Archive for the ‘Data Security’ Category

  An information security policy (ISP) is arguably the most important cybersecurity policy an organization can have. Essentially, an ISP defines the protocols and procedures for identifying, evaluating, mitigating, and recovering from security threats. An ISP is data-centric, in that its main objective is to protect data confidentiality, integrity, and availability (known as the CIA triad). An ISP will cover a broad range of areas including access control, data classification, … Read more

  Those familiar with data security best practices will have heard of the “principle of least privilege”, which is where employees and relevant stakeholders are granted the least access privileges they need to carry out their role. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has adopted a similar principle known as “The HIPAA Minimum Necessary Standard”, which is an integral part of The HIPAA Security Rule. The … Read more

  Being a security solutions provider, we get into a lot of conversations about specific security strategies, some of which we help with and some we don’t. Many security teams start off their search for data security solutions with something specific in mind, like a privileged access management solution, for example. Occasionally, when we get down into the nitty-gritty conversations with these teams, we find that the problems they are … Read more

  Data Sprawl happens when enterprises collect, process, and store vast amounts of data, and it’s becoming increasingly harder for them to keep track of what data they have, where it is located and who has access to it. What is Data Sprawl? Our data (both structured and unstructured) is consumed by a wide range of applications and operating systems and stored on a variety of endpoints and servers. Our … Read more

  There’s no escaping the fact that employee data theft represents a huge threat to the security of our data. According to the following blog post by techjury.net, 66% of organizations consider malicious insider attacks (or accidental breaches) to be more likely than external attacks – a number that has increased by 47% over the last two years. In 2020, the total cost of insider threats (related to credential theft) … Read more

When we look at the schedules of the CISOs we consult with, we’re almost always faced with an impossibly large list of tasks (all of which are urgent!). CISOs are typically inundated with tasks and a lot of their time is spent translating things to the rest of the business. It’s a critical communications role within a business, so efficiency is key. We spoke with Vladi Sandler, CEO at Lightspin, … Read more

A data protection impact assessment (DPIA) is a form of risk assessment that is designed to help organizations identify, analyze and minimize the privacy risks associated with a given project. All entities (with some exceptions) covered by the General Data Protection Regulation (GDPR) must carry out regular DPIAs as a part of the “privacy by design” principle. A failure to do so could result in legal action, including potentially steep … Read more

A zero-day vulnerability is a software bug which developers have “zero days” to fix. Hackers are always looking for software vulnerabilities to exploit in order to steal sensitive data or engage in other forms of malicious activity. If a company finds a bug in their software, it becomes a race against the clock to ensure that the bug is fixed before hackers are able to exploit it. One of the … Read more

The Cyber Security Breaches Survey 2021 was published on the 24th of March 2021. The survey was carried out by Ipsos MORI on behalf of The Department for Digital, Culture, Media and Sport (DCMS). Read full survey here. The purpose of the survey was to gather information about attitudes towards cyber security and assess the impact that COVID-19 has had on organizations in the UK. Below are some of the … Read more

What is Data Leakage? Data leakage is when sensitive data is unintentionally exposed to the public. Data can be exposed in transit, at rest or in use. Data exposed in transit can include data sent in emails, chat rooms, API calls, and so on. Data exposed at rest may be the result of a misconfigured cloud storage facility, and unprotected database, or from lost or unattended devices. Data exposed in … Read more