When You Should Switch To Biometrics For Data Protection

Once the territory of sci-fi films and fiction, these days, biometrics are a part of everyday technology. This kind of smart technology is all about using sophisticated means to identify an individual. This is especially relevant for data protection within companies, as it can assist to prevent the loss of data by more effectively assigning highly classified data to a specific individual. This individual can then only access the data using biological characteristics unique to them. What we’ll outline today is what exactly biometrics is, how it works, and when it is relevant to assist with data loss protection, particularly for small businesses.

What is biometrics?
Biometric verification is the use of biological traits to verify an individual’s identity. These traits can be both visible and invisible to the eye. Traits that are visible include things such as a fingerprint, retina or iris size, earlobe shape, and even things such as a person’s posture or the way they carry themselves. Less visible traits include things such as a heartbeat, voice waves, and DNA.

How does it apply to data protection?
Particularly with the advent of cloud-based computing and remote working, biometrics can assist with ensuring that end-point devices stay secure. Mobile devices, such as laptops and phones, are often the culprits from which data is lost from internal sources, either by accident or through malicious intent.

Biometric verification ensures that sensitive information can only be accessed by individuals of your choosing. This instills a greater sense of responsibility in those individuals to safeguard classified information, and also creates a disincentive to releasing the data maliciously. If the files are only handled by a certain number of people who can be biologically identified and therefore caught, it’s much less likely that they would release that data intentionally.

When should you apply it?
Biometrics already exist in many mobile devices, such as smartphones and laptops. This means that generalized biometric technology can be implemented across the board by making smart decisions when upgrading these items as part of your business inventory. By integrating standardized biometrics as part of your data loss protection strategy, you can help to protect data loss, particularly from those who work remotely, but also across the board.

Most companies will have a series of files that are highly classified. Whether these contain sensitive personal information, or if they’re the company’s intellectual property, it is imperative to create much stronger incentives and disincentives against the accidental and malicious release of these files. A good way of beginning to integrate biometrics verification is to start with these files only. Unless you’re a large multinational, it’s unrealistic to think that you’ll be able to fully integrate highly sophisticated technology across the board. Instead, focus on ensuring that that technology goes towards protecting that highly sensitive information that only some individuals have access to.

It’s clear that the days of the password as the only method for authentication and verification are numbered. In order to help ensure full protection against data loss, particularly internal threats, integrating biometric technology is the way of the future. If you’re an SMB or SME, the best way to think about biometric integration is by directing the resource and budget you have put aside for it towards protecting the files that are most highly sensitive, or would have the most negative impact if they were internally released. That way, you can start to test methods of using the technology that work for when the technology becomes cheaper and easier to implement across the board.

 

Enhancing Your Company’s Mobile Security in Ten Steps

Mobile-centric workforces are a present reality, and, more and more, a way of the future. They enable your employees to be anywhere and everywhere, which also means that your company’s precious and sensitive data is moving with them also. So, how to prevent against the threat of data loss from internal sources, both by accident and maliciously? Here are ten easy steps you can take:

  1. Use a lock screen and biometrics technology

Pretty simple stuff but it is very surprising how few companies, particularly SMBs, insist that this procedure is followed by their employees. Preferably employees will have both smartphones and laptops that come with built-in biometrics technology that can identify them through retina or fingerprint verification.

  1. Create a BYOD policy

You may or may not provide employees with devices. If you don’t, it’s important to create a BYOD (bring your own device) policy, where employees follow a procedure on their own devices to bring them up to speed with company security policy. Mobile device management platforms are a great way of implementing these. These procedures should also give you the ability to wipe their phone data remotely in an emergency situation.

  1. Purchase unlimited data contracts

This might not always be possible with budget constraints, but it is the most effective way of preventing employees connecting to unsecured Wi-Fi networks when they are in public places.

  1. Encrypt, encrypt, encrypt

The more you can encrypt the better to prevent ‘leaky’ code or to help prevent data being revealed if it is leaked by accident. File-level encryption protects data on a file-by-file basis, and key and certificate management is also highly important to protect.

