Blog

You Need Data-Aware Protection Mechanisms
Cybersecurity Data breach Data security Insider threat

You Need Data-Aware Protection MechanismsData breaches pose one of the greatest threats to business and government.  With the recent data breach at Equifax magnifying the problem of data loss in businesses and the public sector, it’s time for organizations to think hard about using data-aware protection to safeguard sensitive information.

The ever-changing cybersecurity landscape requires organizations to evolve beyond merely protecting the network perimeter and end-points to implementing protections on the data.  When data breaches are successful, the costs can be staggering.  How much will it cost Equifax to offer credit monitoring to millions of people?  What makes these data breaches so disheartening is that many could be avoided or mitigated by modernizing legacy IT systems and protecting information at the data or document level.

Healthcare Data Breaches and Flash Drives, Still?
Data breach

Healthcare Data Breaches and Flash Drives, Still?

Healthcare data breach due to misplaced flash drives seem to be a rising trend as recently another case was reported on August 7, 2015. Lawrence General Hospital in Massachusetts reported that a flash drive was missing. Even though it had very limited patient information, it did include lab testing information such as patient names, lab testing codes and slide identification numbers. Letters to about 2,000 patients were sent out, and have yet to locate the flash drive. According to their website, the misplaced flash drive was “unencrypted”.

How many times have we heard this type of data breach occur and appear on our news feed?

In July, OhioHealth had reported a similar data breach, after discovering that a flash drive had gone missing. Approximately 1,000 patients’ data became vulnerable, and about 30 or so Social Security numbers were compromised. As in the previous mentioned data breach this flash drive was “unencrypted” well. In addition, in South Carolina, a safe containing two flash drives and two hard drives containing EMS patients’ Social Security numbers, patient names and addresses and clinical information were stolen, and you guessed it, the flash drives were unencrypted.

Bigger Problem than Compliance?
Data security

Bigger Problem than Compliance? The answer? Data Protection! Although compliance has always topped data breach protection, this year, preventing data breaches and protecting intellectual property are all considered more important in driving data protection. However, it is both of these together that makes a data breach protection solution so robust.

Meeting and demonstrating compliance is the start to a more secure organization. Last year in particular with the spike in data breaches caused by the theft or loss of sensitive information pushed the government to push for numerous legislative requirements and standards-based protocols from NIST (National Institute of Standards and Technology).

Federal government agencies are required to follow endpoint security obligations and protocols and even more so with national security agencies who communicate classified information.

Are these Proposed Privacy Laws Enough?
Data security

Are these Proposded Privacy Laws Enough?

President Obama announced that he would propose laws aimed at protecting data after a horrendous year in cyber securitycybersecurity and data protection. Although all the facts are not all there yet, three new laws are being proposed. These laws will be addressed later this month at the president’s State of the Union. Already so far, information security experts are praising the attention President Obama is bringing to security issues with these proposals.

Among the proposals, the Personal Data Notification and Protection Act would require companies to notify customers within 30 days from the discovery of a data breach that their information had been compromised. Also, another proposal is the bringing back an upgraded version of the “Consumer Privacy Bill of Rights”, which gives internet users the right to control what data is collected and how their data is shared. The last proposed law, is the Student Data Privacy Act, which will prohibit tech companies from profiting from data collected on students in schools.