Blog

Enterprise DRM and DLP: Comparison Made Simple
Application Security Testing Data security Insider threat IP Theft Sensitive Unstructured Data

 

DLP (the traffic cop) vs. DRM (the armored truck)Like digital rights management (DRM) for the enterprise, data loss prevention (DLP) solutions have recently seen a resurgence. Both aim to protect sensitive documents against leakage and exfiltration. Those looking to deploy or expand one or the other frequently weigh DRM vs. DLP. But how helpful is this “either/or” perspective really?

Digital Rights Management Helps the FDIC Proactively Address Cyber Security
Cybersecurity Data breach Insider threat

Digital Rights Management Helps the FDIC Proactively Address Cyber SecurityThe Federal Deposit Insurance Corporation (FDIC) will implement Digital Rights Management (DRM) software to prevent unauthorized redistribution of digital information.  This is in reaction to security incidents where departing employees accidentally took sensitive files on portable media.  According to numerous studies, trusted insiders pose a greater risk to sensitive information than hackers and cybercriminals.

I applaud the FDIC for taking this key initiative to proactively protect and control its most sensitive information.  DRM will help prevent unauthorized access and distribution of sensitive files regardless of location or device.  It can limit a user’s ability to view, edit and print and can even limit the validity time for accessing sensitive information.  This applies to both internal and external users.

Home Depot to Pay Big for Data Breach
Cybersecurity Data breach

Home Depot to Pay Big for Data BreachData breaches are beginning to cost companies a lot of money.  This isn’t potentially lost revenue or brand damage, which may be hard to measure.  This is cold, hard cash.

Home Depot has agreed to pay as much as $19.5 million to compensate consumers for the data breach it suffered in 2014 that affected more than 50 million cardholders.  That figure includes $13 million to reimburse customers for losses and $6.5 million for a year and a half of identity protection services.  They have also paid out or plan to pay $161 million in total for costs related to the breach.

As part of the settlement, the company agreed to improve data security and hire a chief information security officer (CISO).  That’s good.  As is common in these cases, the company did not have to admit it did anything wrong.  Not good.  I understand this is common in these settlements, but I find it unfortunate, since the customers are affected by the negligence of the company.  To me this is like saying that if I left my front door open and somebody came in and robbed me, it isn’t my fault.  Companies must take data security seriously, but many of them do not even do the basics of locking the front door.

5 Steps To Protect Your HR Data
Data breach Data security Insider threat

5 Steps to protect your HR dataI recently wrote an article about the security of sensitive information in the HR department.  While everyone interacts with the people in human resources, most of us don’t think about all the sensitive information they have.

Most of us think about benefits and our 401K when we think about dealings with HR, but there is a lot more sensitive data that is under their control.  They also deal with your healthcare information, information about your spouse and family, customer financial information, employee resumes and salaries.  They also know when you have given notice to leave the company or when you change jobs in your current company.  Add to this the responsibility of developing and circulating company policies and a wide variety of interoffice communications.

Sharing company, employee and customer information with authorized internal and external users poses a unique security challenge for any organization, since HR needs to limit access to sensitive information.  While HR may be the first line of entrée into a company, they are also the first line of defense to protect some of the most confidential information in your company.

Stop Accidental Data Breaches Through Errors
Data breach Data security Insider threat

“Clerical Error” in Georgia Results in Data Breach of 6 Million Voters

Clerical Error in Georgia Results in Data Breach of 6 Million Voters

A class action lawsuit was filed by two Georgia women alleging a massive data breach when Secretary of State Brian Kemp’s office released personally identifiable information (PII) of voters, including Social Security numbers, to the media, political parties and other paying subscribers.

Allegations include that the unauthorized information released in October in the voter lists also contained dates of birth and drivers’ license numbers.   Kemp’s office responded this was due to a clerical error where information was put in the wrong file and sent to 12 recipients on a disk.  It is unclear if it was an internal error or the fault of an outside contractor that caused the private information to be included in the file.

Is There a Sure Fire Way to Restrict Access to Employee PII?
Data security Insider threat

Data protection in Human ResourcesI recently wrote an article about protecting confidential data that flows through the HR department.  This is an area that many people forget when thinking about the most sensitive information in an organization.

Everyone thinks about the obvious, like maintaining information about current employees.  But there are many other pieces of sensitive data flowing through HR.

Resumes and personal information about potential employees come into the HR department as managers post job requisitions.  In today’s world, candidates require criminal background checks and drug tests that need to be kept confidential.  As a company hires people, references, existing health information, 401K data and salary details are maintained by Human Resources personnel and inside information systems they access.

Data Breaches on Record Pace for 2015?
Data breach

Data Breaches on Record Pace for 2015?

Earlier this month, an article recorded that data breaches in 2015 are on pace to break records both in the number of breaches and records exposed. In 2014, the numbers of US data breaches tracked by the Identity Theft Resource Center hit a record high of 783, with about 86 million confirmed records exposed. So far this year, as of June 30, the number of breaches reached 400 and additionally, about 118 million records had been confirmed to be at risk.

We all have heard about the government data breaches that have reached the headlines but in addition to those, some other major data breaches which have exposed more than 92,000 people’s personal information are three separate organizations in very different industries. Florida’s Orlando Health, California’s Cuesta College and Michigan’s Firekeepers Casino recently acknowledged data breaches.

Data Encryption is Now Mandatory, Are You Prepared?
Data security

Data Encryption is Now Mandatory, Are You Prepared?

On July 1, Connecticut’s Governor Dannel Malloy signed legislation that expands the current definition of personal information and now requires new data breach security terms and conditions in every state contract dealing with confidential information. From this article, the bill also states, “Not later than October 1, 2017, each company shall implement and maintain a comprehensive information security program to safeguard the personal information of insureds and enrollees that is compiled or maintained by such company,” the bill states, adding that the security program will need to be in writing and contain appropriate administrative, technical and physical safeguards.

This bill also addresses the issue of data encryption, and explains that all personal information that is being transmitted wirelessly or on a public internet connection must be encrypted. Sensitive personal data must also be encrypted on laptops and other portable devices.

Fasoo Shows How to Protect Data in the HR Department
Data security Insider threat

IT Business Edge shows how Fasoo protects HR dataHR departments have a unique set of security challenges to maintain the confidentiality and integrity of internal staff and external clients.  While maintaining the confidentiality of personally identifiable information (PII), they also develop and share information that needs wide distribution.

Managing these somewhat contradictory requirements requires an approach that is flexible enough to protect against insider threats, while enabling secure sharing.

IT Business Edge has published the slideshow, “Data Protection: Five Challenges Facing the Enterprise HR Department”, that highlights five functions of an enterprise HR department and how Fasoo can help meet the specific access and permission requirements for different tiers of information.