Resources

Blog

Friday Five 11/18

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!
Blog

What is a Data Protection Officer (DPO)?

Learn about the DPO's role in managing organizational data protection and overseeing GDPR compliance in Data Protection 101, our information security fundamentals series of materials. A DEFINITION OF DATA PROTECTION OFFICER A Data Protection Officer (DPO) is a dedicated business security role that is required by the General Data Protection Regulation (GDPR). Data Protection Officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. WHAT TYPES OF COMPANIES NEED DATA PROTECTION OFFICERS? Introduced by the European Parliament, the European Council and the European Commission to strengthen and streamline data protection for European Union citizens, the GDPR calls for the mandatory appointment of a DPO in any organization that processes or stores large quantities of personal data, for employees, people outside the organization or both. DPOs must be “designated for all public authorities, and where the main activities of the controller or processor involve “regular and systematic monitoring of data subjects on a large scale” or when the entity carries out large-scale processing of “special categories of data,” such as those detailing people’s race, ethnicity, or religious beliefs. RESPONSIBILITIES AND REQUIREMENTS OF THE DATA PROTECTION OFFICER When the GDPR comes into force on 25 May 2018, the Data Protection Officer will become a mandatory role under Article 37, this applies to all companies that collect or process personal data from citizens of the EU. DPOs are responsible for educating the company and its employees on important compliance requirements, training staff involved in data processing, and conducting regular security audits. DPOs also serve as the point of contact between the company and the supervisory authorities (SAs) who oversee data-related activities. As stated in Article 39 of the GDPR, the responsibilities of the DPO include, but are not limited to: Educate the business and employees on important compliance requirements Train staff involved in data processing Conduct audits to ensure compliance, and proactively address potential issues / Serve as a point of contact between the company and GDPR supervisory authorities Monitor performance and provide guidance on the impact of data protection efforts Maintain comprehensive records of all data processing activities carried out by the company, including the purpose of all processing activities, which must be made public upon request QUALIFICATIONS REQUIRED FOR DATA PROTECTION OFFICIALS The GDPR does not include a specific list of qualifications required for DPOs, but Article 37 requires a data protection officer to have “in-depth knowledge of data protection law and practice”. The Regulation also specifies that the expertise of the DPO must be aligned with the data processing operations as well as the level of data protection required for personal data processed by data controllers and data processors. A DPO can be a staff member of a controller or processor, and the corresponding organizations can use the same person to oversee data protection collectively, as long as all data protection activities are managed by the same person and that the DPO remains easily accessible by members of the corresponding organizations whenever necessary. DPO information must be published publicly and provided to all regulatory oversight bodies. BEST PRACTICES FOR HIRING A DPO Since companies that process EU citizens' data are subject to GDPR even if they are not located in the EU, a study predicts that 28,000 DPDs will be needed for regulated organizations to be compliant to the GDPR when the law comes into force in May 2018. Businesses and organizations must have their DPDs installed before the regulation comes into force. It is therefore important to start recruiting and hiring DPOs now in order to recruit the most qualified professionals for this position, because they are in high demand and the deadline is looming. To hire the right DPO, you need to ensure they have expertise in data protection law and practices, as well as a comprehensive understanding of your IT infrastructure, technology and technical structure and organizational. You can appoint an existing employee as DPO or call on an external DPO. Companies and organizations should look for candidates who can manage data protection and compliance internally, while reporting non-compliance to the relevant supervisory authorities. Ideally, a DPO should have excellent management skills and be able to interact easily with internal staff at all levels, as well as external authorities. The right DPO must be able to ensure internal compliance and alert authorities of non-compliance, while understanding that the company may be subject to hefty fines for non-compliance.
Blog

