In honor of Data Privacy Week, each day this week Miller Nash is releasing one of our top five recommendations for where businesses should focus their privacy compliance efforts in 2024. If you need assistance reviewing your company’s compliance with privacy and data protection obligations or updating your policies and procedures, please contact our privacy & data security team.
Review Password Hygiene
Security includes physical, technical, and administrative controls.
You can do your absolute best to implement key card access systems, firewalls, intrusion detection systems, encryption, multifactor authentication, role-based access controls, patch management policies, regular penetration testing, and incident response tabletop exercises, etc., but are then thwarted by simple mistakes made by non-technical employees.
Stress to your employees the importance of not re-using passwords, especially by using the same password in both their personal and professional lives. It’s easy to create passphrases with just a slight tweak so that a unique password is used for each website/account. Credential stuffing is a real risk (see yesterday’s post and thank your cybersecurity team for protecting your systems) but it’s not a good look to blame customers for a data breach when hackers use recycled passwords to access personal data under your control.
Read other Data Privacy Week Series posts: Check Your Policies and Procedures Against Legal Updates
This article is provided for informational purposes only—it does not constitute legal advice and does not create an attorney-client relationship between the firm and the reader. Readers should consult legal counsel before taking action relating to the subject matter of this article.