PLAN AHEAD

Incorporate privacy and security from start to finish.
Thinking about the data you will collect and store while you design your product or service is only one part of “baking in” privacy. You also need processes in place to address issues that might arise in the future. Save time, money, and even your reputation by maintaining privacy and security practices that are holistic, regularly re-evaluated, and prepared for potential data security issues and legal demands.
GROW YOUR PRIVACY AND SECURITY TEAM ALONGSIDE YOUR PRODUCTS.

The assignment of key personnel to oversee privacy and security issues is a great way to proactively address problems and maintain consistent practices throughout a product’s lifecycle. For large companies, there might be multiple people whose primary role is to protect privacy and security, including a chief privacy officer and/or chief information security officer, a dedicated privacy group, and specific members of each product team focused on privacy issues. But even two-person startups can benefit by making sure that someone is specifically responsible for thinking about privacy and security issues so that they aren’t ignored until it’s too late.

Case Study

Target Sued, Accused of Lack of Security Focus After Massive Data Breach

Target was hit with a class action lawsuit and widely criticized for its inadequate security practices after hackers stole credit card and sensitive personal information about tens of millions of customers.

Target failed to heed several warnings from its security monitoring tools specifically designed to detect an intrusion as information "gushed out of its mainframe." Security officials noted that the company’s lack of a Chief Security Officer and "security-oriented culture" rendered it incapable of adequately responding to the incident. As a result, Target’s profits and consumer trust dwindled while it incurred lawsuits and costs that "could run into the billions.”

Case Study

LinkedIn Criticized for Poor Security Practices in Aftermath of Breach

LinkedIn was heavily criticized after hackers obtained nearly 6.5 million passwords and posted them on the web.

LinkedIn was heavily criticized after hackers obtained nearly 6.5 million passwords and posted them on the web. Even though LinkedIn immediately acknowledged the leak and attempted to patch up its security, the company was criticized for its previous lax attitude toward security, including its lack of key security personnel, which resulted in the company being unprepared for a preventable attack.

RE-EVALUATE YOUR PRIVACY AND SECURITY PRACTICES WHEN YOU MAKE MAJOR CHANGES.

Failing to recognize your changing privacy and security needs as your company and products evolve can create new risks for your users and your reputation. Instead, use regular assessments to evaluate and update your privacy and security practices. Assessments should take place before a new product is launched and whenever major changes are implemented.

WORK WITH OUTSIDE EXPERTS TO IDENTIFY AND ADDRESS PRIVACY AND SECURITY RISKS.

Seeking and accepting advice from outside your company can bring a new perspective to your privacy and security risks, helping you identify and fix potential problems before they impact your users and your business. Consultants and independent researchers can help you identify flaws in your products or your infrastructure and fix them before they lead to a major incident. Work with researchers who responsibly disclose flaws in your product rather than risk a public relations disaster by trying to silence their work.

Case Study

Tesla Accelerates Security Fixes by Cooperating with Researchers

Tesla was able to quickly address a vulnerability in the software for one of its cars by cooperating with researchers who discovered the flaw.

Tesla was able to quickly address a vulnerability in the software for one of its cars by cooperating with researchers who discovered the flaw. Even before the bug was known, Tesla implemented a “coordinated disclosure policy” to pay researchers for finding and submitting vulnerabilities. When researchers found a security hole in one of Tesla’s cars, Tesla quickly fixed the problem and publicly thanked the researchers by co-presenting with them at a conference. The company enjoyed praise by industry experts and the public for its strong pro-security stance.

 

 

Case Study

CyberLock Accused of “Abuse of the Legal System” After Threatening Researcher

Electronic lock maker CyberLock drew harsh criticism for its “abuse of the legal system” when it sent threatening legal letters to a researcher to prevent him from publicly revealing his research about its products.

Electronic lock maker CyberLock drew harsh criticism for its “abuse of the legal system” when it sent threatening legal letters to a researcher to prevent him from publicly revealing his research about its products. The researcher uncovered security flaws that undermined the protections promised by CyberLock’s locks and notified the company of his findings. In response, the company slapped the researcher with threatening legal letters to discourage him from publicly revealing his research, sparking media criticism and outraging members of the security community.

Share This: