Protecting The Crown Jewels Of Corporate Data

Consumerization has reached the tipping point - Data shows that the majority of companies surveyed already allow employees to use their personal devices for work-related activities.

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

The hardest aspect with this approach is deciding what data needs extra protection, but there are several tricks of the trade that were brought up by the panelists at the Protecting the Company’s Crown Jewels in the age of Information Security Trends at the LegalTech conference being held in New York City recently.

This can run the gamut from properly locking down personal mobile devices used for business to teaching staffers about spearphishing and general data security hygiene.

The Bring Your Own Device (BYOD) trend can be particularly worrying to any organization, said Sabito Morley, vice president of IT infrastructure and operations for DaVita Kidney Care, adding that people tend to view these as a personal device and not concern themselves with its security.

“For BYOD you must require people to put some app like Mobile Iron on the phone to encrypt it and have an agreement with the person that upon separation from the company it can wipe the device,” Morley said, adding a concession has to be made to allow the former employee to keep his or her personal data on the phone.

Jason Stearns, director of the legal and compliance group at Blackrock, agreed adding an additional layer of protection should be built in by continuing to give important executives corporate devices as they are the most likely to be targeted by hackers.

The problem of workers and outside vendors making mistakes that can lead to a security lapse can even occur while inside the home office, Stearn said. This can be something as simple as leaving papers with sensitive information strewn about an unattended desk or workers using an app like WhatsApp to pass around data not realizing it is outside their protected system and vulnerable to interception, said Gail Rodgers, a partner at DLA Piper.

The panelists also agreed a data breach is most likely to happen when an employee either consciously or unconsciously allows the breach to happen. Innocent mistakes in this category are usually due to spearphishing attacks.

Morely pointed out that one in 40 spearphishing attacks are successful with this attack vector now being one of the top profit generators for hackers. To combat companies have to impress upon staffers the importance of ensuring the emails they open are legitimate or install software that can spot these attacks.

Morely said there is software that can tag an email that comes from outside a company. This can help people determine if an email is dangerous or not by simply looking at the tag and who supposedly sent the email. If it's labeled coming from the outside, yet the return address is the HR department or CEO than it becomes more obvious the email is malicious.

The final lesson imparted by the panel is to delete old data. Stearns said 70 percent of most stored content is no longer needed and can be eliminated and once it is out of the system it is no longer a danger, he said.

SC Magazine: http://bit.ly/1PPZ7jY

« Intelligence Agencies Want To Target Surveillance Programs
HSBC Bank In The Line Of Cyber Fire »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Infima Cybersecurity

Infima Cybersecurity

INFIMA tackle the hard parts of managing your Security Awareness Training program so you can focus elsewhere.