Blog

It Takes a Village to Raise a Child, Right? It Takes a Team to Develop a Data Governance Strategy!
Cybersecurity Data breach Data security Insider threat Print security Privacy

Define a Practical Data Governance Plan for Unstructured DataThe phrase “It takes a Village to raise a child” is true.  But it is also true that it takes a team to develop a data governance and policy management strategy!

Teamwork is important when developing a data security strategy. As part of that process, data governance and policy management needs to be part of the equation. It’s becoming more and more clear that organizations struggle with policy management – particularly with unstructured data. The very nature of unstructured data leaves it vulnerable to exposure and loss. Insider threat is of particular concern because while hackers typically attack structured databases, your employees and other valued insiders are accessing those databases on a regular basis. The insiders can download sensitive information into spreadsheets and reports. They are accessing your intellectual property, such as product designs and roadmaps. It’s the insiders that will walk off with those designs and sell them to your competition or bring it to a competitor to jumpstart the next phase of their career. The loss of this information will not only cost you revenue, but can also result in a regulatory fine. Who can afford that?

Geese at the ISMG Cybersecurity Summit in New York? It’s all about teamwork!
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Work as a team for unstructured data securityLast week, Fasoo sponsored and participated in the ISMG Cybersecurity Summit in New York City.   It was a great event, well attended and in the Theater District and the ISMG folks were awesome to work with!

As part of our sponsorship, Fasoo had a 10 minute Tech Spotlight where, rather than providing a “death by powerpoint” tech dump, we thought it would be good to get everyone thinking about working together as a team with respect to their data security initiatives by following the example of geese. Below is the recap for the greater audience.

Getting Granular: Why You Need Granular Access Controls
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

Granular access controls are important to protect unstructured dataIn our last post, we said “Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example. If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security.” And we meant it.

Now,  you might be asking yourself “What does it mean… granular access controls?” And the answer is simple.

Granular permissions or access controls means you grant specific permissions or enable actions when a user opens a file.  This means you can either allow or prevent a person from doing things in a file when it is open – or “in use” – and since data in use is really difficult to protect, wouldn’t it make sense to add this layer of protection?  By applying granular access controls, you can prevent someone from copying and pasting, taking a screen shot, or printing based on the classification of the file and security policy applied to it.  Users can be either granted or denied specific actions when a document is open.

Your Sensitive Data is at Risk: How Do You Manage Insider Threats?
Cybersecurity Data breach Data security Insider threat Print security Privacy

Protect against insider threatsPicture it.  Your employees access sensitive and confidential customer information every day so they can do their jobs. Once the data leaves the protected confines of an information repository, file share or cloud-based service, your authorized users can share it with anyone, do anything with it and compromise your customer’s confidential information or your intellectual property.  As a result, you may be subject to regulatory fines, not to mention losing customers because they can’t trust you to maintain their confidentiality. And as for IP?  It could get in the hands of your competition, threatening your business.

What do you need to do?  You need to persistently protect confidential data so that customer information and your IP is protected regardless of where it goes and who has it.  Through a file-centric approach, you need to close the security gap that allows you to share sensitive data with unauthorized users by applying granular access controls to sensitive data.  Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example.  If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security. 

I Want YOU…
Cybersecurity Data breach Data security Insider threat Mobile security Print security Privacy

PrivacyTo think about stronger data security and privacy protection! But first, I want you to think about the millions of heroes who have served our country.

As we approach the 4th of July, I wanted to take a moment to recognize the heroes in the many branches of the U.S. Military.  From myself, and on behalf of the entire team at Fasoo, THANK YOU for your service!

And while thinking about those who have put themselves at the first line of defense, defending our country and fighting for our freedom, we are still fighting for privacy and stronger data security.  As individuals, we are required to provide tons of personally identifiable information to our doctors, lawyers, employers and financial institutions – trusting that they will safeguard our information.  But data leaks still happen!  So we know we need to take data security and privacy seriously.

Now, I don’t want this discussion to turn political, but it was brought to my attention (thanks, Rick), in an article published by ZDNet that “The US State Department will now require new visitors to the United States to hand over their social media account names as well as email addresses and phone numbers used over the past five years.”