Different Types of Data Breaches & How To Prevent Them

Different types of data breaches will affect what type of protection you implement at your company. Understanding each can help you better prepare for an attack. What Are The Most Common Types of Data Breaches? The most common types of data breaches are: Ransomware Phishing Malware Keystroking Human Error Physical Theft Malicious Insiders What Is a Data Breach? A data breach is a security incident or cyberattack that results in a security violation. This usually encompasses identity theft, stolen data, unauthorized access or acquisition of data, ransomware, illegal exposure, or disclosure of confidential information. While data breaches are typically instigated with malicious intent, a data breach can also occur due to carelessness, negligence, or sheer incompetence. Data breaches are sensitive matters because, in addition to potentially involving espionage and the theft of intellectual property, they put peoples’ personally identifiable information (PII) in jeopardy. Moreover, data breaches exact both a reputational and material impact on the impacted organization. IBM reports that the already steep cost of a data breach rose from about $4.24 million in 2021 to $4.35 million in 2022, representing a 2.6% increase. In the past decade, there has been a never-ending epidemic of data breaches. As a result, state legislatures and government agencies have responded with various legal frameworks to check this rampant criminality. Laws & Regulations Against Data Breaches According to the National Council of State Legislators, all 50 states in the United States, including its territories and the District of Columbia have enacted security breach notification laws. This compendium of rules applies to both government and the private sector. Other entities that fall under the umbrella of these laws include businesses, especially data or information brokers. As a result, any enterprise conducting business in the United States must not only familiarize themselves with federal regulations (for example, the Data Breach Notification Act) as they pertain to data breach laws but also understand the patchwork of state legislations, including those relating to industry-specific regulations. Breaking Down the Different Types of Data Breaches Data breaches occur due to a variety of reasons or circumstances. Here is a breakdown of the most common methods, means, and vectors through which they typically occur. Ransomware Ransomware is one of the most pernicious types of data breaches around. It has become very pervasive very fast, with the US suffering approximately 7 ransomware attacks each hour. It is a particularly formidable attack because it stems from cryptovirology, which is an extortion-based attack based on combining cryptographic technology with malware. Ransomware encrypts the data of the target organization systems or victim’s computer(s) to block access to it until a ransom is paid for the release of its decryption key. Hackers normally target crucial files, rendering them unusable so that organizations are placed in a difficult position where paying the ransom is the easiest option to follow. Colonial Pipeline, the largest American oil pipeline system, was forced to pay hackers roughly $5 million to unlock its IT systems in 2021 because a ransomware attack resulted in the shutdown of its critical fuel pipeline. In addition to encryption, attackers typically use exfiltration tools as a double extortion tactic by threatening to publicly post sensitive, stolen data. Some of the best defenses against ransomware include: Maintaining proper and up-to-date backups. Staying up-to-date by immediately patching software vulnerabilities. Ensuring devices and applications are equipped with current, cutting-edge security features. Educating people against clicking on unsafe or unfamiliar links. Proactive preparation by having an actionable plan in place in the event of a ransomware attack. Phishing Phishing campaigns usually involve social engineering attacks meant to deceive people into giving up sensitive information like access credentials and credit card details. Phishing attacks typically use emails, purportedly from reputable organizations as a sleight of hand, to send fraudulent messages to unsuspecting targets. However, the deception can also be executed via phone or SMS. The general strategy is to trick the individual into clicking a malicious link or attachment embedded in the message. To entice people to click, attackers use several strategies like presenting fake invoices and free coupons, bogus mandates to change passwords, and sham requests to confirm personal information. In addition to email phishing, other types of phishing include spear, whaling, smishing, and vishing; they’re all designed to trick people into revealing personal information that can be used for fraudulent data purposes. Spear phishing is a highly targeted attack crafted for an individual or group of people in an organization. Because they are very tailored to the personal details of the victim or group, they appear legitimate, something which can make them successful. Whaling is a spear phishing attack that targets a large group of high-profile targets, such as the executives in the c-suite of an organization(s). To prevent phishing, do the following: Install anti-malware software Educate staff on recognizing fake requests and dubious links Apply free anti-phishing add-ons Protect corporate accounts by using multi-factor authentication Malware Malware, short for malicious software, is a general term to describe intrusive programs created with ill intent. Malware can cause harm in a variety of ways, but it mainly starts by first infecting a computer, network, or server. Depending on their signature and payload, they seek to propagate themselves throughout system infrastructure and devices. There are a variety of symptoms that can indicate that a computer has been infected with malware. For example, the system starts slowing down and experiences frequent crashes and/or an unexplained spike in internet traffic. Some users might encounter abrupt browser setting changes, loss of access to files, and antivirus products suddenly stopping. Malware comes in different forms, such as the following: Viruses Worms Trojan virus Spyware Ransomware Adware Fileless malware Emerging strains of malware have become more sophisticated. To evade detection, some advanced persistent threat (APT) actors employ obfuscation techniques, like using web proxies to hide their IP address, including the capacity to deceive signature-based detection tools. They typically use command and control techniques to coordinate attacks. In addition to installing anti-virus and vulnerability scanning to detect anomalous network behavior, organizations should adopt zero-trust security instead of the ineffective traditional IT architecture with their “castle-and-moat” approach. Keystroke Logging Keystroke logging is a cyber attack that uses a tool or malware called a keylogger to capture and record user activities; for instance, the keystrokes entered to log in or gain access to a system. Its name derives from the fact that the key presses or strokes are logged into a file. Alternatively, an attacker can use a command and control infrastructure that enables the attacker to see the keystrokes entered in real-time. This is a simple yet potent cyberattack for the straightforward reason that most computer interaction is mediated through the keyboard. As a result, keystroking can yield a treasure trove of information like username/password credentials, including credit card and banking information.
Blog

