Blog

Tag: data encryption

Data Breach Lawsuits Are on the Rise

With the data breaches increasing and hackers breaking into major companies and stealing customer data at an alarming rate, lawsuits relating to these breaches have been a hot topic. For companies, although facing a catastrophe in terms of brand image, legally they have been shielded from damages. That is until now.

According to a recent article, a recent ruling by the 7th Circuit Court of Appeals reinstated a lawsuit against Neiman Marcus over a 2013 data breach in which hackers stole credit card information from as many as 350,000 customers. The three judges ruling has created a stir in the legal environment because this now lowers the bar for consumers who want to sue over such breaches.

Although the initial ruling was thrown out due to thinking that customers could have simply relied on their credit cards’ fraud protection program and also that these kinds of breaches although had shown that customers would fear for future fraud and identity theft did not cause any “imminent “ threat or “concrete” injury.

However, the 7th Circuit reinstated both types of claims, which were to those who had incurred expenses tied to the Neiman Marcus hack, and those who feared future identity theft. Basically the key point that Chief Judge Diane Wood had said was, ““Why else [other than to cause harm] would hackers break into a store’s database and steal consumers’ private information?”

Ultimately this ruling will most likely not help consumers cash in, however, it will build the pressure for companies to take a serious look into their data security solutions and see if they have what it takes to truly secure their data. Companies must show that they have acted reasonably and have taken reasonable yet realistic measures to prevent a data breach and not make themselves a target.

It is quite evident that having a data security framework that works, is necessary in taking the stance against data breaches. Organizing unstructured data, data encryption and comprehensive risk analyses prior to a breach happening, all needs to be in place to show not only the consumers but the courts that as an organization, we have done all that we could to avoid a data breach. Taking these proactive measures to have strong security policies will go a long way towards mitigating an organization liability in a class-action lawsuit, such as this one.

Although legal action against organization after a data breach may be inevitable, positioning yourself with this kind of solution will put the organization in a better position to defend the lawsuit and also deflect some of the greatest damage to an organizations brand image and reputation.

Taking a hard look at what kind of data security now and being proactive about protecting your customers’ most valuable data is the first step in avoiding all the damages that will occur with a data breach. Being able to control your data no matter where it is, can be the best way to improve your information security.

 

Photo credit by: PRSA-NY

19402991838_a02941f490_o

We all share files with those we work with, those we are friends with and those we are doing business with. Nowadays with mobile devices, email and the cloud, it is extremely easy to share files, easy enough that we may accidentally send and share them to the wrong person.

Recently, the National Guard was hit with a data breach, where files containing personal information were unintentionally transferred to a “non-DoD-accredited data center by a contract employee.” Although in this case it was not believed to be malicious, there is still the fate of the possibility that this information will get into the wrong hands.

If you send confidential and sensitive information outside of your company and this sort of situation above happened, that could be a HUGE problem. Most email programs have a type-ahead feature that helps you fill in email addresses as you type. This is great since most of us frequently send email to the same people. The downside is that we are too reliant on the technology and may not carefully look before hitting the Send button.

The best way to make sure that a confidential document doesn’t get into the wrong hands is to encrypt it with data-centric security that contains a persistent file policy. If the unintended recipient opens the document, he or she can’t read anything. The contents of the document looks like random characters.

By encrypting your files with programs like Fasoo’s Data Security Framework, it provides an added layer of security, whether you happen to email or share your files to the wrong person or not.

We all make mistakes; why not protect yourself ahead of time before your mistakes can cause harm?

 

Photo credit by: Sharon Sinclair

Data Encryption is Now Mandatory, Are You Prepared?

On July 1, Connecticut’s Governor Dannel Malloy signed legislation that expands the current definition of personal information and now requires new data breach security terms and conditions in every state contract dealing with confidential information. From this article, the bill also states, “Not later than October 1, 2017, each company shall implement and maintain a comprehensive information security program to safeguard the personal information of insureds and enrollees that is compiled or maintained by such company,” the bill states, adding that the security program will need to be in writing and contain appropriate administrative, technical and physical safeguards.

This bill also addresses the issue of data encryption, and explains that all personal information that is being transmitted wirelessly or on a public internet connection must be encrypted. Sensitive personal data must also be encrypted on laptops and other portable devices.

With all the recent major data breaches, that have also affected a lot of people and organizations from Connecticut, it can be seen that they are taking the stance to demand encryption of customer data.

Encryption technology can be used to protect confidential information. If information is encrypted in sufficient strength it can remain safe even when stolen or lost in any media. It also protects information during transition but it does not prevent the leak after decryption by authorized recipients. Considering most of data leaks are originated from insiders who have or had access to documents, organizations must complement and empower existing security infrastructure with the solution which can protect data in use persistently.

Enterprise Digital Rights Management (DRM) is the only systematic solution to protect your information persistently from insiders as well as outside threats. Enterprise DRM controls the usage of DRM-enabled documents depending on the permissions given to the user. The DRM-enabled documents can be protected at rest in storage, in transit and also in use persistently.

Enterprise DRM enables the circulation of confidential information without the fear of leaks, handling customer information for better support without a slight risk of PII (Personally Identifiable Information) exposure and sharing trade secrets or technical details with your trusted partners.

