When it comes to effective cybersecurity risk management, continuous improvement is what it’s all about. These include improvements like leading edge detection of new attack signatures, the expansion of incident response playbook coverages and the addition of multifactor authentication for more applications. It can also include the addition of data privacy components to role-based security training provided to employees.

Data privacy focuses on when, where and how personal data is collected, shared and used. Security, on the other hand, is more about protecting personal and other data from unauthorized access, sustaining data integrity and ensuring that the data is available for its authorized purpose.

It’s clear that data privacy and security go together, but with data privacy being the ultimate reason you invest so much in cybersecurity protections, how much stronger could employees’ resistance to phishing and other social engineering attacks be if they are more aware of this?

Think of it this way: You want employees to master your security processes and technology; is there a reason why you wouldn’t also want them to also embrace the reasons why?

Best security management practices include periodically refreshing security awareness training content so that it’s up to date and covers all relevant current threats and attack tactics. The next time you do this, please take the opportunity to also supplement your curriculum with coverage of the data privacy goals and requirements relevant to your organization.

Next steps

Identify relevant data privacy goals: See what your organization’s mission statement and business strategies say about valuing and protecting the interests of your customers. In today’s customer-centric business climate, it is customer caring and commitment that drive data privacy goals.

Identify relevant data privacy requirements: Review relevant data privacy laws and regulations to ensure you’re focused on compliance. The U.S. Computer Fraud and Abuse Act and the Children’s Online Privacy Protections Act apply to all industries. All 50 U.S. states now have data-breach notification laws, and sectoral regulations such as GLBA and HIPAA could also be important.

Build enhanced data privacy coverage into security training curricula: Apply the knowledge you gain within the action steps above to outline 8and summarize your knowledge for sharing with others via the slides or in-person presentations you use to deliver security training to your colleagues.

Share the reason why: It’s generally accepted that adults learn new things best when they also understand the reason why they need to learn. Thus, be sure to introduce the new data privacy elements in your enhanced curricula and place them in perspective for your students.