Blog

How Can Your Remote Workforce Collaborate Securely?
Data breach Data security Insider threat Print security Secure collaboration

Never has there been a better litmus test for seeing how agile your business is than responding to a pandemic. A recent survey by leading research firm Gartner confirmed that most businesses will shift some employees to remote work permanently as a result of COVID-19. Even from home, employees need to collaborate securely with colleagues, partners and customers to stay productive and meet deadlines and goals. While video chat and instant messaging lets you communicate, a lot of collaboration is through documents. Ideally you want to easily share documents, make sure everyone is working on the most recent version, and be able to securely manage all your projects. With the major shift to working at home, the time to double down on data security is now.

Pandemic Sent Your Workers Home? Reminders for Best Data Security Practices
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Overnight, companies across the globe were forced into a fully remote workforce.  If you are prepared, under the best of circumstances, it can still be a challenge, but if you are not, the challenges are even greater and some things can potentially fall through the cracks.  People working from home can lead to a few unintended bad habits. With business continuity being the priority, data is even more at risk as hackers and thieves see opportunity when your guard is down.

For companies that don’t have tools in place, and for that matter, those that don’t have the right tools in place, here are some things you can do while ensuring the health of your employees, and your business stays on track.

It Takes a Village to Raise a Child, Right? It Takes a Team to Develop a Data Governance Strategy!
Cybersecurity Data breach Data security Insider threat Print security Privacy

Define a Practical Data Governance Plan for Unstructured DataThe phrase “It takes a Village to raise a child” is true.  But it is also true that it takes a team to develop a data governance and policy management strategy!

Teamwork is important when developing a data security strategy. As part of that process, data governance and policy management needs to be part of the equation. It’s becoming more and more clear that organizations struggle with policy management – particularly with unstructured data. The very nature of unstructured data leaves it vulnerable to exposure and loss. Insider threat is of particular concern because while hackers typically attack structured databases, your employees and other valued insiders are accessing those databases on a regular basis. The insiders can download sensitive information into spreadsheets and reports. They are accessing your intellectual property, such as product designs and roadmaps. It’s the insiders that will walk off with those designs and sell them to your competition or bring it to a competitor to jumpstart the next phase of their career. The loss of this information will not only cost you revenue, but can also result in a regulatory fine. Who can afford that?

Geese at the ISMG Cybersecurity Summit in New York? It’s all about teamwork!
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Work as a team for unstructured data securityLast week, Fasoo sponsored and participated in the ISMG Cybersecurity Summit in New York City.   It was a great event, well attended and in the Theater District and the ISMG folks were awesome to work with!

As part of our sponsorship, Fasoo had a 10 minute Tech Spotlight where, rather than providing a “death by powerpoint” tech dump, we thought it would be good to get everyone thinking about working together as a team with respect to their data security initiatives by following the example of geese. Below is the recap for the greater audience.

Getting Granular: Why You Need Granular Access Controls
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Granular access controls are important to protect unstructured dataIn our last post, we said “Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example. If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security.” And we meant it.

Now,  you might be asking yourself “What does it mean… granular access controls?” And the answer is simple.

Granular permissions or access controls means you grant specific permissions or enable actions when a user opens a file.  This means you can either allow or prevent a person from doing things in a file when it is open – or “in use” – and since data in use is really difficult to protect, wouldn’t it make sense to add this layer of protection?  By applying granular access controls, you can prevent someone from copying and pasting, taking a screen shot, or printing based on the classification of the file and security policy applied to it.  Users can be either granted or denied specific actions when a document is open.

Your Sensitive Data is at Risk: How Do You Manage Insider Threats?
Cybersecurity Data breach Data security Insider threat Print security Privacy

Protect against insider threatsPicture it.  Your employees access sensitive and confidential customer information every day so they can do their jobs. Once the data leaves the protected confines of an information repository, file share or cloud-based service, your authorized users can share it with anyone, do anything with it and compromise your customer’s confidential information or your intellectual property.  As a result, you may be subject to regulatory fines, not to mention losing customers because they can’t trust you to maintain their confidentiality. And as for IP?  It could get in the hands of your competition, threatening your business.

What do you need to do?  You need to persistently protect confidential data so that customer information and your IP is protected regardless of where it goes and who has it.  Through a file-centric approach, you need to close the security gap that allows you to share sensitive data with unauthorized users by applying granular access controls to sensitive data.  Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example.  If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security. 

I Want YOU…
Cybersecurity Data breach Data security Insider threat Mobile security Print security Privacy

PrivacyTo think about stronger data security and privacy protection! But first, I want you to think about the millions of heroes who have served our country.

As we approach the 4th of July, I wanted to take a moment to recognize the heroes in the many branches of the U.S. Military.  From myself, and on behalf of the entire team at Fasoo, THANK YOU for your service!

And while thinking about those who have put themselves at the first line of defense, defending our country and fighting for our freedom, we are still fighting for privacy and stronger data security.  As individuals, we are required to provide tons of personally identifiable information to our doctors, lawyers, employers and financial institutions – trusting that they will safeguard our information.  But data leaks still happen!  So we know we need to take data security and privacy seriously.

Now, I don’t want this discussion to turn political, but it was brought to my attention (thanks, Rick), in an article published by ZDNet that “The US State Department will now require new visitors to the United States to hand over their social media account names as well as email addresses and phone numbers used over the past five years.”

