As we learned with the Sony Pictures hack, keeping your production data and systems safe is a necessity—especially in our era of remote work, distributed teams, data wrangling, and the like. You must protect your intellectual property, scripts, unreleased footage, and other confidential information, otherwise you’ll find yourself without a production and in legal trouble.
Here is a checklist for your data security and privacy practice. These may seem like common sense to experienced folks, but they won’t be to all. Make sure your team is using:
- Encryption: Use encryption for data in transit and data at rest. Encrypted communication channels, secure file transfer protocols (SFTP), and encrypted storage solutions safeguard sensitive information from unauthorized access.
- Access Control: Implement strict access controls and role-based permissions. Only authorized personnel should have access to specific production materials. Regularly review and update access permissions.
- Secure Passwords: Enforce strong password policies for all production-related accounts and systems. Encourage the use of complex passwords and two-factor authentication (2FA) for added security.
- Secure File Sharing: Choose secure file-sharing platforms that offer encryption, password protection, and expiration dates for shared files. Limit access to files to only those who require it.
- Secure Cloud Storage: Select reputable cloud storage providers with strong security features. Ensure data stored in the cloud is encrypted, and implement robust access controls.
- Virtual Private Networks (VPNs): Encourage the use of VPNs for remote team members to secure their internet connections when accessing production materials and systems.
- Firewalls and Intrusion Detection: Employ firewalls and intrusion detection systems to monitor network traffic and detect unauthorized access attempts or suspicious activities.
- Regular Software Updates: Keep all production-related software and systems up to date with the latest security patches and updates to mitigate vulnerabilities.
- Data Backups: Implement regular data backup procedures and store backup copies in secure locations. This ensures data recovery in case of data loss or cyberattacks.
- Secure Communication: Use encrypted communication tools and email services for sensitive discussions and file sharing. Avoid sharing confidential information through unsecured channels.
- Employee Training: Train all team members on data security best practices and the importance of safeguarding sensitive information. Promote a culture of security awareness.
- Cybersecurity Policies: Develop clear and comprehensive cybersecurity policies and procedures specific to the production environment. Ensure that all team members understand and adhere to these policies.
- Incident Response Plan: Establish an incident response plan to address data breaches or security incidents promptly. Define roles and responsibilities for handling and reporting incidents.
- Vendor Assessment: When working with third-party vendors or service providers, assess their security practices and ensure they comply with industry standards and regulations.
- Legal Agreements: Include data security and privacy clauses in contracts and agreements with vendors, actors, and production partners. Define responsibilities and obligations related to data protection.
- Data Privacy Regulations: Familiarize yourself with relevant data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), and ensure compliance when handling personal data.
- Regular Audits and Assessments: Conduct periodic security audits and assessments to identify vulnerabilities and areas for improvement. Address any findings promptly.
- Secure Disposal: Properly dispose of physical and digital assets that are no longer needed, ensuring that no sensitive data is left exposed.
- Incident Reporting: Establish clear protocols for reporting security incidents or data breaches to relevant authorities, as required by data protection laws.
- Continuous Monitoring: Continuously monitor production systems and data for signs of unauthorized access or suspicious activities. Implement security information and event management (SIEM) solutions if possible.
Appoint one or more team members to take point and make sure the whole team is practicing good data and privacy hygiene. If they are, you’ll maintain confidentiality, prevent data breaches and cyber threats, and keep your production—and your people—safe.