Judges looked at criteria, including innovation, performance, ease of use, functionality, value, and impact, for the award.

How long do you have to report a data beach? In many scenarios it depends what state your organization resides in.

Endpoint DLP is an additional data loss prevention tool that can help protect your enterprise from losing sensitive data. What Is Endpoint DLP? Endpoint data loss prevention extends to endpoint devices that are used to access sensitive, stored data. Endpoint DLP protects data in use, in motion, and at rest. What Is Data Loss Prevention? Data loss prevention is the practice of monitoring, detecting, and preventing potential cybersecurity data breaches, including the illegal transmission, exfiltration, and destruction of sensitive data. DLP incorporates a set of tools and practices to ensure vital data isn’t stolen, leaked, misused, lost, or accessed by unauthorized users. DLP Data Life Cycle Stages DLP provides complete data visibility in the network, at all stages of its utility and transmission. A comprehensive DLP solution targets data at three stages: Data in use: DLP safeguards data while in use by an application or endpoint. It also encompasses protecting data when it’s being accessed, modified, or processed. This is typically done through authentication, authorization, and identity access control. Data in motion: Securing the safe transmission of confidential, proprietary, and sensitive data as it passes through networks, including email and other messaging systems. Encryption is the primary mode of protection here. Data at rest: Safeguarding data stored in a storage location, computing device, database, or server, including cloud-based systems. Authentication, encryption, and user access controls are used here for protection. DLP should be an important aspect of the overall security strategy and posture of an organization. A DLP solution can be deployed at the network, endpoint, or on the cloud. Network DLP vs. Endpoint DLP vs. Cloud DLP DLP solutions emerged to protect and prevent companies from risking the loss of confidential and proprietary data, either inadvertently, or due to data leakage or insider threats. Endpoint DLP As its name implies, endpoint DLP monitors all endpoints. These typically consist of laptops, desktop computers, servers, mobile, and IoT devices. The list includes any device or component on which data resides, data is used, saved, or moved. The role of endpoint DLP is to monitor these devices to ensure data loss, leakage, or misuse doesn’t occur. Endpoint DLP has grown in importance and prominence with most companies adopting a bring-your-own-device (BYOD) policy with their employees. The implementation and company-wide rollout of endpoint DLP is more challenging due to its scope. Hence, its deployment can be an intimidating prospect for most organizations. However, there are some effective endpoint DLP solutions that don’t require complicated and time-consuming execution. To protect sensitive data such as intellectual property, organizations run endpoint discovery scans and execute remediation actions. Network DLP These are the most common DLP solutions. Network DLP’s primary role is to provide visibility into the type of data being sent through a network. Network DLP is efficient and well-rounded at safeguarding data in motion. To do so, it analyzes the network activity and traffic passing through what is mostly a traditional network. So, it monitors the network in order to detect when proprietary, confidential, business-sensitive data is transmitted in violation of company policy. However, its focus on network communication means that it’s mainly limited to protected data in motion. Moreover, experts point out that network DLP isn’t capable of protecting an organization from the harm that comes from insider threats. Cloud DLP This is effectively a subset of the network DLP and is tasked with protecting data on remote cloud systems. This encompasses data residing with cloud providers and software-as-a-service applications such as Microsoft 365 Outlook, Dropbox, Google Drive, Asana, and Jira. Cloud DLP protects data in the cloud. It primarily does this through scans and audits to determine the presence of sensitive data, subsequently encrypting it before it’s stored in the cloud. It fortifies this by generating a log that records when confidential, cloud-based data is accessed. It also alerts system administrators and IT operators in the event of anomalous activity or the threat of a breach. Moreover, offices are shifting more than ever to remote workforces or hybrids of this configuration, with tools like Slack and Google Drive. Are All of These Necessary? Should an Organization Implement all Three? For comprehensive security, organizations should