As organizations across the globe continue to grapple with Covid-19 and the abrupt shift from a predominantly office-based working environment to a predominantly remote working environment, the question of how to effectively navigate insider risk has become a hot topic. NOTE: I will use the terms “insider risk” and “insider threat” interchangeably. Even though some consider an insider threat to be a subset of insider risk, they still essentially refer … Read more
As you probably already know, Microsoft Office 365 enables employees (and other relevant stakeholders) to effortlessly collaborate on projects, and allows them to collectively share, edit and comment on documents in a harmonized manner. As they say, with great power comes great responsibility, but of course, this is not something we can count on. The reality is that employees are often unaware of who they sharing documents with, and whether … Read more
Despite significant improvements in cloud security in recent years, IT professionals are still cautious about storing and processing sensitive data in the cloud. We still hear of security breaches caused by misconfigured storage containers, insecure interfaces and APIs, user account hijacking, and more. The lack of visibility, combined with the ability for employees to easily share data with people outside of the organization makes security professionals nervous. At the end … Read more
PHI is not the twenty-first letter of the Greek alphabet, nor is it a ratio defined by geometric construction. In this context, PHI stands for “Protected Health Information”, and includes any health information, in any form, that can be used to identify an individual, in some way. It is important to understand that, even though information such as names, telephone numbers, and birthdates are not unique identifiers, they are said … Read more
Why Are Fewer Companies Deploying Security Monitoring Tools?
05.26.2021, Data Security, by
Brian Jefferson.
In March 2021, The Department for Digital, Culture, Media, and Sport (DCMS) published its sixth annual survey of UK businesses, charities, and educational institutions as part of the National Cyber Security Programme. The Cyber Security Breaches Survey 2021, as it is called, highlighted a number of important issues relating to the way companies have been securing their systems and data during the ongoing pandemic. Perhaps the most notable (and somewhat … Read more
What Is An Information Security Policy?
05.14.2021, CISO, Data Security, General, IT Operations, by
Philip Robinson.
An information security policy (ISP) is arguably the most important cybersecurity policy an organization can have. Essentially, an ISP defines the protocols and procedures for identifying, evaluating, mitigating, and recovering from security threats. An ISP is data-centric, in that its main objective is to protect data confidentiality, integrity, and availability (known as the CIA triad). An ISP will cover a broad range of areas including access control, data classification, … Read more
Understanding the HIPAA Minimum Necessary Standard
05.10.2021, Compliance, Data Security, by Philip Robinson.
Those familiar with data security best practices will have heard of the “principle of least privilege”, which is where employees and relevant stakeholders are granted the least access privileges they need to carry out their role. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has adopted a similar principle known as “The HIPAA Minimum Necessary Standard”, which is an integral part of The HIPAA Security Rule. The … Read more
How to Choose the Right Data Security Solution
05.07.2021, Data Security, General, by Philip Robinson.
Being a security solutions provider, we get into a lot of conversations about specific security strategies, some of which we help with and some we don’t. Many security teams start off their search for data security solutions with something specific in mind, like a privileged access management solution, for example. Occasionally, when we get down into the nitty-gritty conversations with these teams, we find that the problems they are … Read more
What is Data Sprawl and How do You Manage It?
05.06.2021, Data Security, General, by Philip Robinson.
Data Sprawl happens when enterprises collect, process, and store vast amounts of data, and it’s becoming increasingly harder for them to keep track of what data they have, where it is located and who has access to it. What is Data Sprawl? Our data (both structured and unstructured) is consumed by a wide range of applications and operating systems and stored on a variety of endpoints and servers. Our … Read more
There’s no escaping the fact that employee data theft represents a huge threat to the security of our data. According to the following blog post by techjury.net, 66% of organizations consider malicious insider attacks (or accidental breaches) to be more likely than external attacks – a number that has increased by 47% over the last two years. In 2020, the total cost of insider threats (related to credential theft) … Read more