  1. Strengthen passwords

Many employees still use old and unsafe passwords, merely because they’ve never been reminded to update them. As part of company policy, ensure that all passwords have to be of a certain strength and changed on a regular basis. This will help against the threat of data loss protection, not only from a mobile security standpoint, but also within the office.

  1. Testing

Ideally comprehensive testing will be included in the network security firm who puts together your mobile security package, but you should also be testing yourself to find any cracks. Upon initial implementation, encourage employees to ‘break the system’ with unclassified information. When the people who will be using the mobile systems are able to get around the technology at the very beginning, it’s likely to happen again and therefore needs to be fixed.

  1. Device protection

More relevant for SMBs with BYOD policies, ensure that the devices used are not jailbroken or a rooted device. This removes the in-built security measures that come with smartphones, which are fairly sophisticated and help to complement your company’s own security policies.

  1. Mobile app choice

When downloading any app on a phone, for both personal and professional use, it’s important that employees don’t download apps that could compromise data protection. Ensure that employees view the download of apps the same way that they view downloading foreign files, or opening spam emails – with caution.

  1. Inform your employees

Further to this, it’s helpful to inform your employees what potential threats could look like. While these are technically external threats, you can reduce the internal threat of employees clicking on harmful phishing links by educating them that these could come from banks, tax departments, the Board of Directors, and what to do if they’re unsure.

  1. Update the technology

Software updates for laptops and mobile devices generally include a large number of security patches and updates. Ensure that you and your employees are as protected as you can be by updating as soon as the notification comes through.

Many employees don’t have any intention of leaking a company’s sensitive information, they are just totally unaware of how they are inadvertently doing it. Creating a workplace where employees are taught to view mobile security as an important part of their job, whether it’s disconnecting from public Wi-Fi areas, or strengthening passwords, it helps to educate and empower them to start taking mobile security into their own hands. This, combined with mobile device management platforms that help to protect against internal loss that occurs intentionally, will ensure that your company has a solid mobile security policy.

Zecurion Announces Partnership with Dataguard Middle East

Partnership Enables Zecurion to Deliver Data Loss Prevention Solutions in the UAE and Other Middle East Countries

New York, August 18, 2017 — Zecurion, a major vendor for data loss prevention (DLP) solutions, today announced that it has signed a distribution agreement with Dataguard Middle East, one of the fastest growing distributors and IT service providers across the Middle East. The agreement is Zecurion’s first direct distribution agreement in the Middle East and forms part of the company’s strategy to focus on innovation and investment in its partner ecosystem. The partnership will enable Zecurion to expand its global footprint in the UAE and other Middle East countries.

The partnership is one of the many steps that Zecurion plans to take to build on its regional growth strategy and follows Zecurion’s recent recognition by Gartner in its Magic Quadrant for Enterprise DLP 2017.

“We are very excited about our new partnership with Dataguard Middle East. With their experience as a distributor of DLP solutions, knowledge of the enterprise security market, as well as their network of channel partners, we are all set to expand in this region,” said Alexey Raevsky, CEO of Zecurion.

Dataguard Middle East will distribute the complete range of Zecurion DLP solutions including Zlock, Zgate, Zdiscovery and Zserver. In addition, Dataguard will provide managed services to customers that are looking to deploy Zecurion DLP solutions in the cloud.

Rishan Ahmed, Product Consultant at Dataguard Middle East, said, “the partnership with Zecurion will greatly benefit our resellers, system integrators and customers through easier availability of leading enterprise DLP solutions at mid-market prices, greater collaboration for channel training and enablement, channel marketing support, and technical support from the team in Moscow and New York – all being key components of the relationship.”

He also added, “We are adding Zecurion’s superior DLP technology to our portfolio of security solutions. The partnership will enable our channel network to offer the most technologically comprehensive enterprise DLP solutions, as well as equip them with the right training and tools required for success in this highly competitive market. This is a significant development in the Middle East data security market and represents a refreshing opportunity to our partners in this sector.”

The distribution agreement is effective as of August 14, 2017, with immediate benefits to partners and customers.

For more information about Zecurion or this partnership, please call +1 866 581 0999.

