Blog

How Can Your Remote Workforce Collaborate Securely?
Deborah Kish April 29, 2020
Data breach Data security Insider threat Print security Secure collaboration

Never has there been a better litmus test for seeing how agile your business is than responding to a pandemic. A recent survey by leading research firm Gartner confirmed that most businesses will shift some employees to remote work permanently as a result of COVID-19. Even from home, employees need to collaborate securely with colleagues, partners and customers to stay productive and meet deadlines and goals. While video chat and instant messaging lets you communicate, a lot of collaboration is through documents. Ideally you want to easily share documents, make sure everyone is working on the most recent version, and be able to securely manage all your projects. With the major shift to working at home, the time to double down on data security is now.

Collecting Laptops From Terminated Employees? Protect Unstructured Data
Deborah Kish April 16, 2020
Cybersecurity Data breach Data security Insider threat Privacy Secure collaboration

Protect data on laptops from terminated employees I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

Pandemic Sent Your Workers Home? Reminders for Best Data Security Practices
Deborah Kish April 2, 2020
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Overnight, companies across the globe were forced into a fully remote workforce.  If you are prepared, under the best of circumstances, it can still be a challenge, but if you are not, the challenges are even greater and some things can potentially fall through the cracks.  People working from home can lead to a few unintended bad habits. With business continuity being the priority, data is even more at risk as hackers and thieves see opportunity when your guard is down.

For companies that don’t have tools in place, and for that matter, those that don’t have the right tools in place, here are some things you can do while ensuring the health of your employees, and your business stays on track.

Please Steal My Password
Ron Arden March 23, 2020
Data security Insider threat

steal this password I first wrote this 10 years ago and I’m sad to say it still applies today.  How many times have you seen passwords attached to monitors on sticky notes?  How about people who use the password “password” or “123456”?  With a lot of us having to work from home because of COVID-19, data security and privacy has become more important than ever, since we are not in the protective confines of an office and many of us may have to use our home computers.

In 2020 we have a lot of great technology to access our computers, tablets and phones.  I can access my phone with my face and my laptop with my thumb, but they are all still based on an initial password.  We’ve all read stories about using strong passwords and how easy it is to guess people’s passwords.  The fatal flaw in the system is that we need something that isn’t obvious, but something that we can remember.  Some of the simplest methods of creating a more complex password is to use upper and lower case alphanumerics plus a symbol.

Complying with CCPA – What are some of the landmines?
Deborah Kish February 14, 2020
Data breach Data security Privacy Uncategorized

Complying with CCPA - What are some of the landminesI was talking to the press recently about the potential landmines for compliance with CCPA and it got me thinking.  So I thought I would share my thoughts.

I think one of the first things is that a lot of companies don’t know how to interpret the law. We saw that with GDPR for the year prior to it going into effect. CCPA is a lot like it, but there are likely still questions.

Secondly, is the DSRs (Data Subject Requests) or the right to be forgotten. People are very in tune with their privacy these days and will want to act on it, not only for the reduction of spam, but for the identity theft potential. The requests will likely come too fast and companies with a lot of data containing personally identifiable information (PII) – the very thing those DSs will be after them for – will find themselves in a position where they don’t know where to start.

Tariffs Hitting the Automotive Manufacturing Industry Is Bad Enough, But Intellectual Property Protection is of Huge Concern!
Deborah Kish October 1, 2019
Cybersecurity Data breach Data security Insider threat Privacy Secure collaboration

Protect intellectual property in the automotive industryIntellectual property is a valuable asset in a variety of verticals.  Let’s take manufacturing, for example.  More specifically the automotive industry.  It is particularly vulnerable to theft.  In fact, in our Webinar “Close the Gap on Insider Threat: Granular Access Controls & Behavior Analytics , we cited a Deloitte survey where the respondents put the automotive industry at the highest risk of insider cyber threat. This means they need to put serious consideration into protecting their intellectual property in unstructured files, especially when it is handled by multiple parties.

