Data Protection is Everyone’s Responsibility.
Statement by Muriana McPherson, CISSP, MBA, MSc. Cybersecurity Director, NDMA
Georgetown, January 28, 2024 – Data Protection Day or Privacy Day as it is called in some parts of the world, is observed on 28 January each year. At the NDMA we chose to commemorate this day to raise awareness about data protection. Data is crucial to the fulfilment of the role and objectives of all modern organisations irrespective of their size – whether those organisations are large enterprises, or small businesses, or medium-sized companies.
Organisations generally collect, store, process, use, and share data which includes their employees’ and customers’ personal identifiable information. In 2023, Guyana passed its first Data Protection Act to regulate the handling of personal data with the aim of protecting the privacy of individuals in relation to their personal data.
In this digital age, we understand that personal data can traverse the boundaries of an organisation’s network, and it can reside on a plethora of devices ranging from an individual’s mobile phone to an organisation’s on-premises server, to a cloud server in another country. To be effective, it is necessary for organisations, to make personal data accessible to employees and other stakeholders, while ensuring that the privacy of the individual data subject is maintained.
It is imperative therefore, that both organisations and individuals alike, understand the risk associated with the use of personal data, and ensure that prudent measures are implemented for its protection. Managing and securing personal data is one of the most complex and challenging tasks for any organisation or individual when contemplating the risk of personal data breach.
Data protection is important because it helps to reduce risk and enables a proactive response to associated threats. We are living in the age of targeted cyber-attacks aimed at stealing personal identifiable information especially financial and health data. This is an era where mobility and convenience of accessing data from anywhere using any device is the new norm. A period in which the prevalence of both trusted employees and others’ actions (unintentional or intentional) have resulted in personal data breach.
Below are a few basic tips that organisations and individuals can implement to protect personal data.
- Manage data access by establishing and enforcing policies surrounding levels of access granted to data users, with regular oversight.
- Given that attackers commonly take advantage of unpatched computer systems and software to gain access to personal data, it is crucial to promptly apply vendor-released patches and software updates to systems.
- Implement malware detection software. This is crucial in safeguarding against common internet-based threats, such as web-based malware designed to steal data.
- Ensure that personal identifiable data is encrypted both at rest, and in transit to prevent unauthorised disclosure.
- Enable multifactor authentication (MFA) as an absolute requirement for all applications and services that are used to access personal data.
- Implement network security controls such as firewall and intrusion prevention systems to regulate data flows, and to identify and stop known threat attempts.
For an organisation, it is important to familiarise yourself with the Data Protection Act of 2023. Keep an inventory of the type of personal data that you use, know where it resides, and how it is access and managed. Then apply appropriate protection mechanisms to safeguard personal data and maintain privacy.
No data protection strategy is complete without ample security awareness training for all who access and interact with your organisation’s sensitive data. It should come as no surprise that intentional and unintentional mistakes of employees, contractors and partners represent the biggest threat to data security and the most significant challenge in personal data breach prevention. Hence, proper training that covers data usage guidelines, password policies and common threats, such as social engineering and phishing scams, should be conducted regularly.
Data Protection is everyone’s responsibility. For more information on protecting your data, you can access the National Data Management Authority’s Website (https://ndma.gov.gy/) and our Facebook page (https://www.facebook.com/NDMAGuyana/), the Computer Incident Response Team website (www.cirt.gy), and the Get Safe Online website (www.getsafeonline.gy).
– End –