About Zecurion

Zecurion is a global innovator and leader in security solutions that reduce risk by addressing internal threats. Founded in 2001, Zecurion has successfully developed and implemented security solutions providing proven and reliable protection against leaks for more than 10,000 companies around the world. The company’s solutions provide comprehensive protection against the leakage of information throughout the course of its life cycle – from creation and recording to archiving and deletion. Zecurion was recognized by Gartner in the 2014, 2016 and 2017 Magic Quadrant for Enterprise Data Loss Prevention. It has also received recognition through the prestigious Golden Bridge Awards and Network Products Guide, as well as consistently being ranked highest among developers of DLP analytics by CNews. Additional information is available at http://www.zecurion.com.

Zecurion and the Zecurion logo are trademarks of Zecurion.

About Dataguard Middle East

Dataguard is one of the fastest growing IT service providers and true value-added distributors across the Middle East, with solutions designed in collaboration with world-class vendors that deliver high quality and security.

Dataguard’s mission is to provide presales/post-sales support to all partners and customers, onsite as well as offsite through a remote support center that provides high-quality technical services. The company values providing uncompromised security on data, systems and networks.

Additional information is available at http://www.dataguard-me.com.

 

Analyst and Media Contact:

Ratika Garg

Director – Marketing & Channel Enablement, Zecurion

+1 (240) 449 6818

Ratika.garg@zecurion.com

 

The Top Data Breaches in 2017 – And It’s Only August

Since January 1 2017, there have been approximately 156,000 data records breached where the disclosure was unintentional or a malicious breach from an insider. These are breaches in all industries, to all kinds of individuals, and all sizes of companies. To put it in perspective, that’s roughly 867 records breached every day, or nearly two records every three minutes. We’ve rounded up the top data breaches for the first half of 2017. Prepare to be unsettled.

Registered voters in America
198,000,000 Americans registered to vote had their personal information exposed in late June this year. The firm responsible, a Republican data analysis company, Deep Roots Analytics, has taken full responsibility for the situation. Included in the breach was basic information such as voter’s first and last names, birth dates, home and mailing addresses, phone numbers, registered party, self-reported racial demographic and voter registration status. Alarmingly, a voter’s likely stance on abortion, gun control, stem cell research and environmental issues was also part of the breach. Fortunately, it appears that only a single Cyber Risk Analyst from another company was able to access the 1.1 terabytes of entirely unsecured data and was able to alert authorities in time.

Educational records at the University of Oklahoma
Also in June, the University of Oklahoma has been found to have violated federal law with their lax privacy settings across their campus file-sharing network. 29,000 educational records were accessed by email users on the system. These records included social security numbers, financial aid information and grades in records dating to at least 2002. The files have now been safeguarded but each breach could constitute a violation of the Family Educational Rights and Privacy Act.

Email addresses of US corporates
Just under 33.7 million unique email addresses were leaked in March this year. The company responsible, Dunn & Bradstreet, is a business services company so, at 30 million, the records represented a large chunk of the United States corporate population. This is the data that can be bought and sold – it’s unknown what the market rate would be, but it is reported that it can cost up to $200,000 to access just half a million records. The largest organizations affected include the Department of Defense, other armed forces, AT&T, Boeing, and the United States Postal Service. Interestingly, it remains unknown how the breach occurred, other than it was internal, although Dunn & Bradstreet stated it was not released through one of their systems.

Thankfully, many of these data breaches were eventually picked up by security companies monitoring for data exposure before the data could get into the wrong hands. While these are three of the most significant data breaches to happen this year, there are tens of thousands more where companies have had their data exposed through internal sources, either with malicious intent or by total accident. Companies that lose data through their own negligence, or lack of correct privacy procedures, can face legal action and be forced to pay damages to the individual’s affected. A data loss protection strategy is essential for a company of any size. It protects the individuals whose data is owned by the company, and it helps protect the company from the ramifications of any internal losses.

How to Use Prioritization to Enhance Your Data Security

Data loss prevention and data security can sometimes feel like a daunting and money draining task, particularly for SMBs. But cyberattacks and loss of data can be some of the biggest risks an organization can face in this modern-day climate. Companies don’t need to be big-name enterprises with large IT departments in order to operate as a top-performer in data loss prevention. When it comes to protecting companies and individuals from data loss, prioritization of data protection is key to successfully managing security, while still operating a well-running company.

