Blog

Collecting Laptops From Terminated Employees? Protect Unstructured Data
Deborah Kish April 16, 2020
Cybersecurity Data breach Data security Insider threat Privacy Secure collaboration

Protect data on laptops from terminated employees I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

You Need Data-Aware Protection Mechanisms
Ron Arden September 12, 2017
Cybersecurity Data breach Data security Insider threat

You Need Data-Aware Protection MechanismsData breaches pose one of the greatest threats to business and government.  With the recent data breach at Equifax magnifying the problem of data loss in businesses and the public sector, it’s time for organizations to think hard about using data-aware protection to safeguard sensitive information.

The ever-changing cybersecurity landscape requires organizations to evolve beyond merely protecting the network perimeter and end-points to implementing protections on the data.  When data breaches are successful, the costs can be staggering.  How much will it cost Equifax to offer credit monitoring to millions of people?  What makes these data breaches so disheartening is that many could be avoided or mitigated by modernizing legacy IT systems and protecting information at the data or document level.

Digital Rights Management Helps the FDIC Proactively Address Cyber Security
Ron Arden May 27, 2016
Cybersecurity Data breach Insider threat

Digital Rights Management Helps the FDIC Proactively Address Cyber SecurityThe Federal Deposit Insurance Corporation (FDIC) will implement Digital Rights Management (DRM) software to prevent unauthorized redistribution of digital information.  This is in reaction to security incidents where departing employees accidentally took sensitive files on portable media.  According to numerous studies, trusted insiders pose a greater risk to sensitive information than hackers and cybercriminals.

I applaud the FDIC for taking this key initiative to proactively protect and control its most sensitive information.  DRM will help prevent unauthorized access and distribution of sensitive files regardless of location or device.  It can limit a user’s ability to view, edit and print and can even limit the validity time for accessing sensitive information.  This applies to both internal and external users.

Stop the Data Breaches – Everyone Should Protect Consumer Data
Ron Arden May 24, 2016
Data breach Data security

Use the Fasoo Data Security Framework to Stop the Data BreachesThere is a lot happening lately in the financial sector to help stem the tide of constant data breaches.  This week a financial industry coalition in the US is promoting a campaign called “Stop The Data Breaches” to encourage people to get their members of congress to pass The Data Security Act of 2015 (H.R. 2205 and S. 961).

The effort is backed by seven trade groups, including the American Bankers Association, the Consumer Bankers Association, the Credit Union National Association and the National Association of Federal Credit Unions (NAFCU).  By running online and print ads, they are trying to get Congress to enact this important legislation that would protect consumer data.

A few weeks ago, on May 12, 2016, the Federal Deposit Insurance Corporation (FDIC) was in front of a Congressional Subcommittee to answer if Americans can trust the FDIC to protect their private banking information. One of the interesting outcomes was the FDIC announcing a new cyber security initiative after 5 more breaches. Part of this initiative is the implementation of Digital Rights Management technology to locate, recall and/or render data useless when appropriate. This new development should have a major impact on the financial sector who will follow suit if they have not implemented this type of data-centric and people-centric security approach already.

Stop Accidental Data Breaches Through Errors
Ron Arden November 24, 2015
Data breach Data security Insider threat

“Clerical Error” in Georgia Results in Data Breach of 6 Million Voters

Clerical Error in Georgia Results in Data Breach of 6 Million Voters

A class action lawsuit was filed by two Georgia women alleging a massive data breach when Secretary of State Brian Kemp’s office released personally identifiable information (PII) of voters, including Social Security numbers, to the media, political parties and other paying subscribers.

Allegations include that the unauthorized information released in October in the voter lists also contained dates of birth and drivers’ license numbers.   Kemp’s office responded this was due to a clerical error where information was put in the wrong file and sent to 12 recipients on a disk.  It is unclear if it was an internal error or the fault of an outside contractor that caused the private information to be included in the file.

Stop Confidential Data Theft through Paper Printouts
Ron Arden November 13, 2015
Data breach Data security Insider threat Print security

Massive PHI Breach at Children’s Medical Clinics of East Texas

Children's Medical Clinics HIPAA violationAn employee of the Children’s Medical Clinics with a retaliatory agenda to cause damage to the clinic’s reputation, stole and improperly disclosed the confidential data of 16,000 patients. Notification letters were sent to affected people to inform them that an employee took paper records from the facility and sent screenshots of electronic patient records to a former clinic employee. The Office for Civil Rights (OCR) health data breach portal indicates patient names, dates of birth, diagnostic information and treatment information were disclosed.

Stop Unauthorized Use of Confidential Data
Ron Arden November 11, 2015
Cybersecurity Data breach Insider threat

Former Morgan Stanley Financial Adviser Guilty In Connection with Data Breach

Stop Unauthorized Use of Confidential DataA former employee of Morgan Stanley pleaded guilty to stealing confidential data from about 730,000 customer accounts. He copied names, addresses, account numbers, investment information and other data to his home computer so he could work on it.

While improperly accessing the information, he was interviewing for a new job with two Morgan Stanley competitors.

Honest Mistake: Have You Ever Shared Sensitive Data to the Wrong Person?
David Kwag July 17, 2015
Data breach Data security

19402991838_a02941f490_o

We all share files with those we work with, those we are friends with and those we are doing business with. Nowadays with mobile devices, email and the cloud, it is extremely easy to share files, easy enough that we may accidentally send and share them to the wrong person.

Recently, the National Guard was hit with a data breach, where files containing personal information were unintentionally transferred to a “non-DoD-accredited data center by a contract employee.” Although in this case it was not believed to be malicious, there is still the fate of the possibility that this information will get into the wrong hands.

Data Encryption is Now Mandatory, Are You Prepared?
bcarambio July 9, 2015
Data security

Data Encryption is Now Mandatory, Are You Prepared?

On July 1, Connecticut’s Governor Dannel Malloy signed legislation that expands the current definition of personal information and now requires new data breach security terms and conditions in every state contract dealing with confidential information. From this article, the bill also states, “Not later than October 1, 2017, each company shall implement and maintain a comprehensive information security program to safeguard the personal information of insureds and enrollees that is compiled or maintained by such company,” the bill states, adding that the security program will need to be in writing and contain appropriate administrative, technical and physical safeguards.

This bill also addresses the issue of data encryption, and explains that all personal information that is being transmitted wirelessly or on a public internet connection must be encrypted. Sensitive personal data must also be encrypted on laptops and other portable devices.

When Will Your Data Breach Happen?
David Kwag March 13, 2015
Data breach

 

When Will Your Data Breach Happen?

IT security is a growing threat for businesses of every industry and no organization can be seen as safe. Hackers are learning new methods to attack web sites and networks. Most of the time employees have easy access to company information and are often unaware of how to detect and prevent these breaches because of a lack of training or lack of security for this information. The question is not if, but when will a data breach happen?

It is very clear that data breaches can no longer be protected by perimeter security. The perimeter continues to fade as a result of increasing connectivity between 3rd party partners and vendors, along with