Protecting The Crown Jewels Of Corporate Data

Uploaded on 2016-02-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Consumerization has reached the tipping point - Data shows that the majority of companies surveyed already allow employees to use their personal devices for work-related activities.

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

The hardest aspect with this approach is deciding what data needs extra protection, but there are several tricks of the trade that were brought up by the panelists at the Protecting the Company’s Crown Jewels in the age of Information Security Trends at the LegalTech conference being held in New York City recently.

This can run the gamut from properly locking down personal mobile devices used for business to teaching staffers about spearphishing and general data security hygiene.

The Bring Your Own Device (BYOD) trend can be particularly worrying to any organization, said Sabito Morley, vice president of IT infrastructure and operations for DaVita Kidney Care, adding that people tend to view these as a personal device and not concern themselves with its security.

“For BYOD you must require people to put some app like Mobile Iron on the phone to encrypt it and have an agreement with the person that upon separation from the company it can wipe the device,” Morley said, adding a concession has to be made to allow the former employee to keep his or her personal data on the phone.

Jason Stearns, director of the legal and compliance group at Blackrock, agreed adding an additional layer of protection should be built in by continuing to give important executives corporate devices as they are the most likely to be targeted by hackers.

The problem of workers and outside vendors making mistakes that can lead to a security lapse can even occur while inside the home office, Stearn said. This can be something as simple as leaving papers with sensitive information strewn about an unattended desk or workers using an app like WhatsApp to pass around data not realizing it is outside their protected system and vulnerable to interception, said Gail Rodgers, a partner at DLA Piper.

The panelists also agreed a data breach is most likely to happen when an employee either consciously or unconsciously allows the breach to happen. Innocent mistakes in this category are usually due to spearphishing attacks.

Morely pointed out that one in 40 spearphishing attacks are successful with this attack vector now being one of the top profit generators for hackers. To combat companies have to impress upon staffers the importance of ensuring the emails they open are legitimate or install software that can spot these attacks.

Morely said there is software that can tag an email that comes from outside a company. This can help people determine if an email is dangerous or not by simply looking at the tag and who supposedly sent the email. If it's labeled coming from the outside, yet the return address is the HR department or CEO than it becomes more obvious the email is malicious.

The final lesson imparted by the panel is to delete old data. Stearns said 70 percent of most stored content is no longer needed and can be eliminated and once it is out of the system it is no longer a danger, he said.

SC Magazine: http://bit.ly/1PPZ7jY

« Intelligence Agencies Want To Target Surveillance Programs
HSBC Bank In The Line Of Cyber Fire »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Identify Security Software

Identify Security Software

Our mission is to bring in a new age of autonomous human authentication in the security and identity space.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.