endeavor to deploy all three DLP types. Used together, each plays a comprehensive role in the overall data security of an organization. For instance, endpoint DLP offers data visibility beyond an organization’s network. As a result, it’s vital for keeping the data on devices outside the network’s scope safe, which is especially relevant for those that connect remotely. By installing agents at endpoints, endpoint DLP is capable of accessing, scanning for, and ultimately protecting sensitive data. Network DLP monitors the network, especially for malware activity, suspicious file transfers, or data exfiltration efforts. It also reports on network bandwidth usage to establish a baseline of operations to detect anomalous activity by suspect actors. As remote staff and in-office employees transfer data back and forth between corporate communications networks and endpoint devices, a comprehensive DLP solution is necessary to add a robust extra layer of data security. How Does a DLP Solution Work? The centerpiece of creating a DLP solution is basically two-fold: First, determine if a particular operation is legitimate or possesses a threat to corporate data. Second, take steps to keep the data protected and secure. This scenario is an example of how a DLP solution works: A rule identifies when an incident occurs; for example, when a user attempts to copy data to a USB or removable device. The DLP solution prevents the data from being copied. The DLP solution generates a report, which triggers an alert notification to an IT security officer. DLP software is designed to detect misuse and threats through content awareness and contextual analysis. Content awareness involves analyzing documents to determine if it contains sensitive information. On the other hand, context analysis examines only metadata and properties of a document like its size, format, and header. Pattern Matching Context analysis uses pattern matching to determine whether a document’s content contains sensitive data like social security numbers, credit card numbers, or HIPAA information. Once the DLP software detects a matched pattern with confidential data, it proceeds to issue an alert to warn of violations and trigger an incident response. The analogy often used to explain this is to equate the content to a letter while the context represents the envelope used to send it. So, while content awareness analyzes the content, context encapsulates external factors like header, size, or format which lets us gain intelligence regarding the content of the envelope. The technical implementation of context analysis often involves the use of regular expressions, also known as regex. Context-based classification is paramount for protecting intellectual property, whether it is stored in a structured or unstructured form. DLP Use Cases Identifying and Preventing Sensitive Data Loss DLP assists businesses in identifying security incidents such as data breaches and hardening the IT infrastructure to avert the loss of confidential company data such as valuable intellectual property. This also includes applying different levels of trust to different devices, especially portable ones. DLP offers additional levels of protection for file transfers and sensitive data in motion by ensuring they are automatically encrypted. Data Discovery, Visibility, and Regulatory Compliance The sensitivity of data in the modern age means that organizations face a lot of oversight in their handling. Therefore, DLP helps companies to cover a broad range of government standards and requirements. One of the roles of endpoint DLP is the discovery and classification of proprietary, confidential data for compliance and reporting purposes. In addition to intellectual property information and proprietary data, DLP protects the treatment of personally identifiable information that falls under the auspices of privacy regulations like HIPAA, GDPR, PCI DSS, and so on. A major part of the regulatory requirements for these agencies is that organizations know where data is stored, especially at endpoints, or run the risk of non-compliance and face deep fines. Protecting Against Data Leakage at User EndPoints Endpoints such as laptops and mobile devices are very susceptible to data leakage because they are prone to connecting to unsecured networks. In addition, they are more likely to be stolen, misplaced, or damaged. Due to the massive growth of IoT, endpoints can also provide a conduit through which attackers can gain access to internal networks. Implementing DLP on endpoints helps monitor access to confidential and sensitive data on those devices. Best Practices for Endpoint DLP Adopting best practices helps to fortify your DLP endpoint implementation. Here are a couple of DLP best practice strategies to consider.