In the time of all of these data breaches, it is important to determine which encryption will protect your data against these hacks. From malicious and careless insiders to external threats, Enterprise DRM will provide the protection your data needs throughout its entire lifecycle.

 

Photo credit by: EFF Photos

It’s a Bad Week for the Healthcare Industry

It definitely has been one of the worst weeks for data breaches in the healthcare industry. We went from big news from Worcester, MA with UMASS Memorial Medical Group (UMMG) reporting an insider data breach of about 14,000 patient health information, to probably the biggest not healthcare data breach but potentially the biggest breach of the year with up to 80 million patient personal records on the line. The recent breaches have sparked debate whether federal law should be changed so healthcare companies would be required to encrypt sensitive data they hold. The FBI last year also warned healthcare companies industry wide that their data security practices needed to be strengthened amid the growing threat of cyberattacks.

Although the Anthem Inc. breach was commended for detecting the breach only weeks after it apparently began, unlike the UMMG breach, it still says to patients who entrust their sensitive information to these organizations that these breaches will continue to occur. However, with big names like Anthem making the headlines, it is with great hope that these organizations are coming along and understanding the need to protect their data. Healthcare data holds a much longer shelf life than just a stolen credit card, which is

why that data is becoming increasingly popular to cyber criminals. That type of information can be used to open up credit accounts, perform identity theft, medical billing fraud, and insurance fraud.

Although security awareness and training is valuable and helpful, the time to make sure that data itself is secure is now. Making sure that the data is encrypted and permissions to those data are in control proves to mitigate the risk of exposure even after the data is stolen. Whether this is by outside hackers or insiders, data itself must be persistently secure.

Fasoo Enterprise DRM (Digital Rights Management) provides organization such as the two mentioned above and whole lot more in many different industries with the ability to protect, control and trace sensitive data containing intellectual property, patient health information (PHI), personally identifiable information (PII) and more. It maintains file protection and prevents unintended information disclosure no matter where the data is.

Having your data DRM protected with Fasoo, will mitigate the risk and ensure that you won’t make the news for the same reasons as UMMG or Anthem Inc. are. Doesn’t that sound like a plan?

Photo Credit: Perspecsys Photos

11406980764_d8a0171564_o

The main details surrounding the Sony hack are as follows. A hacking group — apparently sponsored by the North Korean government — infiltrated the “corporate network” of Sony Pictures on Nov. 24, 2014, removing large amounts of private data, deleting original copies and leaving messages threatening to release the information if Sony did not abide by their demands. In a very slow and painful process, the group leaked the confidential information, which includes executive compensation, employee social security numbers, unreleased movies and a massive amount of corporate emails.

The leaked emails seem to have revealed some major weaknesses to Sony’s approach to data governance.
Some points to address regarding Sony’ status at that time before the data breach are:

  • Recognizing the need to reduce the company’s data amasses, but neglecting to follow through with a secure removal plan
  • Failing to take stronger measures to protect corporate intellectual property (IP) and employee personally identifiable information (PII)
  • Storing user login credentials in a file titled “passwords”

The need to implement an effective security strategy with the right solutions was needed. Especially with sensitive information such as PII and IP, not having this data encrypted with such solutions as data encryption or digital rights management have made it easy for hackers to steal this information.

Even with these solutions however, the need to ensure that all necessary files are truly secure must be ensured. With a definite guarantee to mitigate the extent of the damage from these data breaches, a mix between data governance and data encryption can ensure that your data is secure.

 

Photo Credit: Perspecsys Photos

Follow Up: Data Encryption is the Answer

Even after suffering from a devastating data breach, National Association of Federal Credit Unions (NAFCU) is dismissing the idea that the data encryption rule should be implemented. Instead, they are saying the credit unions should follow best practices and look into other ways than encryption.

Just to refresh your memory, at the end of 2014, the National Credit Union Administration (NCUA) suffered a data breach when one of their own had lost a thumb drive containing personal credit union member information during a routine audit. That included names, addresses, Social Security numbers and account numbers for around 1,600 members worth around $13 million.

However, those in the security industry know that encryption especially with information rights management is distinctively the reasonable choice to protect your data, as Debbie Matz, the Board Chairman for the NCUA said, “We are contemplating a rule, which would require encryption…” Matz said. “Short of requiring it, we’re really struggling trying to figure out how to prevent data breaches. That’s a very fundamental thing to do, to make sure that if the data is lost or stolen that members’ confidential information is protected.”

Sooner or later as can be seen in New Jersey, New York, and will look to be extended to other states, the NCUA will not have any choice, but to encrypt or apply the best security measures to protect the data itself no matter where it is. Organizational policies, training and regulations of security policies to abide by, just doesn’t cut it as proven in the countless headlines of data breaches.

With the correct data security, and the ability to protect data of others should be the viewed with the utmost importance From insider threats (both malicious or by accident) to external hackers, even if stolen the data must not be that easy to access like in such cases as we have seen in the headlines.

To be able to share your files that contain these kinds of data, the concern that it will get stolen must disappear. How much longer must we worry about these cases? In this case, you don’t have to worry at all due to knowing you can implement Fasoo Enterprise DRM (digital rights management) and be able to set permissions relating to accessing the documents.

 

Photo Credit: Chris Potter

Categories
Book a meeting