Balancing Account Security and Personal Privacy in Digital Platforms
Over the past ten years, businesses have made great strides in what are considered best practices for cybersecurity. Gone are the days where minimal password complexity, single-factor authentication, group credentials were generally accepted. Now, thanks to the diligent efforts of the cybersecurity community and industry leaders, there is much more awareness of the need to take steps that, while difficult, are necessary to maintain account integrity and security.
To illustrate the balancing act that goes into designing a secure digital platform, this week’s feature of the VENZA Echo will tackle the case of individual accounts in the new VENZA System. Let’s dive in.
For those unfamiliar, the VENZA System is a risk and reporting dashboard that intelligently combines data from VENZA products for greater visibility. It was released at HITEC 2023 and, in the time since, has been rolling out among VENZA clients.
The VENZA System has brought major changes to the user experience, including new data visualizations, combined data from multiple products like VENZA Phishing and VENZA Learning security awareness training, and enhanced reporting functionality.
It also brought one change that is the focus of this article—the shift to required individual user accounts.
Previously, VENZA clients could have one company account that multiple employees used to access training. Now, each employee must have their own account and use their own email address to register and verify their account.
This has raised concerns, namely: (1) is this requirement consistent with best practices for data privacy?, and (2) is the additional logistical burden placed on employees and clients worthwhile?
Balancing Benefits and Risks
In data protection and compliance, there is no free lunch. Each choice you make has upsides and downsides. Making the best decision, therefore, is about accurately understanding and cataloging each consequence and weighing them properly.
With this in mind, and returning to the example of the VENZA System, a few points stand out:
1. The VENZA System does not require the use of personal email addresses. There is a distinction between personal email and individual email. Requiring that each user establish and maintain a discrete account does not require that they provide their personal email address. They are welcome—and even encouraged—to use their business or work email address. Privacy-minded users could also create a new task-specific email address just to use the system.
2. Data privacy laws generally recognize and allow limited data collection for business purposes. For example, GDPR allows that personal data be collected “for specific, explicit, and legitimate purposes”—it is not a blanket prohibition on collection. The same is true for the California Privacy Rights Act (CPRA), which limits a business’s collection of personal information to what is “reasonably necessary and appropriate to achieve the purposes for which the personal information was collected or processed.” This, of course, just makes sense. Data collection is a necessary function of business transactions. Privacy laws are not meant to prohibit all use of data. They involve a balance—they set some limits on collection to protect privacy but allow many uses of data to facilitate economic activity and consumer benefits.
3. Requiring individual accounts with separate email addresses brings significant benefits to clients and users. Doing so improves overall security as breach of one user is siloed and does not affect security of others. It streamlines account management by allowing individual users to request password resets. It creates better visibility into the potential risks of employee data breaches through targeted dark web scanning. It also creates enhanced precision in reporting to ensure full training completion. In short—the upside is substantial.
There is no doubt that transitional issues when moving to more security IT systems and practices are real. Collectively, this is the challenge of building better defense, which we all strive toward together.
Feeling overwhelmed? Don’t be. VENZA is here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success Team.
Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.
Take VENZA’s free Phishing Test to assess gaps in your human firewall today!
Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.
Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.