Digital rights management and DRM encryption go hand in hand; however, understanding how they work together is key to keeping your media protected.

Files and documents are the primary tools for chronicling and sharing information. While helpful, collaborating like this can raise privacy concerns for businesses because documents may contain business secrets, proprietary information, and personally identifiable information (PII). The most secure document collaboration tools for businesses prevent data loss, theft, and misuse while preserving their organization’s competitive advantage. What Is Secure Document Collaboration? Secure document collaboration enables individuals, typically workers, to share files, information, and sensitive data in a simple, safe, and protected manner. They foster collaboration by allowing several users to simultaneously work on a single document while maintaining its privacy restrictions. The Features & Capabilities You Should Look for In Secure Document Collaboration Tools Generally, any secure document collaboration tool should have a couple, if not most, of these features: Robust security features: The best document collaboration software incorporates security features like encryption and authentication processes to protect the integrity of its content. Tracking workflow changes: This allows team members to monitor progress, especially by seeing who has made what changes and holding people accountable. Document management: This includes the ability to draft, create, edit, save, and publish documents to a specified audience. Comments and feedback: This allows members to provide feedback that facilitates asynchronous collaboration and messaging. Consolidated data and communications: This centralization fosters quick task completion and eliminates the need to switch back and forth between multiple apps. Top 5 Document Collaboration Software 1. Digital Guardian Secure Collaboration As a secure collaboration tool, Digital Guardian Secure Collaboration incorporates the notion of perimeter-less, zero-trust security. Most secure document tools are adept at protecting sensitive information within the confines of the platform. However, unlike the product, they cannot offer protection once the data leaves the network or application platform. The product is different because it can track data once it leaves the confines of your network or endpoint. Users can also dynamically revoke access to leaked information or information mistakenly sent to the wrong user. Common Features and Use Cases The product can protect data when it leaves managed system environments. Facilitates zero-trust file sharing with portable, persistent data security and encryption. Documents are inspected for malware, cyber threats, and sensitive information before transfer is permitted. Allows granular security implementations that can be based on policy and classification. Pros Provides total control over documents wherever they travel. The product's Always-on File Security bundles encryption, data protection, and digital rights management into a secure document collaboration tool. Ensures your valuable data is safe throughout the document’s collaborative orbit. Cons The lack of a tiered pricing model disfavors small business enterprises. 2. Google Docs Google Docs is a free, cloud-based solution. It is also one of the most widely used document collaboration software. Its autosave capability is one of its most defining features, saving countless users from hair-pulling meltdowns due to the loss of critical information from unsaved work. Common Features and Use Cases Every change is automatically saved. Allows seamless online collaboration in real time. Provides ready-made yet customizable templates for various writing tasks. Facilitates the use of different permissions on the same document. Only browser, no special software required. Pros Allows users to sync changes from anywhere. Simple, intuitive interface with easy-to-use tools for editing and formatting content. Integrates seamlessly with other Google apps. Although web-based, it allows you to unlock offline editing on the Chrome browser. Cons While it’s good for commonplace editing tasks, it lacks advanced collaboration options. It doesn’t contain top-notch security features. 3. Microsoft Word Microsoft Word is a powerful word-processing software and part of Microsoft’s productivity suite. It is ideal for creating documents of the highest professional standards with visually appealing elements. Microsoft Word also comes with an extensive range of features. Common Features and Use Cases The ability to secure documents through passwords. Numerous templates and ready-made designs to choose from. The ability to incorporate graphic elements like 3D models directly into your document. Built-in language translator. Checking document readability scores. Pros A very user-friendly interface. Though there are alternatives in the marketplace, Microsoft Word still remains a top-notch product. Sophistication word processing features, including editing tools and a wide range of add-ons. Easy to create professional-looking documents. Cons

Learn about SOX compliance in Data Protection 101, our series on the fundamentals of data security.

How do you defend against data loss you can't see? The breaches you don't hear about? Our Wade Barisoff connects the dots between WWII airplanes and data protection to find the answer.

An independent editorial team and technical analysts praised Digital Guardian's quick deployment, on-demand scalability, and full visibility into data.

Enterprise is necessary for your business if you handle intellectual property or other sensitive information you want protected.

Enterprise file sharing, or enterprise file sync and sharing (EFSS), can help secure your documents and data when shared throughout your company.

What are trade secrets and what makes them so important? As an organization, when you identify a piece of information as a trade secret you should take steps to protect it and keep it from being disclosed.

Figuring out which type of access control you should use can be tricky but that’s where we come in. We walk you through RBAC, ABAC, and ACL to help you decide.

