I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

The financial services industry is a frequent target of hackers, but a larger threat may be trusted insiders since they have access to a lot of sensitive customer data.  Advisers within wealth management practices regularly share data with other advisers, staff members, a counterparty or a trusted third-party service provider. They may inadvertently or deliberately share that data with unauthorized people and pose a risk to their firms and customers. Once shared, most firms have no control over that data. The Ponemon Institute illustrates this risk by reporting that 65% of cyber breaches originated with third parties.

Insiders regularly share customer or other sensitive information with colleagues and third-parties by generating and downloading reports from a database. Typically the reports are spreadsheets which make it easy to analyze the data. Access to the database may be restricted, but once in a spreadsheet, the sensitive data is easy to share with anyone.

Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection.  Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.

Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP).  Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response.  The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs.  Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them.  This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.

Fasoo’s message of finding, protecting and controlling unstructured data definitely made an impact on attendees at the 2018 RSA Conference in San Francisco.  With new regulations like the General Data Protection Regulation (GDPR) coming on quickly and the general feeling that businesses need to do more than just track file access, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

Over 45,000 senior executives and IT security professionals attended this year’s conference with about 2,000 visiting Fasoo’s booth.  Visitors saw hourly presentations and demonstrations on how to manage and control their unstructured data which is by far the largest problem of data security.  While someone hacking a database and stealing credit cards seems to make the headlines, the reality is that the majority of an organization’s intellectual property and sensitive information is stored in documents.  Fasoo staff showed how Fasoo Data Radar, Fasoo Enterprise DRM, Fasoo RiskView and Wrapsody helps manage and protect the critical business information inside documents.

The barrage of data breach news on the front page should come as little surprise to any of us. The more data stored and sent digitally, the more we expose ourselves and more breaches occur.  With all the resources and money spent on preventing a breach, we might think it is reasonable to expect that the number of reported incidents decline. But yet, on the contrary, this is not what we see.

According to the Identity Theft Resource Center (ITRC), just this year to date, there have been 725 reported breaches. The traditional security model to guard the perimeter is not adequate. Today’s challenges require a layered Data Security Framework.  So, what should this framework contain to take the right preventative or restorative actions?

Reports emerged yesterday that UK media regulator Ofcom suffered a massive data breach when a former employee stole sensitive information on television companies and gave it to a major broadcaster, which incidentally is his or her new employer.  The person who stole the information was not identified in reports.  The former employee downloaded as much as six years worth of data before leaving the company.  The intent of the action was to gain a competitive advantage in the market.

Even though Ofcom says it takes data security very seriously, it is most likely missing some of the blind spots that companies ignore.  Most organizations focus their security on the perimeter, trying to protect networks and systems from outside hackers.  They rarely look inward, assuming that an employee is a trusted person who will always have the company’s best interests in mind.

Gone are the days when everyone came into the office everyday for work.  Changes in work habits have brought substantial growth in mobility adoption within the workforce and security challenges have followed.

Today’s employees increasingly work from outside the office and they use a number of mobile (often personal) devices to complete their daily business tasks.  Gallup’s Work and Education Poll from August 2015 points out that telecommuting for work has climbed up to 37 percent in the United States.

A June 2014 survey by Gartner points out that approximately 40 percent of U.S. consumers who work for large organizations said they use their personally owned smartphone, tablet, desktop or laptop daily for some form of work.  Mingling business and personal data can and does cause major security problems, since all of us may inadvertently share sensitive company information with the wrong person.

Bill Blake, President of Fasoo, Inc., presented “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk” at the Rochester Institute of Internal Auditors 2015 Fraud Event at Mario’s Restaurant in Rochester, NY on November 20, 2015.

The conference focused on how to detect and prevent fraudulent activities in companies regardless of size.  In today’s high-risk environment members of finance departments need to be vigilant to detect suspicious activities from both inside the company and external sources. Bill highlighted how Fasoo’s data-centric security can offer the best level of protection for confidential information from insider threats and hackers.

Former Morgan Stanley Financial Adviser Guilty In Connection with Data Breach

A former employee of Morgan Stanley pleaded guilty to stealing confidential data from about 730,000 customer accounts. He copied names, addresses, account numbers, investment information and other data to his home computer so he could work on it.

While improperly accessing the information, he was interviewing for a new job with two Morgan Stanley competitors.

With the data breaches increasing and hackers breaking into major companies and stealing customer data at an alarming rate, lawsuits relating to these breaches have been a hot topic. For companies, although facing a catastrophe in terms of brand image, legally they have been shielded from damages. That is until now.

According to a recent article, a recent ruling by the 7^th Circuit Court of Appeals reinstated a lawsuit against Neiman Marcus over a 2013 data breach in which hackers stole credit card information from as many as 350,000 customers. The three judges ruling has created a stir in the legal environment because this now lowers the bar for consumers who want to sue over such breaches.