Archive for the ‘Data Security’ Category

In simple terms, data breaches can be defined as incidents where data (particularly sensitive, protected or confidential data) has been accessed, shared or otherwise exposed in an unauthorized way. The actual type of data involved in a breach might vary depending on the organization and the data they process. Many compliance regulations differ on what they define a data breach worthy of notification to actually be. For example, if you’re … Read more

In February of 2019, Gartner published their list of the top 10 security projects for 2019 – a list of security projects that security and risk management leaders need to consider implementing in order to reduce risk and achieve compliance. As organizations grow and become more complex, the prospect of introducing new security projects whilst maintaining existing ones can be daunting. Brian Reed, Senior Director Analyst at Garner, suggests that … Read more

2019 is set for being the worst year on record for data breaches, with as many as 3,813 breaches reported so far. As a result, businesses can no longer cross their fingers and hope that they won’t fall victim to a breach, as the chances are, they will. Businesses who are responsible for the personally identifiable information of consumers will be likely subject to a major compliance regulation (such as … Read more

From a security point of view, it is always recommended to use special service accounts to run application services instead of system accounts. The reason being, if a service account is compromised, the losses will be limited compared to a system account. However, any data breach (big or small) is a threat to IT security and when they can be so easily avoided what’s the point of relaxing security? The … Read more

Data Access Governance (DAG) is a broad term that refers to way we govern access to our data, if you haven’t already figured that out. Data Access Governance involves carrying out risk assessments, implementing privacy policies, discovering and classifying sensitive data, setting up access controls, and monitoring access to critical assets. It also involves analyzing inbound and outbound network traffic, security awareness training, and keeping up to date with the … Read more

For those that don’t know, an Amazon S3 bucket is a Simple Storage Service (S3), that is offered by Amazon Web Services (AWS) – the most popular cloud service in the world. S3 buckets are used by a number of high-profile service providers such as Netflix, Tumblr, and Reddit. They enable people to store large amounts of data at a relatively low cost, provide “99.99% availability”, and are generally easy … Read more

Back in 2017, the New York State Department of Financial Services (NYSDFS) brought forward a cybersecurity regulation aimed at the financial industry. The GDPR-like regulation includes incredibly strict requirements for reporting data breaches and limiting data retention. There are a few commonalities with the NYDFS Cybersecurity Regulation and other well-known regulations, including controls for data security, risk assessment processes, security policy documentation and the appointment of a CISO. The objective … Read more

Personally Identifiable Information (PII) is commonly defined as “any data that could potentially identify a specific individual”, and can be either sensitive or non-sensitive. Sensitive PII is information which, when disclosed to an unauthorised entity, could result in harm to the data subject. Disclosure of non-sensitive PII, on the other hand, will result in little to no harm to the data subject. What Qualifies as PII? PII includes names, addresses, … Read more

With increasing concerns about data protection and privacy, there has been a lot of talk about the importance of enabling people to own their own data. What does this mean? Let’s take Facebook as an example. A user will register with the platform and fill out some basic information about themselves. After that they will likely start adding friends, posting updates, uploading photos, and so on. The problem here is … Read more

When it comes to cyber-attacks, the real estate industry rarely makes the headlines. Yet, real estate companies deal with high value transactions on a daily basis and are frequently targeted by hackers. Not only that, but despite storing and processing large amounts of financial data, real estate firms are not bound by any industry-specific data protection regulations, such as HIPAA, PCI and SOX, to name a few. Of course, if … Read more