I recognize that the auto industry is suffering because of the tariff war between the U.S. and China – they’ve got enough to think about in this respect.  But, this does not mean they can let their guard down with protecting CAD/CAE designs, that are very critical to their success.  It is a very competitive market from both a talent and design perspective. In fact, one of our customers considered themselves the “University of Auto Manufacturing”.  This was because they would put time, effort and money into training individuals on their designs, giving them access to their precious CAD/CAE files only to see it walk off on a USB stick perhaps getting into the hands of a competitor.  They got tired of that, “right quick” (as we say here in the south), and took control through discovery and classification, and by using granular access rights.

It Takes a Village to Raise a Child, Right? It Takes a Team to Develop a Data Governance Strategy!
Deborah Kish September 10, 2019
Cybersecurity Data breach Data security Insider threat Print security Privacy

Define a Practical Data Governance Plan for Unstructured DataThe phrase “It takes a Village to raise a child” is true.  But it is also true that it takes a team to develop a data governance and policy management strategy!

In my last post, I talked about teamwork and how important it is when developing a data security strategy. As part of that process, data governance and policy management needs to be part of the equation. It’s becoming more and more clear to me that organizations struggle with policy management – particularly with unstructured data. The very nature of unstructured data leaves it vulnerable to exposure and loss. Insider threat is of particular concern because while hackers typically attack structured databases, your employees and other valued insiders are accessing those databases on a regular basis. The insiders can download sensitive information into spreadsheets and reports. They are accessing your intellectual property, such as product designs and roadmaps. It’s the insiders that will walk off with those designs and sell them to your competition or bring it to a competitor to jumpstart the next phase of their career. The loss of this information will not only cost you revenue, but can also result in a regulatory fine. Who can afford that?

Geese at the ISMG Cybersecurity Summit in New York? It’s all about teamwork!
Deborah Kish August 20, 2019
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Work as a team for unstructured data securityLast week, Fasoo sponsored and participated in the ISMG Cybersecurity Summit in New York City.   It was a great event, well attended and in the Theater District and the ISMG folks were awesome to work with!

As part of our sponsorship, we had a 10 minute Tech Spotlight where I, rather than providing a “death by powerpoint” tech dump, I thought it would be good to get everyone thinking about working together as a team with respect to their data security initiatives by following the example of geese. So I thought it would be worthwhile to post here as well for the greater audience.

Getting Granular: Why You Need Granular Access Controls
Deborah Kish August 5, 2019
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Granular access controls are important to protect unstructured dataIn my last post, I said “Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example. If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security.” And I meant it.

Now,  you might be asking yourself “What does she mean by granular access controls?” And the answer is simple.

Granular permissions or access controls means you grant specific permissions or enable actions when a user opens a file.  This means you can either allow or prevent a person from doing things in a file when it is open – or “in use” – and since data in use is really difficult to protect, wouldn’t it make sense to add this layer of protection?  By applying granular access controls, you can prevent someone from copying and pasting, taking a screen shot, or printing based on the classification of the file and security policy applied to it.  Users can be either granted or denied specific actions when a document is open.

Your Sensitive Data is at Risk: How Do You Manage Insider Threats?
Deborah Kish July 23, 2019
Cybersecurity Data breach Data security Insider threat Print security Privacy

Protect against insider threatsPicture it.  Your employees access sensitive and confidential customer information every day so they can do their jobs. Once the data leaves the protected confines of an information repository, file share or cloud-based service, your authorized users can share it with anyone, do anything with it and compromise your customer’s confidential information or your intellectual property.  As a result, you may be subject to regulatory fines, not to mention losing customers because they can’t trust you to maintain their confidentiality. And as for IP?  It could get in the hands of your competition, threatening your business.

What do you need to do?  You need to persistently protect confidential data so that customer information and your IP is protected regardless of where it goes and who has it.  Through a file-centric approach, you need to close the security gap that allows you to share sensitive data with unauthorized users by applying granular access controls to sensitive data.  Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example.  If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security.