Blog

Remote Work Security and Document Protection in Banking: What’s Next?
Cybersecurity Data security Insider threat Print security Sensitive Unstructured Data

Which industries have the highest potential for remote work? Finance and insurance, says McKinsey & Company. There’s a catch, however. How can organizations realize this potential without compromising data security and privacy? 

*

The consultancy found that three-quarters of activities in these sectors can be done remotely without a loss of productivity. Information security wasn’t part of the study. So what are the implications from a data protection perspective?

Still Not Encrypting Your Data?
Data breach Data security

Still Not Encrypting Your Data?

Are we still not encrypting our data in a time when cyber-attacks have been happening to so many big names in the healthcare, retail and government? Recently, UCLA Health System’s computer network was broken into by hackers and may have accessed sensitive information on as many as 4.5 million patients. The information included names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information such as patient diagnoses and procedures.

The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling.

Data Breaches on Record Pace for 2015?
Data breach

Data Breaches on Record Pace for 2015?

Earlier this month, an article recorded that data breaches in 2015 are on pace to break records both in the number of breaches and records exposed. In 2014, the numbers of US data breaches tracked by the Identity Theft Resource Center hit a record high of 783, with about 86 million confirmed records exposed. So far this year, as of June 30, the number of breaches reached 400 and additionally, about 118 million records had been confirmed to be at risk.

We all have heard about the government data breaches that have reached the headlines but in addition to those, some other major data breaches which have exposed more than 92,000 people’s personal information are three separate organizations in very different industries. Florida’s Orlando Health, California’s Cuesta College and Michigan’s Firekeepers Casino recently acknowledged data breaches.

Data Encryption is Now Mandatory, Are You Prepared?
Data security

Data Encryption is Now Mandatory, Are You Prepared?

On July 1, Connecticut’s Governor Dannel Malloy signed legislation that expands the current definition of personal information and now requires new data breach security terms and conditions in every state contract dealing with confidential information. From this article, the bill also states, “Not later than October 1, 2017, each company shall implement and maintain a comprehensive information security program to safeguard the personal information of insureds and enrollees that is compiled or maintained by such company,” the bill states, adding that the security program will need to be in writing and contain appropriate administrative, technical and physical safeguards.

This bill also addresses the issue of data encryption, and explains that all personal information that is being transmitted wirelessly or on a public internet connection must be encrypted. Sensitive personal data must also be encrypted on laptops and other portable devices.

How Worried Should We Be about the Hacks on the Government?
Data security

How Worried Should We Be about the Hacks on the Government?

Every time we look to the news we find at least one data breach incident, some more minor than others. However, at that time it was businesses in retail, finance or in healthcare. Now we look to the news and we discover that more and more data breaches are focused on the government. From third party contractors that deal with government to household names such as the Internal Revenue Service, The White House, and most recently the Office of Personnel Management (OPM).

Initially, last year the OPM reported that about 4 million government employees had their personal data compromised. However, now records reveal that a possible 18 million people, possibly more have had their information compromised. This is now one of the largest data breaches in US history.

Are these Proposed Privacy Laws Enough?
Data security

Are these Proposded Privacy Laws Enough?

President Obama announced that he would propose laws aimed at protecting data after a horrendous year in cyber securitycybersecurity and data protection. Although all the facts are not all there yet, three new laws are being proposed. These laws will be addressed later this month at the president’s State of the Union. Already so far, information security experts are praising the attention President Obama is bringing to security issues with these proposals.

Among the proposals, the Personal Data Notification and Protection Act would require companies to notify customers within 30 days from the discovery of a data breach that their information had been compromised. Also, another proposal is the bringing back an upgraded version of the “Consumer Privacy Bill of Rights”, which gives internet users the right to control what data is collected and how their data is shared. The last proposed law, is the Student Data Privacy Act, which will prohibit tech companies from profiting from data collected on students in schools.

Former Employees Stealing Corporate Data
Insider threat

Former Employees Stealing Corporate Data

We hear of a lot of insider threats these days with disgruntled employees who have been fired but earlier this month, a former COO of an on demand startup left the company due to tensions with the founders and landed a job with their competition to aid in the company’s international growth. The issue here is that before he left, the former executive has been accused of copying a treasure of confidential data to his cloud account to be able to be used to solicit employees from his former company. Even though his account was shut down following his departure, it has been perceived that there is no supportable evidence that the former COO still has those confidential documents.

It can be seen that this kind of insider threat was a planned malicious insider attack involving stealing sensitive company information. The insider saw opportunity to benefit from this and the former company had little they could do in order revoke his privileges from access those files. It has been said in many headlines in in the past, it is all about protecting the data, and that even means being able to revoke access to those sensitive files that contain confidential data. In this case, it was not possible and thus lead to a big legal case between the two parties.

The Dangers of Insider Threats in Critical Infrastructure
Insider threat

The Dangers of Insider Threats in Critical Infrastructure

It is scary enough that intelligence officials say cyber security no trumps terrorism as the No. 1 threat to the U.S. With the most recent data breach attacks on the White House and Office of Personnel Management, this is just the tip of concern for the federal government. However, it gets even scarier when these breaches are insider threats on the nation’s critical infrastructure.

Based on research from a recent article, in April 2011, a lone water treatment employee allegedly shut down operating systems at a wastewater utility in Arizona in an attempt to cause sewage backup to damage equipment and create a buildup of methane gas. Luckily, automatic safety features prevented this from happening without an incident. Earlier that year, an employee recently fired from a US natural gas company also closed a valve, disrupting gas service to nearly 3,000 customers for an hour.