Posts from ‘Interactions’
I spent my morning reading through the 2010 Data Breach Investigations Report that was just published by the Verizon RISK Team and the United States Secret Service. This is an amazingly insightful report with lots of information to digest. If the topic of data breaches interests you, I highly recommend finding time to read through it.
Data breaches are expensive. According to the Ponemon Institute’s 2009 Cost of a Data Breach study, the average cost of each compromised record is $204.
Here are 5 quick recommendations that I’d like you to consider:
- Recognize your data: Before you can protect confidential, sensitive and important data you must first go through an exercise of identifying where it lives, who has access to it, how it’s handled, what systems it touches, and make sure any and all interactions with the data is fully visible and auditable.
- Take proactive precautions: The majority of breaches were deemed “avoidable” if the company had followed some security basics. Only 4 percent of breaches required difficult and expensive protective measures. Enforce policies that control access and handling of critical data.
- Watch for ‘minor’ policy violations: The study finds a correlation between seemingly minor policy violations and more serious abuse. This suggests that organizations should investigate all policy violations. Based on case data, the presence of illegal content on user systems or other inappropriate behavior is a reasonable indicator of a future breach. Actively searching for such indicators may prove even more effective.
- Monitor and filter outbound traffic: At some point during the sequence of events in many breaches, something (data, communications, connections) goes out externally via an organization’s network that, if prevented, could break the chain and stop the breach. By monitoring, understanding and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
- If a breach has been identified, don’t keep it to yourself: Standard procedure for data breach recovery should be to quickly identify the severity of the breach… And affected individuals have a right to know that sensitive information about them has accidently been compromised.
I’m going to end this blog post by asking you to estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204. I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment.
Not the hosting and using of services over the Internet, oh no. I’m talking about the term “Cloud Computing.”
Well, that’s just one of John Soat’s “Five Predictions Concerning Cloud Computing”
What are the five predictions?
- All applications will move into the cloud.
- Platform-as-a-service (PaaS) will supplant software-as-a-service (SaaS) as the most important form of cloud computing for small and, especially, mid-size businesses.
- Private clouds will be the dominant form of cloud computing in large enterprises
- Hybrid clouds eventually will dominate enterprise IT architectures
- The term “cloud computing” will drop off the corporate lexicon.
This is a fun and engaging read, and the comments afterward are equally as interesting. Worth checking out.
When interviewing job candidates, I’m always on the lookout for dedicated, motivated, passionate people that relish in rolling up their sleeves and doing whatever it takes to get the job done. Why? Because a little bit of chutzpah goes a long way towards being a successful and productive employee.
Unfortunately, yes, they can.
In his guest blog post on LastWatchdog, Gary Shottes, President of Ipswitch File Transfer, describes an example of how hard-working employees are causing new security and legal liability implications that organizations need to carefully consider when deciding what tools to provide people with.
“Highly-motivated workers are willing to do whatever it takes to get the job done, with or without IT. Employees, whose job requires them to send information to colleagues, partners, vendors or customers around the globe, have literally thousands of file transfer options.
If IT fails to provide employees with a fast and easy way to share information, they will take matters into their own hands, even if that means using technology that’s not sanctioned by IT. They may use a personal webmail account, smartphones, USB drive, or even transfer data via Facebook and LinkedIn.”
Combining that increasingly familiar scenario with some recent survey data indicating that over 80% of IT executives lack visibility into files moving both internally and externally drives home the scary point that there’s a big security hole in many companies…. And organizations need to be careful that employees can’t crawl through it, even if it’s with the best of intentions.
Fortunately, there are some great tools out there to arm employees with a quick, easy-to-use and secure way to share information with other people, both inside and outside the company — While at the same time provide the company with the critical visibility, management and enforcement it needs to protect sensitive and confidential information. This is one situation where it makes a lot of sense to lead the horse to water & make it drink.
You have a huge file. I’m talking 15GB big. And, it needs to be in the hands of its intended recipient as soon as possible.
You can’t send it through email (thanks, file attachment burden!) and you wouldn’t want to anyways, since it contains all sorts of sensitive information. You can’t put it on a thumb drive or burn it to a disc because those are easily misplaced and could end up in the wrong hands. And you certainly can’t send it through a courier service because that’s way too expensive and really, who has the time for that?
So, how’s it gonna get there?
In the time that you wasted trying to figure out how to send that pesky little (ENORMOUS) file…the whole process could have been completed. No joke. You could have sent the file to your recipient’s email account, received a delivery notification, received a download notification, and possibly a phone call from your recipient saying “THANK YOU!!!”
How, do you ask? Why, with Sendable, of course!