While digital technology offers excellent business opportunities for publishers, it also opens up threat vectors. These days online data privacy is one of the top-of-mind issues that companies in the publishing industry need to tackle. Securing sensitive information is demanded by both customers and emerging regulations, and it’s also crucial to keep your competitive advantage intact.
As publishers collect increasingly more data about their readers online through e-commerce, email marketing, and online subscriptions, they can leave customers and themselves vulnerable to data breaches. The global average cost of a data breach increased by a worrying 10% in 2021, according to the Cost of a Data Breach Report 2021. And this makes it clear that companies need to ramp up their security measures.
Publishing companies must, first and foremost, ensure the security of their subscribers’ Personally Identifiable Information (PII) and payment information, such as credit card numbers. Protecting these is required by several regulations such as the GDPR, CCPA, and PCI DSS, as well as by increasing customer needs. But you should not limit information security measures to these; other information such as publisher-author contract content, delivery and publication dates, and author royalty payments or calculations can also hurt your business if they get leaked or stolen.
So, what are the steps publishers need to take to protect their data assets? Check out below.
1. Develop a robust data security strategy
To create a data security program, you first need to define what information you want to protect. One important sensitive data category is PII, which falls under most data protection regulations. PII for publishers includes names, addresses, emails, etc. Another type of data is private internal information such as financial data, contract details, HR, accounting, billing, etc. Lastly, there’s intellectual property such as copyrighted content.
After defining sensitive data, you need to identify where it resides, how it moves inside and outside your organization, and who has access to it. Once this data inventory is ready, you must set specific protection mechanisms and security controls along the usual lines: people, processes, and technology.
2. Encrypt your data
Encryption is a way to protect sensitive data both when stored on a system or device and when in transit. By encrypting work computers’ hard drives, you can ensure that no matter how a device is booted up, users without a decryption key cannot access its contents.
Hard drive encryption does not imply extra investments as the most popular operating systems, including Windows and macOS, have their native encryption solutions. You can also use these tools to encrypt files and folders. In this way, you ensure that even if someone gains access to a work computer, they cannot steal any critical data from it.
By securing sensitive data on USBs and removable devices with encryption, your employees can take advantage of their convenience without jeopardizing company data. Enforced encryption tools allow organizations to automatically deploy an encryption solution to USBs connected to a company computer and, thus, ensure that any sensitive data copied onto these devices is encrypted. This means that if a USB gets lost or stolen, third parties will not be able to access the data on it.
3. Use specialized software to protect data
Security measures such as implementing antivirus software and firewalls are essential to guard against outsider attacks. But you must also ensure that sensitive information is not lost or stolen through employees’ neglect or malicious intent.
To prevent sensitive data from being transferred or stored locally on work computers, publishing companies can deploy a Data Loss Prevention (DLP) solution such as Endpoint Protector. With a DLP, you can define sensitive data based on predefined profiles for PII, intellectual property, or data protection laws. Then you can apply policies that identify, track, or control the movements of sensitive data and, thus, significantly reduce the risk of data leakage.
4. Control what devices can connect
Uncontrolled USB ports can easily become a threat vector for publishing companies. Removable drives can lead to sensitive data loss due to their small size and pervasiveness in companies. But USB-based threats are not limited to storage drives: any device that connects through a USB port, including phones and printers, presents a risk of data loss.
5. Establish privacy awareness among all staff
Everybody inside your publishing company needs appropriate training on basic cybersecurity principles, best practices on sensitive data protection, and ways to avoid threats. Training includes educating employees on not clicking suspicious links, ensuring that the system, antivirus, and applications are up-to-date, not sending sensitive work information through insecure channels, and so on.
As the cost of a data breach is getting higher, companies in the publishing industry must safeguard their valuable data to prevent security threats and protect their reputation. Besides customers’ personal data, securing the company’s confidential data, such as copyrighted content, is also essential.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.