What are Data Classification Levels?

How do you classify data in your organization? Conducting a data risk assessment and keeping compliance regulations top of mind are some of the first steps to helping an organization protect its data.
Blog

Friday Five 10/21

Ransomware, info-stealing malware, and scams may be taking up the headlines, but a new, "tough" national cybersecurity strategy is right around the corner. Read about these stories and more in this week's Friday Five.
Blog

What Is Endpoint Data Loss Prevention (DLP)?

Endpoint DLP is an additional data loss prevention tool that can help protect your enterprise from losing sensitive data. What Is Endpoint DLP? Endpoint data loss prevention extends to endpoint devices that are used to access sensitive, stored data. Endpoint DLP protects data in use, in motion, and at rest. What Is Data Loss Prevention? Data loss prevention is the practice of monitoring, detecting, and preventing potential cybersecurity data breaches, including the illegal transmission, exfiltration, and destruction of sensitive data. DLP incorporates a set of tools and practices to ensure vital data isn’t stolen, leaked, misused, lost, or accessed by unauthorized users. DLP Data Life Cycle Stages DLP provides complete data visibility in the network, at all stages of its utility and transmission. A comprehensive DLP solution targets data at three stages: Data in use: DLP safeguards data while in use by an application or endpoint. It also encompasses protecting data when it’s being accessed, modified, or processed. This is typically done through authentication, authorization, and identity access control. Data in motion: Securing the safe transmission of confidential, proprietary, and sensitive data as it passes through networks, including email and other messaging systems. Encryption is the primary mode of protection here. Data at rest: Safeguarding data stored in a storage location, computing device, database, or server, including cloud-based systems. Authentication, encryption, and user access controls are used here for protection. DLP should be an important aspect of the overall security strategy and posture of an organization. A DLP solution can be deployed at the network, endpoint, or on the cloud. Network DLP vs. Endpoint DLP vs. Cloud DLP DLP solutions emerged to protect and prevent companies from risking the loss of confidential and proprietary data, either inadvertently, or due to data leakage or insider threats. Endpoint DLP As its name implies, endpoint DLP monitors all endpoints. These typically consist of laptops, desktop computers, servers, mobile, and IoT devices. The list includes any device or component on which data resides, data is used, saved, or moved. The role of endpoint DLP is to monitor these devices to ensure data loss, leakage, or misuse doesn’t occur. Endpoint DLP has grown in importance and prominence with most companies adopting a bring-your-own-device (BYOD) policy with their employees. The implementation and company-wide rollout of endpoint DLP is more challenging due to its scope. Hence, its deployment can be an intimidating prospect for most organizations. However, there are some effective endpoint DLP solutions that don’t require complicated and time-consuming execution. To protect sensitive data such as intellectual property, organizations run endpoint discovery scans and execute remediation actions. Network DLP These are the most common DLP solutions. Network DLP’s primary role is to provide visibility into the type of data being sent through a network. Network DLP is efficient and well-rounded at safeguarding data in motion. To do so, it analyzes the network activity and traffic passing through what is mostly a traditional network. So, it monitors the network in order to detect when proprietary, confidential, business-sensitive data is transmitted in violation of company policy. However, its focus on network communication means that it’s mainly limited to protected data in motion. Moreover, experts point out that network DLP isn’t capable of protecting an organization from the harm that comes from insider threats. Cloud DLP This is effectively a subset of the network DLP and is tasked with protecting data on remote cloud systems. This encompasses data residing with cloud providers and software-as-a-service applications such as Microsoft 365 Outlook, Dropbox, Google Drive, Asana, and Jira. Cloud DLP protects data in the cloud. It primarily does this through scans and audits to determine the presence of sensitive data, subsequently encrypting it before it’s stored in the cloud. It fortifies this by generating a log that records when confidential, cloud-based data is accessed. It also alerts system administrators and IT operators in the event of anomalous activity or the threat of a breach. Moreover, offices are shifting more than ever to remote workforces or hybrids of this configuration, with tools like Slack