  1. Knowledge is power

There are many studies that suggest that around one third of all companies lack sufficient policies for data encryption, classification and security. Knowing the risk and how your company might be affected is the first step towards data security.

  1. Consider the options

What is actually realistic for your business? While it is tempting to get caught up in the sophistication and benefits that some of these security systems hold, it’s important to prioritize what your company really needs for full protection. Extra benefits are nice-to-haves, and most security companies will scale plans up and down, so these can easily be considered once a working plan is in place.

  1. Learn about your company’s data

Back to the first point, knowledge is power – in order to be able to optimally prioritize data for security purposes, you need to know about your company’s data. What it does, who uses it, and how it moves around your computer systems. Depending on the size of your company, there are some mapping tools that can be put into place to assess this but you should also be looking for a general feel. In addition to the sophisticated software that’s out there, there’s an element of common sense to data security – if you think data could escape a particular route, it probably can.

  1. Top down data prioritization

Once you know the ins and outs of your company’s data, it’s important that you begin to assess the risk that a breach in data security poses for the different kind of files your company possesses. The higher the risk, the more priority needs to be given to ensuring that the data security around those files is impeccable.

  1. Balance it out

Bear in mind that often the more security and process you place around data, the more administration you are placing on your employees. Policies and verification processes all take time, and this adds up if it is manual time on each and every file the employee is using. Consider the effect that the loss of a particular piece of data will have on your company if it is released from your secure system. If the consequences are not high, and it’s much more effective for your business to run efficiently without cumbersome processes around those files, then go with that.

Prioritizing the kind of security that you employ to protect your company, and how you implement it, can sometimes mean the difference between being able to install security and data loss prevention plans in your company, or becoming like the one-third of businesses that have not done so. With these simple techniques, you should be able to efficiently breakdown and prioritize how to effectively go about protecting your company through data security.

Why a Data Breach Could Change Your Life – And What to Do About It

data loss preventionThe sensitive information of individuals is big business in the criminal world. An individual’s medical record can collect up to $50 on the black market, 50x that of a credit card record, and that’s before money has been elicited by using the record itself. Data breaches aren’t just confined to medical and financial though, in the modern world we are seeing trade secrets, intellectual property and other identification information being viewed or stolen by unauthorized individuals. Data breaches can dramatically affect your life, both as an individual citizen, but also as an employee or business owner. Fortunately though, there are ways to protect yourself.

Getting down to business

From a business perspective, data breach can be hugely damaging, to a company’s reputation as a whole as well as the consequences of what that data breach will bring. Particularly for companies that trade in knowledge sectors, data breaches can have hugely impactful and long-lasting effects if intellectual property or trade secrets are obtained by an unauthorized source. Companies have seen their long-term earning capacity significantly reduced, or even wiped out, from data breaches.

While the media generally highlights data breaches that happen on a mass scale to large and well-known brands, it is small to medium enterprises that can be hit hugely as their technology and processes are often not strong enough. Some studies suggest that almost 30% of SMEs have no plans in place to deal with security threats.

How to turn things around

A data breach response plan is crucial to maintaining the safety of your business. Sometimes it’s helpful to think about the digital risk of a data breach in the same way as a physical risk to your company, such as fire or theft. No company would operate without basic policies around high-risk areas, and data breach should be considered in this group.

A good data loss protection plan and state-of-the-art security will equip your company with the right tools and software to protect against ransomware, and inadvertent loss of data. But a truly great data loss protection plan is one that pre-empts the catastrophe by ensuring that all employees understand the level of risk associated with a data breach and are committed to putting in place best data loss protection practice in order to minimize the risk.

On an individual level

Whether you’re a business that holds sensitive information regarding individuals, or from an individual perspective, it is important to know the risks associated with having your personal data compromised. Of course, the consequences of stolen financial and medical records are fairly evident, but with the rise of sophisticated ransomware and malware techniques, criminals can embed themselves on your computer and commit serious crimes identity theft that you may not even be covered by in your insurance.

