Don’t Complicate Data Discovery and Classification

Ron Arden Data breach, Data security, Privacy

Classify sensitive data as confidential and encrypt itData discovery and classification is an important first step to protect your confidential data and comply with privacy regulations.  You need to identify the location of your data and its value to your organization before determining how to protect it.  Done right, this leads to a data-centric security and compliance program that is critical to your corporate brand and competitive advantage.

Unfortunately many discovery and classification projects stall or fail because solutions try to address all data needs, not just security and privacy.  Organizations get caught up in the process and lose focus of the goal, which is to protect and control sensitive information.

Read More

Stop Wealth Management Data Breaches

Ron Arden Cybersecurity, Data breach, Data security, Insider threat

Encrypt and control sensitive wealth management data

The financial services industry is a frequent target of hackers, but a larger threat may be trusted insiders since they have access to a lot of sensitive customer data.  Advisers within wealth management practices regularly share data with other advisers, staff members, a counterparty or a trusted third-party service provider. They may inadvertently or deliberately share that data with unauthorized people and pose a risk to their firms and customers. Once shared, most firms have no control over that data. The Ponemon Institute illustrates this risk by reporting that 65% of cyber breaches originated with third parties.

Insiders regularly share customer or other sensitive information with colleagues and third-parties by generating and downloading reports from a database. Typically the reports are spreadsheets which make it easy to analyze the data. Access to the database may be restricted, but once in a spreadsheet, the sensitive data is easy to share with anyone.

Read More

Fasoo Presents Incident Response Solution

Ron Arden Cybersecurity, Data breach, Data security, Insider threat

Bill Blake shows how Wrapsody helps manage an incident response plan Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection.  Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.

Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP).  Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response.  The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs.  Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them.  This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.

Read More

Fasoo Highlights Unstructured Data Security at RSA 2018

Ron Arden Cybersecurity, Data security

Fasoo protects unstructured data

Fasoo’s message of finding, protecting and controlling unstructured data definitely made an impact on attendees at the 2018 RSA Conference in San Francisco.  With new regulations like the General Data Protection Regulation (GDPR) coming on quickly and the general feeling that businesses need to do more than just track file access, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

Over 45,000 senior executives and IT security professionals attended this year’s conference with about 2,000 visiting Fasoo’s booth.  Visitors saw hourly presentations and demonstrations on how to manage and control their unstructured data which is by far the largest problem of data security.  While someone hacking a database and stealing credit cards seems to make the headlines, the reality is that the majority of an organization’s intellectual property and sensitive information is stored in documents.  Fasoo staff showed how Fasoo Data Radar, Fasoo Enterprise DRM, Fasoo RiskView and Wrapsody helps manage and protect the critical business information inside documents.

Read More

Can An Oops Data Breach Make You Scramble?

Ron Arden Cybersecurity, Data breach, Data security Leave a Comment

Most of the data breaches you hear about in the news are from external hackers infiltrating a network and stealing credit cards, personal data or intellectual property.  You don’t always hear about the oops or mistake that caused the same problem from a trusted insider.  This past week Heathrow Airport and London’s Metropolitan Police were scrambling to find out how security plans for the airport that included those related to Queen Elizabeth wound up on a USB stick found on a London street.

The USB memory stick had about 2.5 GB of unencrypted data, including details of the route used to convey Queen Elizabeth to the airport, details of every type of identification required to access restricted areas, a timetable of patrols around the airport perimeter and a map of CCTV cameras, tunnels and escape shafts.  Heathrow and the London Metropolitan Police launched an investigation to discover how this information ended up on a street.

Read More

Fasoo Highlights NYDFS Path to Compliance at Rochester Security Summit 2017

Ron Arden Cybersecurity, Data breach, Insider threat, News Leave a Comment

Ron Arden presenting on NYDFS compliance at RSS 2017Ron Arden, Executive Vice President & COO, Fasoo, Inc. spoke to security professionals and executives on how to meet the data-centric requirements of the NYDFS 23 NYCRR 500 cybersecurity regulations for financial services organizations at the 2017 Rochester Security Summit at the Rochester Hyatt in Rochester, NY.

