ARTICLE
26 February 2025

Hot Tips For Data Privacy Day

DM
Davis Malm & D’Agostine

Contributor

Founded in 1979, Davis Malm is a premier full-service, Boston-based business law firm that represents local, national and global businesses, institutions and individuals in a wide spectrum of industries. Clients rely on Davis Malm’s attorneys to efficiently deliver successful results through direct partner involvement, responsive client service, and creative and strategic problem solving. Its attorneys practice at the top level of the profession and possess the agility necessary to handle any issues that arise during the course of a matter. Davis Malm is a member of the International Lawyers Network, representing Massachusetts and northern New England. This membership enables the firm to offer high-quality, efficient services to clients doing business globally.
To honor National Data Privacy Day on January 28, 2025, we have distilled dozens of possible action items into the most pressing cybersecurity/privacy "hot tips." Immediate action is recommended to help keep your data safe throughout the new year.
United States Privacy

To honor National Data Privacy Day on January 28, 2025, we have distilled dozens of possible action items into the most pressing cybersecurity/privacy "hot tips." Immediate action is recommended to help keep your data safe throughout the new year.

1. Prioritize Training on New Data Threats.

Novel approaches to individually targeted "spear phishing" enabled by artificial intelligence (AI) justify security-related outreach efforts to employees well above the longstanding once-a-year security training regime. The recent reality is that too many systems are being compromised by employee responses to threat actor social engineering, notably individual employees clicking on links in emails or texts from apparently reliable sources (internal firm leaders, health care, insurance or investment companies, state and federal agencies) that download malware or capture confidential data or individual financial information. As a priority matter, companies should implement protocols to advise employees of new threats as they arise and, in so doing, continually reinforce good data hygiene (including scanning for possible red flags such as external email notices on purportedly internal communications or oddities in message wording or source email address and undertaking independent checks on validity before clicking on emailed or texted links or entering sensitive data in response to an external message).

2. Implement Multi-Factor Authentication.

In addition to password compromise through spear phishing efforts (as mentioned above), threat actors have become increasingly effective at obtaining password information through purchases from the dark web of previously hacked individuals and cracking weak passwords using sophisticated algorithms. Once passwords are compromised, authentication – especially multi-factor authentication – that requires users to verify identities in multiple ways, is the last and best defense to prevent a system breach.

3. Comprehensively Review Your Security Program to Reflect Your Business Changes and Threat Environment.

Maintaining a strong and evolving written security program is not just the law in Massachusetts and other states; it represents an increasingly critical bulwark of individually tailored protections to save your business and employees from the risk of data losses. Instead of leaving security programs to a once-a-year update process, leadership should regularly consider whether program updates during the year are warranted by experience with new threats, any company breaches and near misses, and any vendor breaches and near misses (such as the 2023 MoveIt software breach, used by payroll vendors, that affected 60-plus million users). Leadership should also consider whether breach or business risks justify consideration of increases in cyber insurance and insurance coverage and liability limits.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More