What to do about it

Firstly, look into how you’re currently protected on an insurance and a digital level and make the appropriate changes. Contact your bank and talk about options to protect your credit card online and fully understand their policies if your details are compromised. Shop around – protection isn’t standardized and different financial companies will offer different types of protection. That goes for your medical insurance also, contact your provider and get a clear understanding of what will happen if there is some kind of breach.

Then it’s time to look into your cybersecurity. Cyber criminals have gone from strength to strength in recent years so it is imperative to update your security and ensure the settings don’t ever have it sitting in an idle state. It’s also an excellent idea to look into password storage facilities like LastPass that enable you to have a different password on websites, particularly those you are sharing sensitive information with. Opt for a two-step verification process on any website that has it and use different security questions on different websites, where they are offered.

Data breach can have far-reaching and long-lasting effects on both individuals and companies. Put simply, the only way to combat this kind of criminal activity, as a citizen and as an SME or SMB, is through protection. For businesses, this involves a strategic data loss protection plan, as well as a crisis management plan if the worst happens and sensitive information, particularly that of individuals, gets into the wrong hands. For both businesses and individuals, computer security and prevention techniques when it comes to websites where your data could be compromised, are essential to mitigating the life-changing risk of a data breach.

Healthcare Industry Data Loss Problems – And Their Easy Solutions

According to a report by the Ponemon Institute, nearly 90% of healthcare organizations suffer data breaches. Internal threats such as mistakes—unintentional employee actions, stolen computing devices—account for nearly half of the data breaches. This statistic certainly serves to show the staggering problems around data loss in the healthcare industry. While the scale of the problem, and therefore the solutions to it, may seem incredibly vast, there are actually strategies healthcare organizations should be implementing in order to combat this high-risk situation.

Why is theft, or loss with malicious intent, so high?

Firstly, medical records can fetch up to 50 times that of credit card records on the black market. While that may seem far-fetched, it’s surprisingly not, given the amount of credibility medical records hold when it comes to identification. Criminals can easily use medical records to fraudulently bill insurance companies, obtain prescription medicine, in addition to other identity theft practices.

The move to digital and the losses that come with it

The digitization of medical records has been seen as a long overdue step by the medical community to reduce mounting hospital administration and provide patients with more reliable diagnoses and care. Proper due diligence isn’t being paid when it comes to data loss protection for a variety of reasons, budgeting, outdated technology and lack of knowledge among them. As a result, breaches into healthcare systems are becoming more and more commonplace, particularly as online criminals become more skillful, as well as hospital staff accidentally releasing sensitive patient information.

The problem areas

Data loss is considered to be one of the most commonplace ways for healthcare organizations to lose a patient’s medical files. The main problem areas include criminal attack, a stolen computing device, unintentional employee action and technical glitches in the system.

The root problem

At the root of these problems are outdated legacy systems and medical devices and poor training in data loss protection. Healthcare organizations have an extremely unique set of challenges when it comes to digitized information. Particularly for hospitals, the scale at which they work, is huge. The number of individuals who have files stored on their systems, as well as the number of medical professionals who are not highly skilled in computer literacy, is vast. Combine this with computer systems that need updating and a lack of budget to do so, and it is easy to see why data loss is so prevalent in the healthcare industry.

The solution

The solution to the problem can be simplified into two parts – update computer systems so that strong security measures can be put in place, and implement a data loss prevention strategy across the organization. The first solution requires budget, but it is imperative that this is prioritized. Ransomware and malware are becoming an increasingly prevalent, malicious, and ruthless way of obtaining data. Trends suggest that it will become even more of an issue in coming years and the only way to combat it is through state of the art security measures.

A data loss prevention strategy, while still costly, especially if implementing on a large scale, is more of an upfront cost and a slow burn investment. For healthcare organizations, a data loss prevention strategy is an incredibly cost-effective way to protect against data loss as much of it involves staff onboarding and communication in order to make it work. Of course, software systems need to be installed to protect files, but much of the hard work comes from ensuring that all staff understand what they need to be doing in order to avoid the inadvertent leakage of sensitive information.

With just a quick online search, you can see the mounting concern about protecting patient data in the healthcare industry, and the ever-growing and alarming statistics about how much data is currently being compromised. Healthcare organizations need to reprioritize budget in order to implement easy and effective solutions like state-of-the-art security, and a data loss prevention strategy that has buy-in from staff working both in hospitals and medical centers on network devices, and remotely on mobile.

