren’t a priority for his company – even though his company specialized in billing services.  His statement sent chills down my arms – it seemed as if he didn’t really understand the topic or the vulnerabilities involved with his own business. It made me realize how ill prepared most organizations are in addressing internal controls matters and bringing appropriate awareness to their employees about data safety. That person’s lack of interest and awareness of how these topics impacted his job showed a weakness in his organization’s controls.

There were a couple of items that that I brought away from this event and wanted to share with you:   Be sure your organization is talking about these two topics and realize that you can’t address one without the other.  The better internal control systems will offer:

  1. awareness through education/training
  2. strong policies
  3. enforcement and
  4. preparedness.

Here are some topics of discussion that I’ve pulled from an Association of Fraud Examiners (ACFE) archives on cyber incidents and the CIPHER blog that you might want to share with your colleagues:

These are issues that must be addressed when training your staff against a cyber security breach:

  • Failure to escalate incidents
  • Failure to identify root cause
  • Fixing versus investigating mindset
  • Segregation of duties and institutional conflict of interest
  • Failure to deploy and properly use purchased security tools
  • Incident tracking
  • Insufficient log duration and endpoint visibility
  • Insufficient mitigation

Data privacy challenges:

  • The growth of data is exponential
  • Cost of maintaining data privacy
  • The number of open vulnerabilities
  • Advanced technology landscape
  • Human errors

For more education on how to up your security knowledge on data privacy:

Take a Pew Research Quiz, from the Pew Research Center, a non-partisan fact tank that informs the public about issues, attitudes and trends shaping the world via public opinion polling and demographic research:

And read this article from US CyberSecurity, a blog based in Baltimore that specializes in security.

Comments are closed.