Blog

Collecting Laptops From Terminated Employees? Protect Unstructured Data
Cybersecurity Data breach Data security Insider threat Privacy Secure collaboration

Protect data on laptops from terminated employees I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word).  Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them?  It also made me think, in a situation like this, how the potential for insider theft is far greater.

Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on.  These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.

Can You Stop Former Employees Taking Your Data?
Cybersecurity Data breach Insider threat

Can You Stop Former Employees Taking Your Data?It’s a good question and one that many organizations don’t think about thoroughly.  You take a lot of time onboarding an employee by doing background checks, checking references, and determining what information systems and data access the person needs to do her or his job.  You may have a comprehensive provisioning system that grants access to all applications and data.

But how about when someone leaves?  It’s great that you de-provision access the INSTANT someone becomes a former employee, but how do you protect the confidential data she or he may have been taking out each night for the last few weeks?  Organizations spend a lot of money guarding against cyberattacks from hackers and other external people, but many don’t do enough to protect their data from threats of former employees.

4 Reasons You Need Enterprise Digital Rights Management
Data breach Insider threat Privacy

4 Reasons You Need Enterprise Digital Rights ManagementIn today’s business world, information security, regulatory compliance and data governance requirements are driving a top to bottom change in how we manage corporate data.  As the walls of an organization blur, new business models make the definition of employee, business partner and corporate information difficult to define.

Many companies allow employees to work from any location at anytime using any device.  Outsourced functions today range from design to manufacturing to finance and human resources.  If I outsource manufacturing or finance to a third party, how do I define my corporate boundary for data, since my sensitive information is in the hands of a business partner?  Add to this the real threat of external hackers and insider threats from employees, contractors and the third parties I use for key business functions.

How do you protect the most important information in your business?

Follow Up: Data Encryption is the Answer
Data security

Follow Up: Data Encryption is the Answer

Even after suffering from a devastating data breach, National Association of Federal Credit Unions (NAFCU) is dismissing the idea that the data encryption rule should be implemented. Instead, they are saying the credit unions should follow best practices and look into other ways than encryption.

Just to refresh your memory, at the end of 2014, the National Credit Union Administration (NCUA) suffered a data breach when one of their own had lost a thumb drive containing personal credit union member information during a routine audit. That included names, addresses, Social Security numbers and account numbers for around 1,600 members worth around $13 million.

Spike in Data Breaches Affects Public Confidence
Data breach

Spike in Data Breaches Affects Public Confidence

The recent spike in data breaches this year, 24,000 news stories to be exact, has led to record low levels of confidence amongst the public about data security, according to Deloitte. Last year alone, only 5,474 data breach news stores were reported, and even less in 2012 with 4,023. This number alone does not mean a greater number of data breaches, but the increase in news stories has definitely raised the awareness amongst the public. Most of the reports have essentially been negative and have constantly brought awareness and have pushed even the government to be involved in creating reforms to put greater emphasis on making sure that organizations are accountable for the security of customers’ personally identifiable information (PII).

Former Employees Stealing Corporate Data
Insider threat

Former Employees Stealing Corporate Data

We hear of a lot of insider threats these days with disgruntled employees who have been fired but earlier this month, a former COO of an on demand startup left the company due to tensions with the founders and landed a job with their competition to aid in the company’s international growth. The issue here is that before he left, the former executive has been accused of copying a treasure of confidential data to his cloud account to be able to be used to solicit employees from his former company. Even though his account was shut down following his departure, it has been perceived that there is no supportable evidence that the former COO still has those confidential documents.

It can be seen that this kind of insider threat was a planned malicious insider attack involving stealing sensitive company information. The insider saw opportunity to benefit from this and the former company had little they could do in order revoke his privileges from access those files. It has been said in many headlines in in the past, it is all about protecting the data, and that even means being able to revoke access to those sensitive files that contain confidential data. In this case, it was not possible and thus lead to a big legal case between the two parties.

The Dangers of Insider Threats in Critical Infrastructure
Insider threat

The Dangers of Insider Threats in Critical Infrastructure

It is scary enough that intelligence officials say cyber security no trumps terrorism as the No. 1 threat to the U.S. With the most recent data breach attacks on the White House and Office of Personnel Management, this is just the tip of concern for the federal government. However, it gets even scarier when these breaches are insider threats on the nation’s critical infrastructure.

Based on research from a recent article, in April 2011, a lone water treatment employee allegedly shut down operating systems at a wastewater utility in Arizona in an attempt to cause sewage backup to damage equipment and create a buildup of methane gas. Luckily, automatic safety features prevented this from happening without an incident. Earlier that year, an employee recently fired from a US natural gas company also closed a valve, disrupting gas service to nearly 3,000 customers for an hour.

2014 is The Year of the Data Breach
Data breach Data security

2014 is The Year of the Data Breach

Without a doubt, 2014 is well on its way to replace 2013 as the highest year on record for exposed records. In the first quarter of 2014 alone a record 43% of American companies reported experiencing hacks according to a study released by the Ponemon Institute. According to the 2014 Identity Theft Resource Center Breach Report, in all the following categories combined (banking/credit/financial, business, educational, government/military and medical/healthcare) as of November 3, 2014 a total of 644 breaches have occurred with an estimated total of 78 million records being exposed. The highest industry of breaches has occurred in medical/healthcare with 42.4% (273 out of 644) of the total breaches, and the highest industry of records exposed is business at 82.6% (about 65 million records out of 78 million).

Government Pushes Organizations to Implement Stronger Data Security
Data security

Government Pushes Organizations to Implement Stronger Data Security

From the FBI, Department of Homeland Security (DHS) to the FCC all the way up to the White House is pushing for stronger data security measures amongst organizations that deal with sensitive customer information. Just last week, the FCC fined two telecommunication companies $10 million, for neglecting to protect over 300,000 customers’ personally identifiable information (PII). This is the FCC’s first data security case and its largest privacy violation action ever. The telecoms failed to encrypt to secure the online data which included Social Security numbers, addresses, names and driver’s license information, which meant that anyone could access it without entering a password.

It is no wonder that because of these lax security practices that identity theft has become the fastest growing crime in the U.S. In addition, Obama has signed an executive order in relation to make organization increase data security as well as push the charge for enforcement responsibilities for government.