and Google Drive. Are All of These Necessary? Should an Organization Implement all Three? For comprehensive security, organizations should endeavor to deploy all three DLP types. Used together, each plays a comprehensive role in the overall data security of an organization. For instance, endpoint DLP offers data visibility beyond an organization’s network. As a result, it’s vital for keeping the data on devices outside the network’s scope safe, which is especially relevant for those that connect remotely. By installing agents at endpoints, endpoint DLP is capable of accessing, scanning for, and ultimately protecting sensitive data. Network DLP monitors the network, especially for malware activity, suspicious file transfers, or data exfiltration efforts. It also reports on network bandwidth usage to establish a baseline of operations to detect anomalous activity by suspect actors. As remote staff and in-office employees transfer data back and forth between corporate communications networks and endpoint devices, a comprehensive DLP solution is necessary to add a robust extra layer of data security. How Does a DLP Solution Work? The centerpiece of creating a DLP solution is basically two-fold: First, determine if a particular operation is legitimate or possesses a threat to corporate data. Second, take steps to keep the data protected and secure. This scenario is an example of how a DLP solution works: A rule identifies when an incident occurs; for example, when a user attempts to copy data to a USB or removable device. The DLP solution prevents the data from being copied. The DLP solution generates a report, which triggers an alert notification to an IT security officer. DLP software is designed to detect misuse and threats through content awareness and contextual analysis. Content awareness involves analyzing documents to determine if it contains sensitive information. On the other hand, context analysis examines only metadata and properties of a document like its size, format, and header. Pattern Matching Context analysis uses pattern matching to determine whether a document’s content contains sensitive data like social security numbers, credit card numbers, or HIPAA information. Once the DLP software detects a matched pattern with confidential data, it proceeds to issue an alert to warn of violations and trigger an incident response. The analogy often used to explain this is to equate the content to a letter while the context represents the envelope used to send it. So, while content awareness analyzes the content, context encapsulates external factors like header, size, or format which lets us gain intelligence regarding the content of the envelope. The technical implementation of context analysis often involves the use of regular expressions, also known as regex. Context-based classification is paramount for protecting intellectual property, whether it is stored in a structured or unstructured form. DLP Use Cases Identifying and Preventing Sensitive Data Loss DLP assists businesses in identifying security incidents such as data breaches and hardening the IT infrastructure to avert the loss of confidential company data such as valuable intellectual property. This also includes applying different levels of trust to different devices, especially portable ones. DLP offers additional levels of protection for file transfers and sensitive data in motion by ensuring they are automatically encrypted. Data Discovery, Visibility, and Regulatory Compliance The sensitivity of data in the modern age means that organizations face a lot of oversight in their handling. Therefore, DLP helps companies to cover a broad range of government standards and requirements. One of the roles of endpoint DLP is the discovery and classification of proprietary, confidential data for compliance and reporting purposes. In addition to intellectual property information and proprietary data, DLP protects the treatment of personally identifiable information that falls under the auspices of privacy regulations like HIPAA, GDPR, PCI DSS, and so on. A major part of the regulatory requirements for these agencies is that organizations know where data is stored, especially at endpoints, or run the risk of non-compliance and face deep fines. Protecting Against Data Leakage at User EndPoints Endpoints such as laptops and mobile devices are very susceptible to data leakage because they are prone to connecting to unsecured networks. In addition, they are more likely to be stolen, misplaced, or damaged. Due to the massive growth of IoT, endpoints can also provide a conduit through which attackers can gain access to internal networks. Implementing DLP on endpoints helps monitor access to confidential and sensitive data on those devices. Best Practices for Endpoint DLP Adopting best practices helps to fortify your DLP endpoint implementation. Here are a couple of DLP best practice strategies to consider.
Blog