I remember when I was a kid, the USA was referred to as “The Great American Melting Pot” where people were welcomed from all over the world to come here and live their dream!  Freedom.  In fact, my own family migrated from Hungary and settled in Pennsylvania in the early 1900s.  Of course, this was long before the digital age.  Back then, the information collected, while personally identifiable in nature, was not nearly as much in terms of “volume”.  So while people are still coming to this country to live their dreams, the data requirement to do so is a magnitude far above what it used to be, exacerbating the amount of data that needs to be protected.   So what I am saying here is that these visitors’ dreams should NOT include the fear of identity theft and/or exposure of personal data.

In the digital age, our thirst for knowledge and expression has us willing to give information in exchange for merchandise, a whitepaper, maybe even recognition.   And we should be able, with trust and the freedom to do so, without fear.  So at the risk of misquoting one of our Founding Fathers, those who would give up personal data for essential freedom, deserve both privacy and security.

So fire up the grill, add another hot dog or hamburger, tofu for my vegan friends, crack open a beer or have some wine.  Enjoy your friends, family and freedom and by all means, please have a safe holiday!

By Deborah Kish – EVP Research & Marketing

Another day, another… $853K?
Cybersecurity Data breach Data security Insider threat Privacy

HIPAAThis has been on my mind. A lot. Every day, I open my email to find news about how a company needs to pay a fine or a fee to either an individual or a regulator because data was leaked or stolen. This one in particular caught my eye because it is a classic example of data being accessed by likely the wrong individual and shared with someone who should definitely not have been able to see it. This one seems to be an access control and encryption play.  If they were in place, this healthcare entity wouldn’t have to shell out $853K and violate HIPAA regulations in the process.

And this one! It dates back to 2015, but it is still one of the largest hack attacks to date, and the settlement (which was just reached) is nearly $1 million dollars!  All because a sophisticated attack allowed the hackers to steal user credentials and 3.5 million patient records.   As a result (besides the $900K) MIE has a laundry list of technologies they will be required to invest in as well as implementing “controls during the creation of accounts that allow access to ePHI”.

This tells me something.  It tells me that there are still so many companies that do not have strong sensitive data security and privacy controls in place.

And, it leads me to feel even more strongly about the “file centric” approach. A file centric approach means that you are focusing on the actual data, (in both of these cases, PII) rather than the location of the data. Encryption and access control in these cases could have made a significant impact and saved; the victims of the breaches from potential harm like ID theft AND the entities themselves a lot of money.  I’ll be talking more in detail about this in my upcoming webinar “Overcoming Unstructured Data Security and Privacy Choke Points” this Thursday, June 6th at 1:30 pm. I’ve embedded the link so you can go ahead and register.

See you then!

By Deborah Kish – EVP Research & Marketing

Top Four Security Predictions For 2017
Cybersecurity Data breach Data security Insider threat

Top Four Cyber Security Predictions For 20172016 has been an epic year for cyber security and data breaches.  From recent hacks at Yahoo and LinkedIn to problems at the FDIC and stolen intellectual property from Glaxo-Smith Kline, this year has been a boon for data breaches large and small.

The past year has shown us that malicious attacks and inadvertent mistakes continue at an alarming rate and the consequences are legal, financial and brand reputation woes.

So how will 2017 fare?  Will we see more of the same or a change in the cyber security landscape?

Here are four security predictions for 2017.

1. Cyber Security Legislation will Change the Face of Business

Mobility and Prevention of Employee Data Theft
Data breach Data security Insider threat Mobile security

Use persistent data security to prevent data theft in a mobile worldGone are the days when everyone came into the office everyday for work.  Changes in work habits have brought substantial growth in mobility adoption within the workforce and security challenges have followed.

Today’s employees increasingly work from outside the office and they use a number of mobile (often personal) devices to complete their daily business tasks.  Gallup’s Work and Education Poll from August 2015 points out that telecommuting for work has climbed up to 37 percent in the United States.

A June 2014 survey by Gartner points out that approximately 40 percent of U.S. consumers who work for large organizations said they use their personally owned smartphone, tablet, desktop or laptop daily for some form of work.  Mingling business and personal data can and does cause major security problems, since all of us may inadvertently share sensitive company information with the wrong person.