PII requires protection for both legal and reputational reasons, but if a data breach occurs, will your company still be able to protect this sensitive data? What Is Considered PII? Personally identifiable information is any information that could be used to identify a specific individual; this includes Social Security numbers, full names, and passport numbers. These are typically regarded as the traditional forms of PII. However, with the increased digitization of society and with it our online identities, the scope of PII has expanded to include personally identifiable financial information, login IDs, IP addresses, and social media posts. PII Data Classification PII data classification is a central part of the PII identification process, and it can be used to broadly differentiate between sensitive and nonsensitive PII. Nonsensitive PII This is the type of PII that can be easily obtained from public sources like corporate directories, the internet, and phone books. It can also be transmitted in an unsecured form without harming the individual or exposing their identity. This type of data usually consists of the following: Gender Zip Code Date of birth Place of birth Ethnicity This obviously isn’t an exhaustive list. However, it underlines the type of information about a person that doesn’t pose any threat to their privacy when made public. Sensitive PII This consists of personal information whose public exposure can be harmful to the individual. The risk of exposure often results in identity theft that damages the individual’s credit or compromises their financial wellbeing. Examples of sensitive PII include the following: Social security number Passport number Driver’s license Mailing address Medical records Credit card information Banking and financial information Risk also extends to organizations when sensitive PII in their possession is leaked or compromised. The organization breached suffers reputational damage and is often burdened with noncompliance fines. As a result, sensitive PII needs to be stored securely, usually by using strong encryption mechanisms. What Are Non-PII Examples? There is some overlap between non-sensitive PII and what is generally considered non-PII. Though non-PII may relate to an individual, the information is so general it will not point to the individual’s identity. Non-PII examples include information such as race, religion, business phone numbers, place of work, and job titles. Although nonsensitive PII and non-PII may contain quasi-identifiers, this type of data alone cannot be used to confirm a person’s identity on its own. However, when nonsensitive data is combined or linked with other personal linkable information, it can be used to identify an individual. So businesses should still exercise caution with non-PII since reidentification and de-anonymization techniques can be applied on them. Especially through piecing together several sets of quasi-identifiers to distinguish individuals and reveal their personal identities. Therefore, organizations should ask themselves two questions regarding the sensitivity of their data: Identification: Can this specific piece of data on its own be used to identify an individual? Data combination: Can several unique pieces of data be pieced together to identify someone? PII is a very malleable term and the precise contours of its definition depend on where you live in the world. For instance, the United States government defines it as anything that can “be used to distinguish or trace an individual's identity,” such as biometric data, whether in isolation or in conjunction with other identifiers like date of birth or educational information. In Europe, its definition expands to include quasi-identifiers as listed in General Data Protection Regulation. Why Is PII Important? Identification mechanisms are crucial in a functional society to distinguish one person from another. The individual markers that PII provides are necessary to acquire and disseminate goods and services in a market economy. Not to mention its importance for ownership and acquisition of capital. For instance, without PII, it would be impossible to have meaningful medical records to facilitate public healthcare or grease the wheels of commerce with credit and banking information. PII is also important to criminals who can sell it for a handsome profit on the black market. Why Is Safeguarding PII Important? As highlighted in the last section, PII is necessary for the flow of goods and services in a society. However, if left unprotected, PII leads to identity theft and other forms of fraud. This is because hackers find PII to be an extremely valuable target due to the variety of criminal activity it allows them to perpetrate. Some of the potential harm suffered by individuals may include embarrassment, theft, and blackmail. Data breaches not only create legal liability for the organization but also reduce public trust in the organization. Due to these risks, PII should be protected from unauthorized access, usage, and disclosure to safeguard its confidentiality. However, PII creates privacy and data security challenges for organizations that collect, store, or process it. Therefore, the importance of PII also stems from its impact on the information security environments of organizations and the legal obligations this demands. PII Security Best Practices PII has become so valuable to enterprises and bad actors alike that it needs a special security framework to protect it both at rest and in transit. In addition to the traditional methods of encryption and identity access management, this framework also encompasses document security measures such as data loss prevention, digital rights management, and information rights management. DRM includes data security measures that protect PII within the boundaries of the corporate network or firewalls. But while DRM is important to PII, its overriding objective is locking down data, intellectual property protection, and the monetization that goes with it. IRM, however, is based on zero-trust security, which essentially means an implicit distrust of the user or platform that has access to the data. To achieve this, IRM accompanies the data wherever it goes. Here are the six practical ways to ensure the PII collected by your organization is secure: Discover and classify PII: This starts with identifying and classifying all the PII an organization collects, accesses, processes, and stores. It also involves locating where this data is stored, especially sensitive PII, to better understand how it can be protected. Establish an acceptable usage policy: This involves creating a framework of policies that guide how PII is accessed. One of its key benefits is serving as a starting point for enacting technology-based controls to enforce proper PII usage and access. Create the right identity access and privilege model: Enforcing usage rights and access controls with identity access management. Establish least-privilege models so users only access the data they need at a given moment. Implement robust encryption: Deploy strong encryption algorithms to protect PII at all times. Delete PII you no longer need: Ensure you don’t store PII you no longer need because it can pose compliance and vulnerability risks. Therefore, create a system for safely destroying old records without accidentally destroying viable ones. Create training procedures and policies for handling sensitive PII: Use training and policies to emphasize how various types of PII should be stored and protected. How to Safeguard and Enforce PII Compliance One of the first points of order to safeguard PII is to understand where it is located. Once a business knows where its PII resides, it can subsequently embark on the necessary mechanisms to prevent its unauthorized disclosure.

Creating a detailed disaster recovery plan (DRP) can be a daunting and complicated task. Begin forming your plan by including the following five essential steps.

The latest phishing campaign targeting the industry involves a convincing looking Evernote landing page.

Information rights management may become the last line of defense when a hacker tries to gain access to your document. Will your security hold up?