Secure File Sharing for Business Solutions

Files and documents are the primary tools for chronicling and sharing information. While helpful, collaborating like this can raise privacy concerns for businesses because documents may contain business secrets, proprietary information, and personally identifiable information (PII). The most secure document collaboration tools for businesses prevent data loss, theft, and misuse while preserving their organization’s competitive advantage. What Is Secure Document Collaboration? Secure document collaboration enables individuals, typically workers, to share files, information, and sensitive data in a simple, safe, and protected manner. They foster collaboration by allowing several users to simultaneously work on a single document while maintaining its privacy restrictions. The Features & Capabilities You Should Look for In Secure Document Collaboration Tools Generally, any secure document collaboration tool should have a couple, if not most, of these features: Robust security features: The best document collaboration software incorporates security features like encryption and authentication processes to protect the integrity of its content. Tracking workflow changes: This allows team members to monitor progress, especially by seeing who has made what changes and holding people accountable. Document management: This includes the ability to draft, create, edit, save, and publish documents to a specified audience. Comments and feedback: This allows members to provide feedback that facilitates asynchronous collaboration and messaging. Consolidated data and communications: This centralization fosters quick task completion and eliminates the need to switch back and forth between multiple apps. Top 5 Document Collaboration Software 1. Digital Guardian Secure Collaboration As a secure collaboration tool, Digital Guardian Secure Collaboration incorporates the notion of perimeter-less, zero-trust security. Most secure document tools are adept at protecting sensitive information within the confines of the platform. However, unlike the product, they cannot offer protection once the data leaves the network or application platform. The product is different because it can track data once it leaves the confines of your network or endpoint. Users can also dynamically revoke access to leaked information or information mistakenly sent to the wrong user. Common Features and Use Cases The product can protect data when it leaves managed system environments. Facilitates zero-trust file sharing with portable, persistent data security and encryption. Documents are inspected for malware, cyber threats, and sensitive information before transfer is permitted. Allows granular security implementations that can be based on policy and classification. Pros Provides total control over documents wherever they travel. The product's Always-on File Security bundles encryption, data protection, and digital rights management into a secure document collaboration tool. Ensures your valuable data is safe throughout the document’s collaborative orbit. Cons The lack of a tiered pricing model disfavors small business enterprises. 2. Google Docs Google Docs is a free, cloud-based solution. It is also one of the most widely used document collaboration software. Its autosave capability is one of its most defining features, saving countless users from hair-pulling meltdowns due to the loss of critical information from unsaved work. Common Features and Use Cases Every change is automatically saved. Allows seamless online collaboration in real time. Provides ready-made yet customizable templates for various writing tasks. Facilitates the use of different permissions on the same document. Only browser, no special software required. Pros Allows users to sync changes from anywhere. Simple, intuitive interface with easy-to-use tools for editing and formatting content. Integrates seamlessly with other Google apps. Although web-based, it allows you to unlock offline editing on the Chrome browser. Cons While it’s good for commonplace editing tasks, it lacks advanced collaboration options. It doesn’t contain top-notch security features. 3. Microsoft Word Microsoft Word is a powerful word-processing software and part of Microsoft’s productivity suite. It is ideal for creating documents of the highest professional standards with visually appealing elements. Microsoft Word also comes with an extensive range of features. Common Features and Use Cases The ability to secure documents through passwords. Numerous templates and ready-made designs to choose from. The ability to incorporate graphic elements like 3D models directly into your document. Built-in language translator. Checking document readability scores. Pros A very user-friendly interface. Though there are alternatives in the marketplace, Microsoft Word still remains a top-notch product. Sophistication word processing features, including editing tools and a wide range of add-ons. Easy to create professional-looking documents. Cons
On-Demand Webinar

Combine Data Loss Prevention and DRM to Enhance Data Security

The amount of data that companies are generating and its value to day-to-day business is growing exponentially. All that data is then stored and shared, both internally and externally, through all type of means. How can you ensure that sensitive data remains secure without burdening your end users?Organizations need to consider how to implement simple and scalable security solutions for end-to-end...