Archive for the ‘Data Security’ Category

From a security point of view, it is always recommended to use special service accounts to run application services instead of system accounts. The reason being, if a service account is compromised, the losses will be limited compared to a system account. However, any data breach (big or small) is a threat to IT security and when they can be so easily avoided what’s the point of relaxing security? The … Read more

Data Access Governance (DAG) is a broad term that refers to way we govern access to our data, if you haven’t already figured that out. Data Access Governance involves carrying out risk assessments, implementing privacy policies, discovering and classifying sensitive data, setting up access controls, and monitoring access to critical assets. It also involves analyzing inbound and outbound network traffic, security awareness training, and keeping up to date with the … Read more

For those that don’t know, an Amazon S3 bucket is a Simple Storage Service (S3), that is offered by Amazon Web Services (AWS) – the most popular cloud service in the world. S3 buckets are used by a number of high-profile service providers such as Netflix, Tumblr, and Reddit. They enable people to store large amounts of data at a relatively low cost, provide “99.99% availability”, and are generally easy … Read more

Back in 2017, the New York State Department of Financial Services (NYSDFS) brought forward a cybersecurity regulation aimed at the financial industry. The GDPR-like regulation includes incredibly strict requirements for reporting data breaches and limiting data retention. There are a few commonalities with the NYDFS Cybersecurity Regulation and other well-known regulations, including controls for data security, risk assessment processes, security policy documentation and the appointment of a CISO. The objective … Read more

Personally Identifiable Information (PII) is commonly defined as “any data that could potentially identify a specific individual”, and can be either sensitive or non-sensitive. Sensitive PII is information which, when disclosed to an unauthorised entity, could result in harm to the data subject. Disclosure of non-sensitive PII, on the other hand, will result in little to no harm to the data subject. What Qualifies as PII? PII includes names, addresses, … Read more

With increasing concerns about data protection and privacy, there has been a lot of talk about the importance of enabling people to own their own data. What does this mean? Let’s take Facebook as an example. A user will register with the platform and fill out some basic information about themselves. After that they will likely start adding friends, posting updates, uploading photos, and so on. The problem here is … Read more

When it comes to cyber-attacks, the real estate industry rarely makes the headlines. Yet, real estate companies deal with high value transactions on a daily basis and are frequently targeted by hackers. Not only that, but despite storing and processing large amounts of financial data, real estate firms are not bound by any industry-specific data protection regulations, such as HIPAA, PCI and SOX, to name a few. Of course, if … Read more

77% of companies use at least one cloud-based service, according to an article by Forbes, and it’s inevitable that the adoption of cloud solutions will continue to grow. Why? Because cloud services are scalable, flexible, easy-to-use, and can save businesses money in the long-term. However, cloud services present a number of security issues relating to the way data is accessed and used, which makes safeguarding sensitive data and complying with … Read more

2019 has been touted as the “worst year on record” for data breaches, with the number of breaches already up by 54%, according to a new report by Cyber Risk Analytics. Compromised email accounts account for 70% of stolen data, with passwords accounting for 64%. The majority of attacks targeted the business sector, and were initiated by malicious outsiders, who typically seek to exploit vulnerabilities in misconfigured databases and services. … Read more

Data loss prevention (DLP) is a broad term that refers to a collection of techniques designed to prevent sensitive data either falling into the wrong hands or being corrupted in some way. Such techniques include controlling and monitoring access to sensitive data, and any devices/networks that store the data. While firewalls, IDPS and anti-virus solutions are useful for analysing and restricting inbound network traffic, DLP is more focused on what … Read more