Blog

Tag: covid-19

Never has there been a better litmus test for seeing how agile your business is than responding to a pandemic. A recent survey by leading research firm Gartner confirmed that most businesses will shift some employees to remote work permanently as a result of COVID-19. Even from home, employees need to collaborate securely with colleagues, partners and customers to stay productive and meet deadlines and goals. While video chat and instant messaging lets you communicate, a lot of collaboration is through documents. Ideally you want to easily share documents, make sure everyone is working on the most recent version, and be able to securely manage all your projects. With the major shift to working at home, the time to double down on data security is now.

Deploying a collaboration environment on the fly is not something you can do overnight, since it costs both time and money. The fastest way to hit the ground running and share files without losing valuable time is to use a cloud-based system with a web interface. This keeps projects on track with minimal disruption.

A key ingredient to secure collaboration is not burdening your employees or third parties with making security decisions. Wrapsody eCo is a secure and reliable collaboration platform that encrypts all shared files and makes it easy to collaborate securely. By configuring workgroups with built-in policies and permission management, your employees continue to work without worrying if decisions don’t follow policy. You can also set an expiration date for your projects  or revoke access to documents immediately, which simplifies security for users. They have a job to do and don’t need to worry about setting security policies.

Users can easily create a workgroup for a project and define security parameters, like permissions on downloaded files or view access to a document in a browser. Project managers can invite employees, partners and customers to the workgroup with a few clicks. As project members upload documents, they are automatically shared with the workgroup. Each workgroup has a centralized policy making it easier to enforce security on all documents.

As people work from home, they may fall into bad habits like downloading documents from protected cloud applications to work on locally. This is especially true if they do it out of frustration because the internet is slow or they are having problems with their VPNs. That could also lead to emailing files, only exacerbating unsafe data handling practices.   Secure in the Wrapsody eCo environment, downloading documents locally is a non-issue. When a user downloads a file, they can only open it if they have access permissions. If someone accidentally sends the file to an unauthorized user, it is still protected because the unauthorized user will not be able to view the contents.

The other challenge with collaboration is ensuring project members are working on the latest document. If you are updating a financial spreadsheet, for example, you can’t work on an old version. With Wrapsody eCo, you always work on the current version. As soon as you update the file and close it, it automatically syncs to a central location. The next time you open it, you get the latest version, secure in the knowledge that your data is protected and only available to authorized users.

Working remotely may become standard for a lot people. Collaborating securely and effectively can ease the burden and ensure your data security controls protect your most sensitive information. And that should give you peace of mind.

Photo Credit: Graeme Butler

 

Protect data on laptops from terminated employees I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

It reminded me of a webinar we did in 2019, Close the Gap on Insider Threat: Granular Access Controls and Behavior Analytics, where we focused on the best way to protect and control unstructured data without having to think about where it is located, who is accessing it or how it is being used.  It’s part of a 3-part series, so check out the other two.

In my last post, I talked about how many companies are not prepared to suddenly support a remote workforce and provided some thoughts on things you can do.  But this tweet brings to the surface the extent of how unpreparedness can lead to (and this is going to sound weird) intentional, non-malicious behavior.

I encourage you to think about it, watch, and at the very least, start putting a plan in place to protect and control your unstructured business critical information.  The time is now to do your best research so when you are ready to pull the trigger on your unstructured data security project, you will be able to hit the ground running.

Contact us if you want to talk about any of this and in the meantime, stay safe and healthy!

 

Photo credit Ian Sane

 

Overnight, companies across the globe were forced into a fully remote workforce.  If you are prepared, under the best of circumstances, it can still be a challenge, but if you are not, the challenges are even greater and some things can potentially fall through the cracks.  People working from home can lead to a few unintended bad habits. With business continuity being the priority, data is even more at risk as hackers and thieves see opportunity when your guard is down.

