Blog

Blog

ATF Official Caught Leaking Employee Data

CNN reports that an executive at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) was sending personnel data to a personal email account.
Blog

8 Tips for Securing Your Mobile Device

Mobile devices have become part of our everyday lives. While using these devices, whether it be a smartphone, tablet, or laptop, you are at risk of being a victim of a cybercrime. Here are some tips you can use to safeguard your devices against impending attacks.
Blog

Staying Secure While Staying Connected

With users reportedly spending an average of 162 minutes on their mobile device every day, the amount of personal information communicated can be a treasure to a hacker. Read on to learn how to use mobile devices and the web securely and privately.
Blog

Are Data Breaches A Victimless Crime?

Home improvement giant Home Depot is asking a court to dismiss a class action lawsuit against it stemming from a massive theft of credit card numbers from its corporate network last year. The argument: no harm was done as a result of the breach.
Blog

How to “Time-bomb” a Confidential File with Digital Guardian Secure Collaboration

Self-destructing messages are certainly attention grabbing, but there are many legitimate reasons to limit someone's ability to view or edit a file, by time, by usage, or even by role. We have customers today using this capability to manage job offers and term sheets that expire after a specific date. Some are even managing the lifecycle of business records and classified data types that must be destroyed after a certain number of days, weeks, or months.
Blog

6 Tips for Protecting Your Personal Data in the Cloud

Cloud computing brings critical convenience to our work and personal lives, but with that convenience comes security risks and challenges. These 6 tips offer some basic hygiene for cloud data protection that end users and businesses alike should follow.
Blog

7 Tips for Building an Effective Incident Response Plan

As more companies begin to accept the inevitability of data breaches, it is critical to be prepare for when a breach occurs. Use these seven tips to build an effective incident response plan for timely recovery.
Blog

Sally Beauty: When one Breach Begets Another

The beauty supply store acknowledged today that it was the victim of yet another data breach – the second in as many years. But where does one incident end and another begin?
Blog

Data Leak Prevention Tools: Experts Reveal The Biggest Mistake Companies Make Purchasing & Implementing Data Leak Prevention Software

Due to their size, enterprises have many security issues to consider when establishing a comprehensive data security strategy. One security need that is especially critical for larger companies - because they typically have many employees and large volumes of sensitive data - is proper data leak prevention. As a provider of data loss prevention solutions to many enterprise companies, we wanted to learn more about some of the most common (and avoidable) mistakes companies make when using data leak prevention tools. To do that, we asked a group of data security experts this question: "What's the biggest mistake companies make in purchasing and implementing data leak prevention tools?" See what our experts had to say below: Meet Our Panel of Data Security Experts: Mike Meikle Carlos Pelaez Anatoly Bodner Hitesh Dev Reuben Yonatan Bill Ho Brian Dykstra Paul Caiazzo Rich Silva Darren Guccione Michael Fimin Paul Kubler J Wolfgang Goerlich Paul Hill Carl Mazzanti Dave Blakey Luke Moulton Mark Stamford Dan Nelson Sorin Mihailovici Mike Meikle @mike_meikle Mike Meikle is Partner at SecureHIM, a security consulting and education company that provides cyber security training for clients on topics such as data privacy and how to minimize the risk of data breaches. He has worked within the Information Technology and Security fields for over fifteen years and speaks nationally on Risk Management, Governance and Security topics. He has presented for Intel, McAfee, Financial Times, HIMSS and for other Fortune 500 companies. He is also published writer with articles that have appeared in American Medical News, CNBC, CIO Magazine, Los Angeles Times and Chicago Tribune. He holds a Certified Information Systems Security Professional (CISSP), a Project Management Professional (PMP) and Six Sigma Green Belt. There are two big mistakes companies make in purchasing and implementing data leak / data loss prevention tools... The first is the lack of a data inventory and audit before a data loss prevention (DLP) tool is purchased. If a company does not know where its data resides, who its owners are, whether the data it stores is critical or non-critical and what data security regulatory requirements must met, then procuring and implementing a DLP tool before all these questions are answered is a path to failure. The next mistake that is commonly made is to treat the implementation of a DLP tool as a technology project, not a business program. When an enterprise commits to the implementation of a DLP product, it must realize that the hard work begins once the tool is in place. Data will have to be discovered, classified and categorized based on a variety of factors on an ongoing basis. It will move from a project to a long-term program that must remain staffed for the life of the product. If this is not done then the tool will eventually fall into disuse as staff is reassigned to other initiatives and executives place other priorities on the information technology department. A DLP tool and its program must be aligned with the business and have a business owner for it to be successful. Carlos Pelaez @talktolcp Carlos Pelaez is the National Practice Leader of cyber security firm Coalfire Systems Inc.'s practice area focused on serving Service Organizations and Internal Audit departments. He provides the framework and methodology to local audit teams so that they may be well equipped to validate compliance and cyber security needs for cloud based solutions. The biggest mistake companies make in purchasing and implementing DLP tools is that... They do not have an extensive inventory of their assets and data flows. These are key because if you do not know all the servers, firewalls, and computers that you have in your inventory, how will you know where to prevent the leak? If you do not have a comprehensive view of the data flows of critical information in your IT environment, including the network and system jumps, how will you know what data is worth monitoring? Companies forget to do the basis: complete a comprehensive inventory of all assets and map out all your data flows. These are not only a best practice, but a pre-requisite to maximizing your ROI when purchasing and implementing DLP tools. Anatoly Bodner @anatolybodner Anatoly Bodner is an industry-recognized information and infrastructure security professional, subject matter expert and event speaker. Anatoly currently serves as the Information Security Officer and Director of the Data Protection Practice for NTT Com Security, a global security consultancy organization. The biggest mistake we regularly see organizations make when making a purchasing decision on data protection technologies, including DLP, is... Making a product decision without taking the time to define their data protection strategy and develop core technical and business requirements and environmental considerations. My team engages with clients across different points of their data protection lifecycle, and we frequently see organizations making a reactive decision to acquire DLP technologies, and base their purchasing decision on either existing vendor preferences or pure pricing considerations. When companies don't take the time to learn and understand the pros and cons of each technology offering against their core technical and business requirements, it frequently ends up back-firing. Selecting a solution that doesn't fit their core requirements can result in short and long-term technical integration and reliability challenges, high operational overhead, and missed business expectations. Hitesh Dev Hitesh Dev is President of CMIT Solutions of Reston-Herndon, the small business IT support and services company for Reston, Sterling, Herndon and Great Falls, Virginia. As per my experience the 2 biggest mistakes companies make in purchasing and implementing DLP tools are: Not picking a tool specific to your domain. It is very important to pick a data loss prevention tool specific to the industry domain. For example, medical establishments are liable to hefty fines as per the HITECH act. Picking a tool with an inadequate rules/policy engine. A good DLP tool should have a strong policy/rules engine since most of the business value brought by DLP is driven by their processes, policies, and rules. Reuben Yonatan @reubenyonatan Reuben Yonatan is the Founder and CEO of GetVoIP - a comparison resource for cloud communication solutions. His writings blend commentary, research, and perspective on software trends, business strategies, and enterprise communication. The one mistake that many companies make in implementing data leak prevention (DLP) tools is: TOO MUCH DLP. Yes, there is such a thing. Hear me out. You've undoubtedly heard the story of the boy who cried wolf. Well, you can cry wolf on your DLP too. Here's how: