Mergers and acquisition (M&A) activities pose major document protection challenges for all parties involved. Leaked or stolen data has caused bidding wars, broken deals, cost millions of dollars in damages, and ruined reputations. How can M&A teams ensure maximum document security without impeding productivity?
Why do so many data loss prevention projects either stall or de-scope? Why with significant industry expenditures in the space do we continue to experience record-breaking instances of data breaches and exfiltration? What are the latest methodologies and technologies security and privacy executives should consider to protect their sensitive data and comply with ever-increasing and pervasive privacy regulations such as GDPR and CCPA.
Join Deborah Kish, former Gartner data security analyst, as she shares insights gleaned from hundreds of sessions with CISO, CIO, CDO, CPO and CCOs to offer an insider’s playbook to implementing an unstructured data security and privacy program. Whether migrating from existing DLP point solutions or wondering where your unstructured data lives today, Deborah will provide a life-cycle perspective as to the best methodologies and how to avoid the pitfalls that have plagued enterprise projects.
Register for this webinar and learn how:
- A file-centric approach overcomes data leakage shortfalls of traditional approaches and best meets new privacy requirements
- Aligning data classification with your data protection methods will put your projects on the fast track
- Automation and integration of discovery, classification, access control and file-based encryption is your best first line defense
The financial services industry is a frequent target of hackers, but a larger threat may be trusted insiders since they have access to a lot of sensitive customer data. Advisers within wealth management practices regularly share data with other advisers, staff members, a counterparty or a trusted third-party service provider. They may inadvertently or deliberately share that data with unauthorized people and pose a risk to their firms and customers. Once shared, most firms have no control over that data. The Ponemon Institute illustrates this risk by reporting that 65% of cyber breaches originated with third parties.
Insiders regularly share customer or other sensitive information with colleagues and third-parties by generating and downloading reports from a database. Typically the reports are spreadsheets which make it easy to analyze the data. Access to the database may be restricted, but once in a spreadsheet, the sensitive data is easy to share with anyone.
Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection. Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.
Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP). Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response. The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs. Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them. This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.
The headlines today still focus on hackers and other malicious outsiders trying to steal your sensitive data or disrupting your business, but the reality is that insider threats are the biggest challenge to enterprise security.
People with knowledge of your network and systems have a decided advantage when it comes to deliberately or accidentally sharing information with unauthorized users. Whether it’s a dissatisfied employee looking to make a buck, a retiring worker copying files to take home or a busy executive sending a file to the wrong person, preventing data breaches from privileged insiders can be challenging.
Fasoo just released the results of the security industry’s first look at how confident organizations are about protecting intellectual property and other high value information. In the latest Ponemon Institute survey titled, “Risky Business: How Company Insiders Put High Value Information at Risk”, 72 percent of organizations are not confident they can manage and control employee access to confidential documents and files. This study reveals that insiders are the highest security risk to an organization.
The Ponemon Institute surveyed 637 U.S. IT security practitioners familiar with their organization’s approach to protecting data, documents and files against cyberattacks. For the purpose of this research, high value information includes trade secrets, new product designs, merger and acquisition activity, intellectual property, financial data, and confidential business information.
Based on the findings of the research, employees and other insiders often lack the information, conscientiousness and guidance needed to make intelligent decisions about the information they access and share. Companies are more confident they can stop external attackers from accessing confidential information than their own employees and contractors. This study should make executives and security professionals think about how they control internal access to sensitive information.
This week news broke about a data breach within the Pulaski County Special School District. The breach resulted in more than 3,000 employee’s personal information being compromised. It is reported that a PCSSD employee was responsible for the compromise of thousands of current and former employees’ personal information and she has resigned from her position as of February 2016. Notices to the individuals impacted by this insider data breach were sent out last week.
The former employee was emailing health insurance and benefits reports to her supervisor, and blind-copying the information to her personal email address. Names, social security numbers, addresses and the cost of the health insurance to the employee were some of the information included in the breached data. The culprit was also identifying who did not have insurance along with their social security numbers. The IT Director at PCSSD commented that this behavior had been going on well over a year before it was discovered .
Healthcare data breach due to misplaced flash drives seem to be a rising trend as recently another case was reported on August 7, 2015. Lawrence General Hospital in Massachusetts reported that a flash drive was missing. Even though it had very limited patient information, it did include lab testing information such as patient names, lab testing codes and slide identification numbers. Letters to about 2,000 patients were sent out, and have yet to locate the flash drive. According to their website, the misplaced flash drive was “unencrypted”.
How many times have we heard this type of data breach occur and appear on our news feed?
In July, OhioHealth had reported a similar data breach, after discovering that a flash drive had gone missing. Approximately 1,000 patients’ data became vulnerable, and about 30 or so Social Security numbers were compromised. As in the previous mentioned data breach this flash drive was “unencrypted” well. In addition, in South Carolina, a safe containing two flash drives and two hard drives containing EMS patients’ Social Security numbers, patient names and addresses and clinical information were stolen, and you guessed it, the flash drives were unencrypted.
With the data breaches increasing and hackers breaking into major companies and stealing customer data at an alarming rate, lawsuits relating to these breaches have been a hot topic. For companies, although facing a catastrophe in terms of brand image, legally they have been shielded from damages. That is until now.
According to a recent article, a recent ruling by the 7th Circuit Court of Appeals reinstated a lawsuit against Neiman Marcus over a 2013 data breach in which hackers stole credit card information from as many as 350,000 customers. The three judges ruling has created a stir in the legal environment because this now lowers the bar for consumers who want to sue over such breaches.