I remember when I was a kid, the USA was referred to as “The Great American Melting Pot” where people were welcomed from all over the world to come here and live their dream!  Freedom.  In fact, my own family migrated from Hungary and settled in Pennsylvania in the early 1900s.  Of course, this was long before the digital age.  Back then, the information collected, while personally identifiable in nature, was not nearly as much in terms of “volume”.  So while people are still coming to this country to live their dreams, the data requirement to do so is a magnitude far above what it used to be, exacerbating the amount of data that needs to be protected.   So what I am saying here is that these visitors’ dreams should NOT include the fear of identity theft and/or exposure of personal data.

In the digital age, our thirst for knowledge and expression has us willing to give information in exchange for merchandise, a whitepaper, maybe even recognition.   And we should be able, with trust and the freedom to do so, without fear.  So at the risk of misquoting one of our Founding Fathers, those who would give up personal data for essential freedom, deserve both privacy and security.

So fire up the grill, add another hot dog or hamburger, tofu for my vegan friends, crack open a beer or have some wine.  Enjoy your friends, family and freedom and by all means, please have a safe holiday!

By Deborah Kish – EVP Research & Marketing

Attended Gartner Security & Risk Management Summit? So did we!
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

GartnerI have to say, being on the other side of the Gartner Security and Risk Management Summit was a combination of exciting, fun, and educational. The cool thing is that I still got to get up on stage and the bonus was to see all the hard work that goes into exhibiting. I think the Fasoo team did a fantastic job setting up and manning the booth.

At our booth at the Summit, we highlighted new features of our Data Radar and Wrapsody eCo products that deliver a unique life-cycle approach to enterprise content challenges plaguing organizations globally.

Overall our booth attracted hundreds of visitors seeking products that can help them regain control over their unstructured data with particular interests in discovery, encryption and access control.

Privacy regulations such as GDPR and CCPA is the driving factor as visitors clearly indicated the need to adapt quickly to the changing environments. Also, new data security related projects have been planned or launched based on recognizing the impact from IT changes within the organization including the adoption of cloud infrastructure and applications.

Our visitors at the Gartner Security and Risk Management Summit ranged from CISOs, business unit owners, and cyber security professionals to Chief Data Officers and Chief Privacy Officers across multiple verticals. I hope I got a chance to meet you!

I was super excited to moderate our solution provider session at the Summit featuring 3 of our customers which included the regional CISO from a global financial institution, a business unit leader in the automotive industry and a consultant who is leading global digital transformation projects in the public sector globally. Each have projects that involve the challenges of unstructured data security and privacy with distinct use cases. They shared with the audience how they successfully “fast tracked” their way through the challenges often associated with these projects and accelerated their organizations’ paths to data centric security and privacy.

They shared how Fasoo helped them in their plight to gain control of and secure their unstructured data, their intellectual property and meet privacy regulations.

Deborah’s Final Thought:
As trends toward cloud and content collaboration continue – as growth in unstructured data increases and the perimeter fades, it is clear now, more than ever, that the market must adopt a file-centric approach to data security. I believe that this approach will minimize the risks associated with sensitive data exposure and help meet regulatory requirements.

By Deborah Kish – EVP Research & Marketing

What’s Next from Deborah’s Desk
Cybersecurity Data security Insider threat Print security Privacy

unstructured dataSo, in my last post, I mentioned a series of webinars and thought this would be a good opportunity to provide a little preview into some of the topics we’re planning on discussing.

Unstructured data, of course!  But what about it?  I’ll be discussing the challenges… kind of a “What I heard from you as a Gartner data security analyst” in a “How to navigate through the maze of methodologies, governance and technologies” sort of way.

Unstructured data is a live and growing thing that often gets overlooked.  Remember the “Wild Wild West” comment from my last post?  So I’m here and excited to help you discover new simpler approaches to gaining visibility and control over the growing unstructured data all organizations are facing.   How to discover, classify and encrypt unstructured data and prepare for and adhere to privacy regulations like GDPR and CCPA.

If you are a CISO, DPO or CDO, or even a business unit lead within your organization, you should join these sessions.  If you struggle with what functions to automate or are trying to get out from under or improve the traditional rules based approach, you should join  Would you rather have your staff spend less time fielding false positives and more time on the things that really matter? Please, join and learn how Fasoo’s extensive product capabilities can help.

Here’s the thing… maybe I didn’t hear EVERYTHING, so I’d like to shout out to the readers… I would love to get your thoughts, suggestions, and field any questions.  I want to hear from you and keep the conversation alive.  In the meantime, stay tuned… I’ll be back.

Fasoo Talks About NYDFS and Cybersecurity at FinCyberSec 2017
Cybersecurity Data breach Insider threat News Print security

Ron Arden Talks About NYDFS and Cybersecurity at FinCyberSec 2017Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented Countdown to Compliance with NYDFS 23 NYCRR 500 during FinCyberSec 2017 at the Stevens Institute of Technology in Hoboken, NJ on May 31, 2017.  Ron was part of a day long event that focused on technical, regulatory, process and human dimensions of cyber threats faced by financial systems and markets.

Dr. Paul Rohmeyer, who organized the conference, started the day with opening remarks that set the stage for how the world of business and cybersecurity has changed in the last year.  With constant attacks, like the WannaCry ransomware attack and the ever changing business and technology landscape, financial services companies have a lot to address as they look to safely promote new business models.