Five Steps to Better Data Loss Prevention

Data Loss Prevention (DLP) protects companies against the loss of sensitive data. In the world of data, everything has increased. IT and cloud based software and apps, cyberattacks and increased mobile usage of employees are just some of the ways that confidential data can escape from a company. A relevant and working DLP strategy is key to preventing this from happening, or managing it in the most effective way possible, so we’ve put together five steps to better protect data.

Protect data in all locations

We mentioned mobility because it is one of the areas that even a great DLP strategy can completely fall over on. While a company might have fantastic Data Loss Prevention within its corporate LAN, this no longer serves as a contained endpoint for data loss. With mobile and cloud-based software usage at its current rates, data needs to be protected wherever it is. Additionally, look at finding an offsite server to backup your company’s data in case of an emergency breach through a natural disaster, crash or cyberattack. Having your data held in more than one physical location serves as an additional protection mechanism.

Prioritize the important stuff

DLP’s main role is the protection of sensitive data. There has to be a balance in companies between allowing file sharing to go relatively unhindered in order to boost productivity, and creating systems that prevent those files from being lost. This is generally done by choosing which of those files would be most detrimental to lose, for instance, intellectual property or financial records. This gives you somewhere to start and means that a DLP system won’t lower productivity for files whose public release would not be at all catastrophic.

Get to know your data

Monitor and track the regular movement of your data. This is particularly useful for picking up when there are internal threats in general, but mainly it makes it clearly visible where your sensitive data is going, and what threats it might face along the way. Doing this ensures that you are across what is happening with your data, and therefore will be able to ensure that the DLP strategy you apply will work for your company.

Ongoing help

Realize that a plan to prevent data loss is not a one-off investment of money, time and resource. Data loss involves, people, IT, and the web, all of which are constantly changing. Your DLP plan needs to constantly change and mature also. Engage with security solutions specialists to amend and rework all parts of the strategy, and then look internally to ensure that staff are receiving the guidance that they need – and that the strategy actually works for them and the way the work.

Incremental change

Much like the strategy itself, which constantly needs to rework and change, so too will your employees as they will be integral to ensuring the strategy’s success. Running a pilot that protects only the most sensitive data is a way to safeguard yourself against purchasing an incredibly comprehensive DLP strategy that doesn’t operate quite in the way it should. It’s only by testing it out in an incremental way, monitoring the data movement, as well as how employees are using the policies, systems and plans, that you’ll be able to ascertain whether that system is right for the business.

IT security no longer lies just with anti-malware or virus software. The significant advances in IT have brought with them substantial amounts of information and knowledge sharing through data. While this has seen a momentous boost in productivity, knowledge, and ideas for many companies, it has also increased the risk of important information getting into the wrong hands. Data Loss Prevention is an essential part of any company’s security policy and, with these five steps, you will be able to achieve a strategy and a plan that works for your company.

Data Loss Disasters: Are You Covered In An Emergency?

data loss preventionThe dreaded crash, the blue screen, or the security breach, brings on a familiar feeling of terror to every computer user. For small to medium sized businesses who are increasingly relying on software and cloud-based solutions to boost their company’s productivity, the stakes are much higher when this happens. The issue with the increase in IT solutions is that this also needs to be coupled with an increase in data security, particularly in the case of an emergency, and this doesn’t seem to be happening with SMBs. According to The National Archives & Records Administration in Washington, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

While this covers all data loss, and not just internal threats such as accidental or malicious leaking, it is still a startling figure and one that can be easily addressed with a Data Loss Prevention (DLP) strategy. Any good plan should always incorporate an emergency scenario and that is what we will be discussing today, how to cover yourself in a data loss emergency.

Clear communication
This should be one of the most important features of any emergency response plan. When things go wrong people panic, people try to cover up and people inevitably do not take the most rational and responsible course of action. By ensuring that your emergency DLP plan is simple and succinct, and is clearly communicated to all staff in a way that they can easily action, you’ll help to ensure that employees take the right action.

