Blog

Collecting Laptops From Terminated Employees? Protect Unstructured Data
Cybersecurity Data breach Data security Insider threat Privacy Secure collaboration

Protect data on laptops from terminated employees I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

Fasoo Helps Customers Control Unstructured Data at Gartner Security and Risk Management Summit 2018
Cybersecurity Data breach Insider threat News
Fasoo shows unstructured data security at Gartner SRM 2018

This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on reducing business risk through improved cybersecurity that focuses on protecting data as users create and share it.  One area of concern to many organizations is how to find and protect sensitive data without impacting how employees and customers work.  Data protection regulations, like GDPR, are making things more complicated, but companies need to balance security with productivity.

At the Fasoo booth, a lot of people talked about issues with combining different technologies that still focus more on protecting the location of data rather than the data itself.  One executive from a manufacturing company talked about how her DLP system can tell them that sensitive documents were shared with external parties, but can’t really control their access or stop them from going out.  This is a common concern as companies use DLP, CASB and other technologies that can’t control access everywhere.

Is Encryption Really That Hard?
Cybersecurity Data breach Data security Insider threat

Is Encryption Really That Hard?The problem today is sensitive information is leaking from organizations like a dripping faucet.  The recent Equifax data breach is just the latest example of a constant barrage of leaks in the news.  All the experts say the best way to stop data leaks is by encrypting sensitive data.

So why isn’t everyone doing it?   What’s the problem?  New regulations are now in place that mandate encrypting sensitive data, NYDFS part 500 and GDPR being two of the most visible.

It’s not like using an Enigma machine to manually encrypt a message.  Today’s encryption mechanisms are easy to use and fit into the daily work of employees everywhere.

You Need Data-Aware Protection Mechanisms
Cybersecurity Data breach Data security Insider threat

You Need Data-Aware Protection MechanismsData breaches pose one of the greatest threats to business and government.  With the recent data breach at Equifax magnifying the problem of data loss in businesses and the public sector, it’s time for organizations to think hard about using data-aware protection to safeguard sensitive information.

The ever-changing cybersecurity landscape requires organizations to evolve beyond merely protecting the network perimeter and end-points to implementing protections on the data.  When data breaches are successful, the costs can be staggering.  How much will it cost Equifax to offer credit monitoring to millions of people?  What makes these data breaches so disheartening is that many could be avoided or mitigated by modernizing legacy IT systems and protecting information at the data or document level.

Fasoo Helps Customers with Compliance at Gartner Security and Risk Management Summit 2017
Cybersecurity Data breach Insider threat News

Fasoo helps customers comply with GDPR and NYDFS 23 NYCRR 500This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on managing and mitigating risk to a business and how to  improve cybersecurity through data-centric protection.  One area of concern to many organizations is how to comply with some of the newer cybersecurity and data protection regulations, like GDPR, as governments are trying to improve customer and business data security.

With all the recent malware, ransomware and data breaches, there was obviously a focus on how to prevent harm to one’s business.  As businesses move more into the realm of digital business, the concept of trust is becoming a larger issue.  If your customers do not trust you with their data, they will be less likely to do business with you.

You Really Need Persistent Data Protection
Cybersecurity Data breach Insider threat

You Really Need Persistent Data ProtectionDespite significant security investments made by organizations, data breaches of sensitive information continue at an alarming rate. There are many contributing factors to this situation such as the ever increasing rate of data collection as well as cloud computing, outdated security standards and controls, and flawed applications with security vulnerabilities.

Today’s bad guys are well funded, skilled and organized. When they set their sights on something like personal health information (PHI) or intellectual property (IP), they are quite effective at getting at the crown jewels.

For so long, organizations have spent their money, resources and time on traditional approaches like network, device and application security. While these fundamental security measures are still necessary, relying on them solely isn’t enough today.

Data-Centric Security in the Boardroom
Data breach Data security Mobile security Print security Privacy Secure collaboration

Boardroom Data Security starts by protecting board communications and documentsWith so many high profile data breaches in the public eye recently, cyber security is now front and center in many organizations.  Globally cyber attacks and data leaks are daily threats to organizations, reminding everyone that we are all potential targets. Attorneys are warning about potential individual liability for corporate directors who do not take appropriate responsibility for oversight of cyber security while investors and regulators are pushing boards to step up their oversight.  As a result, corporate boards have woken up to the call that they must address cyber security issues on their front lines, as it is no longer just an Information Technology issue.

4 Reasons You Need Enterprise Digital Rights Management
Data breach Insider threat Privacy

4 Reasons You Need Enterprise Digital Rights ManagementIn today’s business world, information security, regulatory compliance and data governance requirements are driving a top to bottom change in how we manage corporate data.  As the walls of an organization blur, new business models make the definition of employee, business partner and corporate information difficult to define.

Many companies allow employees to work from any location at anytime using any device.  Outsourced functions today range from design to manufacturing to finance and human resources.  If I outsource manufacturing or finance to a third party, how do I define my corporate boundary for data, since my sensitive information is in the hands of a business partner?  Add to this the real threat of external hackers and insider threats from employees, contractors and the third parties I use for key business functions.

How do you protect the most important information in your business?

Stop Accidental Data Breaches Through Errors
Data breach Data security Insider threat

“Clerical Error” in Georgia Results in Data Breach of 6 Million Voters

Clerical Error in Georgia Results in Data Breach of 6 Million Voters

A class action lawsuit was filed by two Georgia women alleging a massive data breach when Secretary of State Brian Kemp’s office released personally identifiable information (PII) of voters, including Social Security numbers, to the media, political parties and other paying subscribers.

Allegations include that the unauthorized information released in October in the voter lists also contained dates of birth and drivers’ license numbers.   Kemp’s office responded this was due to a clerical error where information was put in the wrong file and sent to 12 recipients on a disk.  It is unclear if it was an internal error or the fault of an outside contractor that caused the private information to be included in the file.

Bill Blake Presents to Institute of Internal Auditors on Fraud Prevention
Data security Insider threat News

Bill Blake presents to Institute of Internal Auditors on fraud preventionBill Blake, President of Fasoo, Inc., presented “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk” at the Rochester Institute of Internal Auditors 2015 Fraud Event at Mario’s Restaurant in Rochester, NY on November 20, 2015.

The conference focused on how to detect and prevent fraudulent activities in companies regardless of size.  In today’s high-risk environment members of finance departments need to be vigilant to detect suspicious activities from both inside the company and external sources. Bill highlighted how Fasoo’s data-centric security can offer the best level of protection for confidential information from insider threats and hackers.