For companies that don’t have tools in place, and for that matter, those that don’t have the right tools in place, here are some things you can do while ensuring the health of your employees, and your business stays on track.

  • Reiterate document handling policies – remind workers creating documents of data classification schemes and to encrypt whenever possible for sensitive data.  When in doubt, encrypt.
  • Remind your work-at-home staff of your security awareness training (SAT) (if you have a program in place) – there have been lots of reports of phishing and other types of scams going on because bad people will take advantage of the population when vulnerable.  Ensure your employees know how to identify these things, whether you have programs in place or not.
  • Data sharing across email – it is always a best practice to remind workers that care be taken when sending an email with unprotected documents attached – double-check who is in the “To” and that appropriate protection is applied to what is sent.
  • Working in cloud applications –  the clogged and slow internet may have some workers pulling documents out of the application to work on locally.  And for the sake of expedience, some of these documents may be sent through email (see the previous comment), shared on a Zoom or Teams video conference, or remain on a local drive or in a folder, exposed to theft from outsiders.
  • Ensure your Wifi has a strong password and that your computers have anti-virus software installed – for the unprepared, some workers may be working on their personal laptops or desktops, may not have a VPN, may not have renewed the free anti-virus software installed, because “that will never happen to me”, and may not have created a strong Wifi password when first setting up their internet connection.  Now might be the time to ask them to change passwords and check licenses on security software.
  • Printing – discourage printing sensitive information on home printers. While there isn’t much you can do to prevent this and foster secure printing, discouraging workers from printing sensitive documents locally and encouraging them to work in the applications.  Besides, it is good for the environment (save a tree).

While all of these might seem like motherhood and apple pie, they are just good reminders at a time when things happen so fast.

Photo by Kate

steal this passwordHow many times have you seen passwords attached to monitors on sticky notes?  How about people who use the password “password” or “123456”?  With a lot of us having to work from home because of COVID-19, data security and privacy has become more important than ever, since we are not in the protective confines of an office and many of us may have to use our home computers.

In 2020 we have a lot of great technology to access our computers, tablets and phones.  You can access my phone with my face and your laptop with your thumb, but they are all still based on an initial password.  We’ve all read stories about using strong passwords and how easy it is to guess people’s passwords.  The fatal flaw in the system is that we need something that isn’t obvious, but something that we can remember.  Some of the simplest methods of creating a more complex password is to use upper and lower case alphanumerics plus a symbol.

There is a great site that can help you understand this.  Go to http://howsecureismypassword.net/ and type in combinations of letters, numbers and symbols to see what it tells you.  Another great site to help generate a stronger password is https://www.safetydetectives.com/password-meter/.  These are not foolproof methods of choosing a password, but will give you a good idea of what is secure and what’s not.

Here are a few examples.  If you use “password”, a person or program will crack my password and access my information in seconds.  If you add some symbols into it and use “pa$$word”, it would take a desktop PC about 3 minutes to crack it using a brute force attack.  If you add a capital letter, a few symbols and a phrase  after it to make it “Pa$$wordiseasy123”, it will take more time to crack than the history of the universe.  You can see by adding some simple variety the job of stealing your password becomes harder.

Here are a few easy to remember tips for passwords:

  1. Don’t use a simple word or phrase, like password or 123456
  2. Use at least 10 characters, but preferably 12 or more
  3. Use upper & lower case letters, numbers and symbols in your password
  4. Use something that you can remember, so you aren’t tempted to write it down
  5. Don’t write your password on a sticky note and put it on your monitor

There are many systems, such as biometrics, smart cards and single sign on systems based on SAML and OAuth, that are more sophisticated than using passwords, but many of these still use passwords as the basis for them.  Fortunately these are becoming more ubiquitous across computer systems and websites, but the simple password still rules.

Until we come up with another authentication system as simple and ubiquitous as the password, we are stuck with them.  Make sure you use a little common sense when choosing yours.  Here are some more tips on choosing a strong password.

Categories
Book a meeting