Throughout the past year, cyber security and privacy have been at the forefront of news headlines around the world, from Target to JPMorgan Chase and NSA to Facebook. There is a continuing balancing act to sharing information that we choose to share and with whom we choose to share it, and at the same time protecting information we wish to keep private. Living in our increasingly social world has and will continue to present a paradox with personal privacy. At the same time, organizations worldwide are constantly looking for new and innovative ways to organize and manage enterprise-wide content and knowledge to facilitate collaboration and reduce costs. However, these central information repositories may also become a treasure-trove of potentially sensitive and unprotected information within many enterprise organizations. This trend makes these environments potential targets for attacks and cyber-threats.
With the increase of cyber security risks and information breaches, it is imperative that compliance, governance, and cyber assurance solutions for your collaboration systems are strongly established and sustained. Information can be used in unintended ways, and cyber security is a shared responsibility between consumers, businesses, and government organizations. That responsibility starts with education, which is why we as a company are a proud champion of National Cyber Security Awareness Month, taking place throughout October.
To that end, we have been working on several educational and public outreach initiatives in order to help bring security and privacy awareness to the forefront of the minds of both consumers and enterprise organizations.
For Developers and Consumers
For individuals, the web is now an important part of many of our personal and professional lives. How many times have you used a website to buy something, fill out a form, or bank online? Did you ever wonder if your information was safe? What if your information was stolen? How likely would you be to trust that company again? If companies have a compliance issue on their website in this day and age, it is not long before the whole world knows!
Compliance Detector is a free educational testing tool that can be used by developers to improve the compliance of the content they are building and to learn about the importance of incorporating site quality, privacy, and accessibility by design as part of their development efforts.
The tool can also be used by consumers to educate themselves about the websites that they frequent. As a consumer, Compliance Detector can help you “look before you leap” into a website to validate if your favorite online store has an up-to-date privacy policy, if it is using tracking technologies that record your every move, and if it is fully accessible to all users.
While no automated testing tool can ensure that a website is fully compliant, Compliance Detector has helped to raise the bar through education and awareness for developers and consumers alike.
To begin using Compliance Detector today, please visit www.compliancedetector.com.
For Privacy and IT Professionals
In order to educate and help organizations with matters related to the important areas of risk and privacy, AvePoint and the International Association of Privacy Professionals (IAPP) combined forces to design, develop, support, and enhance the industry’s first free, fully-automated system for conducting privacy impact assessments: the AvePoint Privacy Impact Assessment System (APIA). APIA is developed by AvePoint and distributed exclusively by IAPP.
In order to have a more secure environment, there are a number of specific steps that organizations can take. The first of these steps is to understand your “as is” environment. Laws and regulations are based on data protection and security principals that are not typically not organization specific. Unfortunately, when it comes to implementing or complying with those laws, too often, internal policy is created based on an interpretation of the law without a real life understanding of how business users within the organization are utilizing IT systems (such as SharePoint, file shares, or social systems) that hold the information that may be at risk.
As an example, many organizations create policies with strict directives (e.g. no highly sensitive data is allowed), but they have built that policy neither understanding if their business users are storing that sensitive data in these systems, nor why they might be doing so. Thus, in order to have a true understanding of vulnerabilities, it is important to perform an organizational site assessment as you develop your plan and set goals for meeting compliance requirements and standards. APIA helps organizations understand their systems and how they collect, use, and protect sensitive data.
To download APIA today, please visit the IAPP website.
Supporting Worldwide Privacy, Accessibility, and Information Security Standards
Beyond our educational solutions, AvePoint is committed to helping our enterprise customers safeguard their most sensitive information with the award-winning Compliance Guardian. Compliance Guardian fully supports worldwide privacy, accessibility, and information security standards, and checks can be customized based on specific company policies and practices as well. For our enterprise customers, Compliance Guardian is a key system to enable collaboration with confidence across major collaboration gateways, including SharePoint, file shares, social technologies, and websites.
Trust is something that businesses must work to establish with their customers every day. Once lost, it is very difficult to regain. Consumers have the power to applaud companies that provide proper attention to these matters on their web sites with their purchasing power, and by supporting brands that they respect. At the end of the day, as more consumers make security and protection of their private information a priority, then it is critical that the companies competing for their dollars and loyalties do so as well.
At AvePoint, we look forward to continuing our work with businesses, government agencies, and consumers alike to make the web a more secure place through education and technology.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities.
Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School.
LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en
Twitter: http://www.twitter.com/danalouise