Trying to prevent ransomware at your organization? Having backups in place and an incident response plan are only part of it. Here are some tips on preventing and mitigating ransomware attacks. According to a report by RiskRecon, publicly destructive ransomware events grew over 5x from 2017 to 2021. Ransomware is a type of malware that will block your legitimate access to a system until you pay up a certain amount of ransom or circumvent the attack through other measures. It encrypts the victim’s files, making them inaccessible, and threatens to delete them if the ransom isn’t paid. A recent ransomware attack hit farming equipment-making giant AGCO after the FBI warned that ransomware attackers are planning more attacks. Such attacks can be even more detrimental to the public when they attack hospitals, financial institutions, defense organizations, etc. Ransomware is generally delivered to the victim’s system through phishing, making an unsuspecting user click on a malicious link. Once ransomware is installed on the device, it starts encrypting files and sends an extortion note to the victim. What makes ransomware even more worrisome is that in many cases, attackers don’t unlock the data even when the ransom is paid. Businesses of all sizes are increasingly targeted by ransomware attacks, including small to medium-sized enterprises (SMEs). To make sure your system doesn’t get infected with ransomware, follow these simple tips. 1. TAKE REGULAR BACKUPS Ransomware works by encrypting and blocking your access to important data. If you have a current backup of all important data, there is less reason to worry. If you are ever hit by a ransomware attack, you can revert to a previous unencrypted version to regain access to your systems and data. Your backups should be stored offline and at a location where they cannot be targeted by attackers. Test your backups regularly for efficiency. If you do face an attack, make sure the backup isn’t infected before you roll back. Having a backup is probably the most important line of defense against ransomware. 2. USE A RANSOMWARE PROTECTION SOLUTION Use a ransomware threat protection software solution that is designed to detect and block threats. For instance, Digital Guardian’s ransomware protection solution filters out noise and provides deep visibility into advanced threats. 3. BEWARE OF PHISHING ATTEMPTS Ransomware is most commonly spread through phishing. Make sure you or your team doesn’t click on untrusted links. Most phishing attempts are done through emails so it’s important to avoid suspicious emails. Phishing awareness training should be given not just to the IT security team but to all employees of the organization. 4. SANDBOXING Sandboxing all communication, especially emails, can add protection to the system. Since human errors cannot be completely avoided, having a secure email gateway solution can be helpful in keeping your system ransomware-free. There must be email filters in place that filter out emails that might contain suspicious links or unknown file types. 5. CREATE AN INCIDENT RESPONSE PLAN With an incident response plan in place, the IT security team will know what to do if they do encounter a ransomware attack. The plan should define the roles and responsibilities of personnel along with the steps that need to be taken. It should also define the communication that needs to take place and stakeholders that need to be informed about the attack. Some actions defined in the incident response plan could be: • Communicating the attack details to customers and/or other affected parties • Steps to restore the data that has been lost • Steps to rebuild the network and computer systems When there’s a carefully designed plan, there will be no panic in case of an attack and the situation can be managed more easily. 6. HAVE THE RIGHT WEB SECURITY/FIREWALL TECHNOLOGY With a firewall, you can monitor and filter HTTP traffic to a web service. A firewall is the first line of defense against cyber-attacks. When your company uses web applications and APIs, you might be exposed to malicious traffic. With a firewall, you can filter out potentially harmful traffic. Make sure your firewall protects some specific ports such as RDP port 3389 and SMB port 445 as many ransomware attackers use these ports. A properly configured firewall will not just protect you against ransomware but also against other kinds of malware and other cyber threats. 7. KEEP YOUR SOFTWARE UPDATED This is a general line of defense against all cyber-attacks. Since software developers keep coming up with patches and bug fixes, keeping your system updated will cover all loopholes before they could be exploited. Whether it’s the operating system or other software that you run on your network, keeping them on auto-update will reduce your chances of being infected by any malware, including ransomware. IF YOU STILL GET ATTACKED While we have discussed ways to avoid being attacked by ransomware, if you still get attacked, the question is: should you pay? If you have an incident response plan and regular backups, there is no reason you’d have to pay. However, if you don’t have an updated backup and are being asked to pay up, it’s best to discuss these matters with law enforcement agencies. The FBI has expertise and insights on these matters, and they can guide you on what should be done next. You might also want to try some decryption tools to see if they can unlock your data. Some experts warn against paying up to ransomware attackers because there is no guarantee that your files will return back to their original state after you pay the ransom. In such a scenario, try getting help from law enforcement agencies. Following the best practices mentioned here will help you stay safe from ransomware and avoid being targeted.

Intellectual property protection requires more than filing a patent or submitting a copyright; you have to train your staff to be diligent in IP protection.

The OSI model includes seven layers that computer systems use to communicate over networks. Learn about the OSI Model layers and how they interact in this blog.

Learn about Security Information and Event Management or SIEM, how an organization can get the most out of its SIEM technology and best practices for implementing a solution in this blog.