avatarLevent Mukan

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

3071

Abstract

t that way, regular awareness training is a must.</p><div id="a5a1" class="link-block"> <a href="https://readmedium.com/data-as-an-object-of-contracts-within-the-framework-of-competition-law-1-ba1f9bd559ce"> <div> <div> <h2>Data as an Object of Contracts / Within the Framework of Competition Law-1</h2> <div><h3>It’s going to be a brief story that explains Competition Law itself, practice areas of competition law, the historic…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*fpJtzGLOO8WGx3q4)"></div> </div> </div> </a> </div><h1 id="5a5a">2. Protection against cyber attacks</h1><p id="04fe">First things first, this won’t 100% protect you against cyber attacks. But it <b>helps</b> in this endeavor since human is the weakest link in cyber attacks. Most phishing attacks can easily be avoided with simple, regular training. Most attackers target people to penetrate a company’s defenses.</p><p id="7e4b">Having defenses is necessary, but they require input from people and if people are not aware, these defenses can not fulfill their potential and become a huge waste of money for companies. There’s also the additional cost after the attack, where the company will have to harden its defenses either through additional purchasing of tools or consulting (and also, potential fines).</p><div id="200f" class="link-block"> <a href="https://readmedium.com/cybersecurity-audit-1-322668664bfa"> <div> <div> <h2>Cybersecurity Audit — 1</h2> <div><h3>With the increasing number of cyberthreats, it is becoming critical for audit plans to include cybersecurity…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*f59bE_aC4kFKKJF5ijdvZw.png)"></div> </div> </div> </a> </div><h1 id="b94a">3. Reputation and trust</h1><p id="66bc">Most companies run on data input through their customers and employees. To provide any kind of data into a company, everyone’s priority is (and should be) <i>trust</i>. Do we trust this company to put our name, our primary e-mail address, our home address, or our phone number?</p><p id="c8c9">This trust may be based on simply instinct, some educated guess, or expert knowledge. Your reputation as a company will mostly affect people who have no idea about you, apart from external sources or stuff they hear in the news or social media.</p><p id="213d">To build trust and strengthen the reputation, there are a variety of measures that can be taken by a company. Training is one of them.</p><h1 id="0122">4. Building a security culture</h1><p id="d1b1">This is a notoriously difficult achievement, but also a marathon. Keeping

Options

awareness training active, using good practices and strong sponsorship from senior management may result in incredible progress in building a security culture in a company.</p><p id="d124">What happens when you have a security culture?</p><ul><li>Security is in your people’s minds, always. Easier privacy impact assessments, because ideas are always progressed with security in mind also. When someone comes with an idea of a mobile app, they will also come up with possible solutions to potential privacy threats, for example.</li><li>Increased situational awareness. If someone starts to get weird e-mails, IT will be informed immediately. They’ll ask around. Found external drives will be brought to IT before being tried, and IT will use a sandbox to try them. Increased situational awareness will decrease risk in return.</li><li>Awareness training will continue towards advanced training, where you will monitor your people’s status and further develop your security culture.</li></ul><p id="9dc9">With regular awareness training, your people (who are normally the weakest link) will become your first line of defense.</p><p id="a9e2">Follow us, and keep updated!</p><div id="874e" class="link-block"> <a href="https://readmedium.com/come-write-with-us-as-a-dataprofessional-or-enthusiast-771a641c4a48"> <div> <div> <h2>Come Write With Us as a “DataProfessional” or “Enthusiast”</h2> <div><h3>About DataBulls</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*Wsb7Biq1T3RXRCf2tK3hxg.png)"></div> </div> </div> </a> </div><div id="ac69" class="link-block"> <a href="https://tr.linkedin.com/company/data-bulls"> <div> <div> <h2>DataBulls | LinkedIn</h2> <div><h3>DataBulls | LinkedIn’de 304 takipçi Beyond Data Boundaries. A transparent community of data protectors consisting of…</h3></div> <div><p>tr.linkedin.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*4vfTh1mE0k9MDGvh)"></div> </div> </div> </a> </div><div id="45c9" class="link-block"> <a href="https://www.linkedin.com/in/leventmukan/"> <div> <div> <h2>Levent M. - Information Security Consultant - SabancıDx | LinkedIn</h2> <div><h3>View Levent M.'s profile on LinkedIn, the world's largest professional community. Levent has 13 jobs listed on their…</h3></div> <div><p>www.linkedin.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/)"></div> </div> </div> </a> </div></article></body>

Four Reasons to Increase Privacy Awareness in a Corporate Environment

Privacy is increasing in popularity in the last decade, along with increasing demand for personal data; both for corporations as an asset, and for people as a thing to protect.

Photo by Nathan Bingle on Unsplash

To keep this increasingly valuable asset protected and stored properly, one of the most important things a company must conduct is, without a doubt, proper internal training to increase general awareness. Keeping people updated on various applications or current tech is also nice and necessary, but general privacy awareness is very valuable for companies for many reasons. I’ll just pull four of them (in random order) for now.

1. Regulatory compliance

In the last decade, the importance of privacy is increasing rapidly. One of the results of this is regulators’ interference to step in for the problems that appeared. Companies’ tendency to sell personal data and advertising being increasingly aggressive towards the use of personal data makes this a necessity, so laws and regulations for privacy are increasing internationally.

Everybody knows the GDPR by now. There are still some countries without regulation, but we can easily say that they’ll also do something about that.

According to the GDPR Art. 39/1/b, one of the tasks (minimum tasks, these are not limited) of the DPO is as follows;

…to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

It can be easily seen that to monitor compliance in general, awareness-raising and training are counted as tasks of the DPO.

Also, if your company has ISO 27001 and wants to keep it that way, regular awareness training is a must.

2. Protection against cyber attacks

First things first, this won’t 100% protect you against cyber attacks. But it helps in this endeavor since human is the weakest link in cyber attacks. Most phishing attacks can easily be avoided with simple, regular training. Most attackers target people to penetrate a company’s defenses.

Having defenses is necessary, but they require input from people and if people are not aware, these defenses can not fulfill their potential and become a huge waste of money for companies. There’s also the additional cost after the attack, where the company will have to harden its defenses either through additional purchasing of tools or consulting (and also, potential fines).

3. Reputation and trust

Most companies run on data input through their customers and employees. To provide any kind of data into a company, everyone’s priority is (and should be) trust. Do we trust this company to put our name, our primary e-mail address, our home address, or our phone number?

This trust may be based on simply instinct, some educated guess, or expert knowledge. Your reputation as a company will mostly affect people who have no idea about you, apart from external sources or stuff they hear in the news or social media.

To build trust and strengthen the reputation, there are a variety of measures that can be taken by a company. Training is one of them.

4. Building a security culture

This is a notoriously difficult achievement, but also a marathon. Keeping awareness training active, using good practices and strong sponsorship from senior management may result in incredible progress in building a security culture in a company.

What happens when you have a security culture?

  • Security is in your people’s minds, always. Easier privacy impact assessments, because ideas are always progressed with security in mind also. When someone comes with an idea of a mobile app, they will also come up with possible solutions to potential privacy threats, for example.
  • Increased situational awareness. If someone starts to get weird e-mails, IT will be informed immediately. They’ll ask around. Found external drives will be brought to IT before being tried, and IT will use a sandbox to try them. Increased situational awareness will decrease risk in return.
  • Awareness training will continue towards advanced training, where you will monitor your people’s status and further develop your security culture.

With regular awareness training, your people (who are normally the weakest link) will become your first line of defense.

Follow us, and keep updated!

Data Governance
Databulls
Privacy Awareness
Training
Gdpr
Recommended from ReadMedium