While digital technology offers great business opportunities for publishers, it also opens up threat vectors. These days online data privacy is one of the top-of-mind issues that companies in the publishing industry need to tackle. Securing sensitive information is demanded by both customers and emerging regulations, and it’s also crucial to keep your competitive advantage intact.
As publishers collect increasingly more data about their readers online through e-commerce, email marketing, and online subscriptions, they can leave customers and themselves vulnerable to data breaches. The global average cost of a data breach increased by a worrying 10% in 2021 according to the Cost of a Data Breach Report 2021, making it clear that companies need to ramp up their security measures.
Publishing companies must, first of all, ensure the security of their subscribers’ Personally Identifiable Information (PII) and payment information, such as credit card numbers. Protecting these is required by several regulations such as the GDPR, CCPA, and PCI DSS, as well as by increasing customer needs. But you should not limit security measures to these – as other information such as publisher-author contract content, delivery, and publication dates, and author royalty payments or calculations can also hurt your business if they get leaked or stolen.
So, what are the steps publishers need to take to protect their data assets? Check out below.
1. Develop a robust data security program
To create a data security program, you first need to define what information you want to protect. One important sensitive data category refers to PII, which falls under most data protection regulations. PII for publishers includes names, addresses, emails, etc. Another category is private internal information such as financial data, contract details, HR, accounting, billing, etc. Lastly, there’s intellectual property such as copyrighted content. After defining sensitive data, you need to identify where it resides, how it moves inside and outside your organization, and who has access to it.
Once this data inventory is ready, you must set specific protection mechanisms and controls along the usual lines: people, processes, and technology.
2. Encrypt your data
Encryption is a way to protect sensitive data both when it is stored on a system or device and when it is in transit. By encrypting work computers’ hard drives, you can ensure that no matter how a device is booted up, users without a decryption key cannot access its contents. Hard drive encryption does not imply extra investments as the most popular operating systems, including Windows and macOS, have their native encryption solutions. You can also use these tools to encrypt files and folders, ensuring that even if someone gains access to a work computer, they cannot steal any critical data on it.
Securing sensitive data on USBs and removable devices with encryption will ensure that your employees take advantage of their convenience without jeopardizing company data. Enforced encryption tools allow organizations to automatically deploy an encryption solution to USBs connected to a company computer, ensuring that any sensitive data copied onto USBs will be encrypted. This means that if a USB is lost or stolen, third parties will not be able to access the data on it.
3. Use specialized software to protect data
While security measures such as implementing antivirus software and firewalls are essential to guard against outsider attacks, you must also ensure that sensitive information is not lost or stolen through employees’ neglect or malicious intent.
To prevent sensitive data from being transferred or stored locally on work computers, publishing companies can deploy a Data Loss Prevention (DLP) solution such as Endpoint Protector. With a DLP, you can define sensitive data based on predefined profiles for PII, intellectual property, or data protection laws. Then you can apply policies that identify, track, or control the movements of sensitive data and, thus, prevent data leakage.
4. Control what devices can connect
Uncontrolled USB ports can easily become a threat vector for publishing companies. Removable drives can lead to sensitive data loss due to their small size and pervasiveness in companies. But USB-based threats are not limited to storage drives: any device that connects through a USB port, including phones and printers, presents a risk of data loss.
With Endpoint Protector, you can control USB and peripheral ports, limiting the use of removable devices to secure company-issued devices or blocking their use altogether.
5. Establish privacy awareness among all staff
Everybody inside your publishing company needs appropriate training on basic cybersecurity principles, best practices to ensure the safety of sensitive data, and ways to avoid threats. This includes educating employees on not clicking suspicious links, ensuring that the system, antivirus, and applications are up-to-date, not sending sensitive work information through insecure channels, and so on.
As the cost of a data breach keeps increasing, companies in the publishing industry must safeguard their valuable data not only to prevent security threats but to protect their reputation too. Besides your customers’ sensitive data, securing your company’s confidential data such as copyrighted content should also be prioritized.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.