Blog

Tag: digital rights managment

Recovering From a Data Breach

A recent article explained that “recovering from a data breach is like recovering from a skunk attack. No matter where or when you go in the house the stink still clings.” Obviously for those data breaches that have happened this year still have not had the dust settle as the impact of those breaches still linger. However, earlier in 2011 Sony’s PlayStation data breach exposed 77 million user personal account information. It wasn’twasen’t until July 2014 for the “dust to start to settle on this one” and Sony offered $15 million in court settlements to U.S. users of its PlayStation Network (PSN).

That same year in June of 2011, Citigroup also announce that hackers acquired 200,000 credit card holders’ personal information. This took them until 2013 when they found out and revealed that the breach actually exposed more than 360,000 North American Citi-issued customers’ names, account number and contact information.

Aside from the notification and public relation headache that has to get done and continuing to do whatever it takes to protect the victims, it is important to actually publicize what is being done to protect future customers’ personally identifiable information (PII) from being leaked. “Remember it ain’t over when it’s over.” Even when investigations are done, and flaws are fixed, there maintains a sense of concern and fear of trusting an organization who was affected by a data breach. Data breaches have the ability to deliver long-term damage to an organization reputation.

Even if they didn’t encrypt with digital rights management (DRM) their files to protect he sensitive information that they contains the customers personally information, it is equally important to say that they are going to make sure that from now on their information will be secure because their information that contains this information is encrypted, especially when it is DRM protected.

Back then there may have not been enough interest in this kind of data security, but now there is no excuse not to have them as they can protect the lingering pain of a data breach for a very long, long time.

 

Photo Credit: Don DeBold

What to Do after a Data Breach?

In many recent articles regarding data breaches, you will always see that organizations are notifying customers and offering free credit reporting and monitoring, fraud alert services and other services. Most of the headlines read say very little about what these organizations are doing to increase their security and protection of customer personally identifiable information (PII) after they have experienced a data breach.

Thus it is not uncommon for the same organizations to experience two, three, four or more data breaches as we have recently heard in the news such as AT&T, eBay, Aventura Hospital and Supervalu. Some organization after a data breach will also announce they have implemented “encryption” software or “additional security measures” to prevent these breaches from happening again, but apparently customers and potential customer are not satisfied without any specifics mentioned. This is apparent in the loss of profits and sales that these companies are reporting.

Data security only works when the source of these breaches is protected, and that is the data itself. This data must be protected regardless of where it is, and must be protected at all times. The ability to change the encryption polices per user or per file is equally important as those that once have access may be determined to not have access to this sensitive information. Whether these data breaches are caused by insider threats, or hackers stealing these files a solution is needed, and needs to be explained to customers on how it will protect their information.

It’s time to find out more about basic data security and Fasoo data security. A guarantee that all organizations are using the best security on the market is vital to ensuring that consumer’s sensitive information is protected. Fasoo provides digital rights management solutions to not only provide persistent protection but also to deliver dynamic permission control and intelligent monitoring of your files.

Photo Credit: Kenny Ellason

Privacy and Security Guidelines, Do You Follow Them at Your Company?

How many of you have company privacy and security guidelines at your company? Do you really follow each and every guideline? Based on a recent article of the data breach at AT&T, it doesn’t look like that is the case. One of its employees did not follow their “strict privacy and security guidelines” and gained access to customers’ accounts without authorization. Some of this information includes Social Security numbers, driver’s license numbers and Customer Proprietary Network Information (CPNI) which specifies services purchased, including which numbers the customer has called and when.

Although this employee no longer works at AT&T, the question that everyone has when a data breach occurs is what are they doing now to mitigate the risk of future breaches? Anybody who has received a notification letter most likely will provide you with a numbers to contact for free credit monitoring, but for some companies such as this case, two, three or more breaches continue to occur.

As we all know many other companies in other industries have these same guidelines, but seem to have similar insider data breaches occur. The health care industry has been busy with these kinds of breaches, notably, Aventura Hospital and Medical Center, with as many as 82,000 patients Patient Health Information (PHI) being leaked. Then in the banking industry, two former executives at Teche Federal Bank which was acquired by IberiaBank stole several thousand customer files and provided them to competitor JD Bank.

These data breaches from insider threats have occurred as the FBI and Department of Homeland Security warned of an increase in insider threats from current and former employees.

Many companies only have such guidelines, but the only sure way to protect customers’ sensitive information is to protect the data itself. File encryption solutions such as Fasoo Enterprise DRM (Digital Rights Management) provides persistent file-based security for any business environment. This ensures organization to protect, control and trace sensitive files containing intellectual property, trade secrets, PII and more. This ultimately prevents insiders whether malicious or by accident from causing any data breaches to the organization.

No longer can privacy and security guidelines protect the confidential information of consumers, it is up to securing the data to prevent data breach cases mentioned above from happening.

 

Photo Credit: CucombreLibre

Categories
Book a meeting