Back it up
Knowing the risks is the first step to appreciating just how important data backup is. There are the ‘real life’ physical threats such as vandalism, fires and floods, and even power surges which affect thousands of computers every year. Then, of course, there are the not so physical threats such as cyberattacks and ransomware. With so many ways for an emergency data loss to occur, backing up files is crucial to prevent data loss in these situations, and always the easiest solution if it does occur.

Backup again. And again
Automate the backup to ensure that nothing goes to chance and that it occurs on a regular basis. Then find a separate server in an off-site location that will prevent data loss if your entire internal system is compromised. Again, it’s always easier to be able to recover the data from a backup, than from a crash.

Decent security
Your emergency response plan should employ or align with security professionals, largely to prevent the ever-present threat of cyberattack. Security professionals will be able to continually change multi-layer encryption and changing algorithms as part of their prevention plan, but they will also need to constantly update and review the emergency routine as part of this.

Given that most of us have experienced a computer crash in our lifetimes, we all know that emergencies happen. With the increasing threat of cyberattack, these emergencies are now much more widespread than ever before. By treating emergency data loss like it’s a reality, you’ll be able to create an environment where data is sufficiently backed up, and where an emergency response plan is as up to date and impenetrable as possible, and clearly communicated to staff so that it actually works.

Mobility and Security: What You Need to Know

The increase in mobile usage for work-purposes is a mutually beneficial development for businesses. It allows employees more flexibility and agility, both professionally and personally. And, in turn, this results in companies being able to reach their strategic goals in an effective way. The problem that businesses are facing with this increase in mobility, is that it inevitably means an increase in endpoints that a Data Loss Prevention (DLP) system has to cover. With roughly 90% of Americans now owning cellphones, many of which are brought into the workplace and even used for work in companies with BYOD (bring your own device) policies, it is essential to know what you should be doing to keep your files secure.

The risk
The risk is, of course, that increase in endpoints from mobile devices, wireless networks, and other mobile and cloud computing services. This creates an environment with no boundaries, unlike the in-office environment that DLP strategies generally cater for.

What exists currently
Mobile policies for companies tend to vary wildly from organization to organization, meaning there are no standard guidelines to follow. Many companies hope that their employees will follow their mobile policy when it comes to the sharing of confidential files on mobile. However, a policy is not a preventative strategy in the same way that a comprehensive DLP strategy is. It relies on a certain level of faith, and, given the level of work activity, and the level of access to work files, on mobile, this completely reduces the effectiveness of the entire DLP strategy.

What do companies do
Many companies avoid invasive software and protocols for mobile devices, often down to privacy issues, especially with BYOD workplaces, and device compatibility. Data Loss Prevention is normally not employed on mobile, so that comprehensive range of solutions for in-office, is not available for mobile in the same way.  Therefore, workplaces find themselves in a situation where employees can get around DLP protocols and send sensitive information to their phones and onto cloud sharing platforms at just the swipe of a button.

In some cases, employees are actually more likely to compromise confidential information by leaking or sharing it when they are out of the office, and therefore perceive themselves as less likely to be physically caught.

Some companies use Virtual Private Networks (VPNs) and Cloud Access Security Brokers (CASBs) to assist in reducing the risk, but there are major concerns with both. VPNs don’t have any control over interfaces that companies are increasingly starting to move towards such as Software as a Service (SaaS) apps like Salesforce, and Office 365. CASBs appear to get around this by allowing control over SaaS apps, however they offer very limited DLP capabilities, rendering them not a viable solution at all for most companies serious about DLP.

The solution
So, how do companies extend their security to the mobile arena? You don’t want to prohibit the easy sharing and transfer of content that enables your employees to work on the go, so generally it is best to place the focus specifically on prohibiting the transfer of the sensitive information you cannot have released:

  • Place a watermark on confidential content
  • Block screen captures and clipboard functions for sensitive information
  • Prevent download of sensitive files to mobile
  • Multi-factor authentication for apps
  • Log mobile activity and track suspicious circumstances

While DLP may not have the comprehensive architecture for mobile quite yet, that doesn’t mean it’s worth ignoring the risk. There are plenty of DLP solutions out there that can provide your organization with the focuses above and find a happy medium between complying with privacy guidelines and protecting your organization’s data.