Tag: protect data

Choose Security Over ConvenienceOne of the problems of implementing security is that people perceive it as an inconvenience.  People always take the path of convenience because it’s easy.  Many years ago no one locked their doors because we weren’t worried that someone would come into our house and steal anything.  Over time that thinking changed and we all lock our homes and businesses before going out.

Many organizations think about data security and cybersecurity the same way.  While no one questions locking the doors to the office or manufacturing plant, some don’t think about locking all the doors to their sensitive information.  A common approach is to merely check the boxes to be compliant with a regulation or standard, but don’t think about the unique situation of your company.

A great example is the Target data breach a number of years ago.  The company was fully PCI compliant, which meant they checked all the boxes to protect their data, according to the standard.  Unfortunately they were attacked when someone hacked into their point of sales systems and copied millions of customer data records to locations outside the company.  In this case they were compliant, but not secure.

Another area of concern is file sharing services that offer limited security to control file access.  These may be consumer grade and perfectly fine to share pictures and school reports, but do not have the type of controls needed to protect sensitive business or customer information.

Minimizing cybersecurity threats and the damage they can cause requires organizations to develop and implement a cybersecurity plan.  This includes discovering what sensitive data you have, determining where it is and deciding how to protect it.  You need to limit data and system access to authorized users and ensure that you can account for any access to sensitive data with a complete audit trail.

Some of the new regulations and data breach protection laws may give guidance on how to protect your sensitive data.  The recent financial industry cybersecurity regulation in New York (NYS ­DFS 23 NYCRR 500) stipulates that financial organizations doing business in New York must encrypt all nonpublic data at rest and in transit.  They also must ensure access control to only authorized users and provide an audit trail to prove who had access to that data.  This also applies to third party service providers that may have access to this information.

Daily data breaches and their consequences are now priority at the board and executive level.  The NYS DFS regulations hold senior executive responsible for ensuring they comply.  The new US presidential administration has talked about making cabinet secretaries and agency heads responsible for their agencies cybersecurity.

It’s time to get serious about protecting your information.  Implement solutions that cause minimal disruption to your business but give you the protection you need.  Train your staff so they understand the value of security in their everyday lives.  Always choose security over convenience when sensitive data and privacy might be at risk.


Photo credit Yudis Asnar

Securing Information While SharingIn a recent article entitled “Securing Information for a Shared Services Infrastructure”, Richard Freeman from Ricoh Canada talked about the need to secure information as companies share it internally and externally.  The focus of the article is how an organization must look at balancing the need to efficiently share information without compromising privacy, protection of intellectual property and other sensitive data, or financial and legal risk.

As is evident from all the news about data breaches and cyber threats, the challenge today is to thwart the bad guys from stealing your sensitive data.  While many organizations still focus on protecting servers, networks and end-point devices, you have to secure and control the information itself.  Since most of the data created today is unstructured content stored in documents, protecting the documents from inadvertent or malicious access should be the primary goal to ensure that authorized users can collaborate efficiently and securely.

The answer lies in the infrastructure design using two foundational layers – data and people.

Information can be protected at the data layer by securing and controlling it regardless of where it is stored, how it is transported or the way it is consumed.  This data-centric approach emphasizes the security of the data itself rather than the security of networks, servers, or applications.  Using a data security framework allows organizations to protect, control and track their data regardless of its location and assign policies and granular permission control to accommodate secure sharing in a dynamic business environment.

A data security policy should maintain a balance between security and productivity to allow different users to perform business operations on multiple devices without interruption.  This is why security policies on data should be people-centric.  The policy should be flexible and dynamically enforced based on rich context including content, user, device, time, and location.  Even though a flexible policy is in place, organizations need to allow exceptions to minimize productivity issues.  Data security policies are constantly challenged by the unpredictable nature of data usage in a business environment.  The data security framework has to support dynamic changes that permit exceptions to allow people to do their jobs.

Properly applied, this framework allows secure collaboration in the office or while mobile, protects against insider threats and allows the flexibility to meet the requirements of a constantly changing business.


Photo credit WOCinTech Chat

Book a meeting