Protecting The Crown Jewels Of Corporate Data

Consumerization has reached the tipping point - Data shows that the majority of companies surveyed already allow employees to use their personal devices for work-related activities.

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

The hardest aspect with this approach is deciding what data needs extra protection, but there are several tricks of the trade that were brought up by the panelists at the Protecting the Company’s Crown Jewels in the age of Information Security Trends at the LegalTech conference being held in New York City recently.

This can run the gamut from properly locking down personal mobile devices used for business to teaching staffers about spearphishing and general data security hygiene.

The Bring Your Own Device (BYOD) trend can be particularly worrying to any organization, said Sabito Morley, vice president of IT infrastructure and operations for DaVita Kidney Care, adding that people tend to view these as a personal device and not concern themselves with its security.

“For BYOD you must require people to put some app like Mobile Iron on the phone to encrypt it and have an agreement with the person that upon separation from the company it can wipe the device,” Morley said, adding a concession has to be made to allow the former employee to keep his or her personal data on the phone.

Jason Stearns, director of the legal and compliance group at Blackrock, agreed adding an additional layer of protection should be built in by continuing to give important executives corporate devices as they are the most likely to be targeted by hackers.

The problem of workers and outside vendors making mistakes that can lead to a security lapse can even occur while inside the home office, Stearn said. This can be something as simple as leaving papers with sensitive information strewn about an unattended desk or workers using an app like WhatsApp to pass around data not realizing it is outside their protected system and vulnerable to interception, said Gail Rodgers, a partner at DLA Piper.

The panelists also agreed a data breach is most likely to happen when an employee either consciously or unconsciously allows the breach to happen. Innocent mistakes in this category are usually due to spearphishing attacks.

Morely pointed out that one in 40 spearphishing attacks are successful with this attack vector now being one of the top profit generators for hackers. To combat companies have to impress upon staffers the importance of ensuring the emails they open are legitimate or install software that can spot these attacks.

Morely said there is software that can tag an email that comes from outside a company. This can help people determine if an email is dangerous or not by simply looking at the tag and who supposedly sent the email. If it's labeled coming from the outside, yet the return address is the HR department or CEO than it becomes more obvious the email is malicious.

The final lesson imparted by the panel is to delete old data. Stearns said 70 percent of most stored content is no longer needed and can be eliminated and once it is out of the system it is no longer a danger, he said.

SC Magazine: http://bit.ly/1PPZ7jY

« Intelligence Agencies Want To Target Surveillance Programs
HSBC Bank In The Line Of Cyber Fire »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

Mitigate Cyber

Mitigate Cyber

Mitigate Cyber (formerly Xyone Cyber Security) offer a range of cyber security solutions, from threat mitigation to penetration testing, training & much more.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.