Protecting The Crown Jewels Of Corporate Data

Uploaded on 2016-02-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Consumerization has reached the tipping point - Data shows that the majority of companies surveyed already allow employees to use their personal devices for work-related activities.

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

The hardest aspect with this approach is deciding what data needs extra protection, but there are several tricks of the trade that were brought up by the panelists at the Protecting the Company’s Crown Jewels in the age of Information Security Trends at the LegalTech conference being held in New York City recently.

This can run the gamut from properly locking down personal mobile devices used for business to teaching staffers about spearphishing and general data security hygiene.

The Bring Your Own Device (BYOD) trend can be particularly worrying to any organization, said Sabito Morley, vice president of IT infrastructure and operations for DaVita Kidney Care, adding that people tend to view these as a personal device and not concern themselves with its security.

“For BYOD you must require people to put some app like Mobile Iron on the phone to encrypt it and have an agreement with the person that upon separation from the company it can wipe the device,” Morley said, adding a concession has to be made to allow the former employee to keep his or her personal data on the phone.

Jason Stearns, director of the legal and compliance group at Blackrock, agreed adding an additional layer of protection should be built in by continuing to give important executives corporate devices as they are the most likely to be targeted by hackers.

The problem of workers and outside vendors making mistakes that can lead to a security lapse can even occur while inside the home office, Stearn said. This can be something as simple as leaving papers with sensitive information strewn about an unattended desk or workers using an app like WhatsApp to pass around data not realizing it is outside their protected system and vulnerable to interception, said Gail Rodgers, a partner at DLA Piper.

The panelists also agreed a data breach is most likely to happen when an employee either consciously or unconsciously allows the breach to happen. Innocent mistakes in this category are usually due to spearphishing attacks.

Morely pointed out that one in 40 spearphishing attacks are successful with this attack vector now being one of the top profit generators for hackers. To combat companies have to impress upon staffers the importance of ensuring the emails they open are legitimate or install software that can spot these attacks.

Morely said there is software that can tag an email that comes from outside a company. This can help people determine if an email is dangerous or not by simply looking at the tag and who supposedly sent the email. If it's labeled coming from the outside, yet the return address is the HR department or CEO than it becomes more obvious the email is malicious.

The final lesson imparted by the panel is to delete old data. Stearns said 70 percent of most stored content is no longer needed and can be eliminated and once it is out of the system it is no longer a danger, he said.

SC Magazine: http://bit.ly/1PPZ7jY

« Intelligence Agencies Want To Target Surveillance Programs
HSBC Bank In The Line Of Cyber Fire »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business