Skip to main content

Back to Blog

Data Privacy Day: Five Defensive Strategies for Businesses

Data Privacy Day is a chance for businesses to engage with their customers and clients in a way that builds trust, inspires customer loyalty, and enhances the business’s reputation. 

When an organization demonstrates that they care about protecting consumers’ privacy–they are in effect letting clients know that their information, data, and choices are safe with the business.  

In 2022, this sense of security will become even more important from a growth and reputation standpoint. 

Here are five steps businesses should take for customer safety and satisfaction. 

  1. Start Where You Are! 

When approaching change, it’s crucial to know where you stand. Start by checking the security of your company passwords with Enzoic for Active Directory Lite. By using AD Lite, you can access Enzoic’s proprietary database of exposed passwords that gets updated every day. Comparing them to your company’s credentials will allow you to spot common and weak passwords, passwords found in cracking dictionaries, reused passwords, and more. Understanding your vulnerability to password attack can help you allot appropriate budget and staff time to address this cybersecurity issue. 

  1. Follow NIST Guidelines

The National Institute of Standards and Technology (NIST) regularly releases broad guidelines for cybersecurity changes companies can make. In the most recent publication, there were some surprising recommendations. Staying on top of guidance from NIST can help your company stay ahead of cyberattacks. Some of the NIST suggestions include the elimination of periodic password resets, getting rid of the arbitrary character complexity rules, and scanning for compromised credentials. 

  1. Enforce Secure Passwords 

While creating strong passwords used to be about how many different types of symbols a login required, there are more effective ways for a company to engage with strong password creation. Over the past years, research has repeatedly shown that the majority of people reuse passwords, as well as using one root password and making minor changes to it to satisfy requirements. This is a dangerous habit that companies should discourage. Requiring employees to use a password manager will help encourage the use of unique passwords, as users won’t feel they need to remember something complex. 

  1. Require Multi-factor Authentication

Multi-factor Authentication (MFA) is a widely available way of building a second layer in a cybersecurity defense, but voluntary use is low. Users are highly unlikely to add this layer of security themselves. Requiring MFA is the best way to address this, and normalize the double layer of security. When cybercriminals note that MFA is in use, they may also be deterred, reducing the risk of attack before it even happens. However, MFA is not entirely invulnerable either. MFA may help only as part of a comprehensive and ever-evolving cybersecurity strategy.

  1. Scan for Compromised Credentials  

Based on NIST guidelines as well as the need for efficiency, screening for compromised credentials is a game-changer for businesses in any industry. Checking passwords at the moment of creation to ensure they are not already part of a breach can help both users and businesses decrease the likelihood of successful credential stuffing attacks and account takeover. Additionally, with Enzoic, businesses can continuously monitor user passwords and be alerted when one becomes unsafe. 

While in an ideal world every individual would be able to keep themselves and their data safe, the reality is that the digital landscape is too complex and shifting for that to be the case. Instead, businesses of every size need to help protect their clients and themselves, by protecting consumer data. 

Personally Identifiable Information (PII) is a huge target for cybercriminals so no industry is safe from attacks.  The upcoming year is likely to hold several changes in privacy law and regulations that will address this–even over the last eighteen months, the industry has seen major shifts happening in reaction to huge data breaches, compromised credentials, and ransomware attacks. 

But there is no time to waste. It’s time for enterprises to tighten their defensive strategies before it’s too late. Make 2022 the year that data privacy becomes a top priority for your business.