Ron delivered a presentation entitled “Do You Have a Pathway to Data Security and Compliance?” as part of the risk and compliance track during the October 19 – 20, 2017 event.  With deadlines approaching for some of the more challenging components of the NYDFS cybersecurity regulations, timing was right as Ron reviewed results from the recent Ponemon Institute survey on NYDFS readiness and Fasoo’s approach to help meet the technical challenges of protecting unstructured data or data stored in files.  This is an area that most organizations are struggling with, since about 80 percent of their information is not in databases, but is in office documents.

Read More

Fasoo Shows Wrapsody Productivity and Security Platform at Gartner Symposium 2017

bcarambio Cybersecurity, Data security, Secure collaboration Leave a Comment

Fasoo Shows Wrapsody Productivity and Security Platform at Gartner Symposium 2017Fasoo demonstrated the latest version of the Wrapsody productivity and security platform at the Gartner Symposium/ITxpo 2017 from October 2 – 5, 2017 in Orlando, FL.  There was a lot of interest from CIOs, other executives and security professionals as many are struggling with how to secure sensitive information while also providing enhanced productivity for documents or unstructured data.

This year’s Symposium continued Gartner’s focus on helping organizations transform into digital businesses, which is far more than just automating processes.  It includes a holistic change of thinking, where data is the driver of growth and secure business processes are a given.  Since documents make up about 80% of the information that drives business processes, simplifying secure collaboration with documents while enhancing governance and compliance are key components of digital business.

Read More

Is Encryption Really That Hard?

Ron Arden Cybersecurity, Data breach, Data security, Insider threat Leave a Comment

Is Encryption Really That Hard?The problem today is sensitive information is leaking from organizations like a dripping faucet.  The recent Equifax data breach is just the latest example of a constant barrage of leaks in the news.  All the experts say the best way to stop data leaks is by encrypting sensitive data.

So why isn’t everyone doing it?   What’s the problem?  New regulations are now in place that mandate encrypting sensitive data, NYDFS part 500 and GDPR being two of the most visible.

It’s not like using an Enigma machine to manually encrypt a message.  Today’s encryption mechanisms are easy to use and fit into the daily work of employees everywhere.

Read More

Fasoo Moderates Panel on Cybersecurity and Your Company

Ron Arden Cybersecurity, News 1 Comment

Fasoo Moderates Panel on Cybersecurity and Your CompanyBill Blake, Senior Vice President and CCO (Chief Customer Officer) of Fasoo, moderated a panel discussion on Cybersecurity on September 13, 2017 at Harter Secrest & Emery LLP in Rochester, NY.  The event entitled Cyber Security & Your Company – What You Need to Know Now featured industry leaders and experts from The Bonadio Group, Fasoo, Lawley, and Harter Secrest & Emery LLP discuss how, when, and why to plan for a cyber attack.

The event was part of a continuing dialog with organizations on the needs for stricter cybersecurity controls in the wake of the ever growing threat of data breaches and threats to business operations.  Recent data breaches at Equifax, Verizon and others show that any organization is vulnerable to external attacks or insider threats.  Regulations and legislation, such as the New York NYDFS 23 NYCRR 500 cybersecurity regulations and GDPR in Europe, are causing businesses to improve their security posture to protect business and customer information.

Read More

You Need Data-Aware Protection Mechanisms

Ron Arden Cybersecurity, Data breach, Data security, Insider threat Leave a Comment

You Need Data-Aware Protection MechanismsData breaches pose one of the greatest threats to business and government.  With the recent data breach at Equifax magnifying the problem of data loss in businesses and the public sector, it’s time for organizations to think hard about using data-aware protection to safeguard sensitive information.

The ever-changing cybersecurity landscape requires organizations to evolve beyond merely protecting the network perimeter and end-points to implementing protections on the data.  When data breaches are successful, the costs can be staggering.  How much will it cost Equifax to offer credit monitoring to millions of people?  What makes these data breaches so disheartening is that many could be avoided or mitigated by modernizing legacy IT systems and protecting information at the data or document level.

Read More