Posts

Laptop security

The Data Journey

With GDPR now in place, what should businesses consider in order to set good policies around data at the different stages in the data journey, such as when it is at rest, in transit, in the cloud? And what will GDPR mean for this?

This blog, from Nigel Crockford, Business Development Manager at IT consultancy and data security specialist eSpida discusses data policies.

Data policies

A good data policy must clearly outline how data will be managed from collection through to storage, with an unambiguous set of procedures detailing how, why and by who. This is necessary for businesses to protect themselves under the new GDPR law. This includes a clear policy on the use of email as a method of storing and moving data.

The proliferation of email has meant that it is far too easy to embed malware into an email that will then sit in an inbox for weeks or even months. Organisations should start to adopt policies that take advantage of instant messaging for general peer to peer communications, to minimise the risk associated with over-reliance on email and email security.

The cloud

When multiple people have access to data, which is often the case with information stored in the cloud, there is a greater concern of loss, amendment or handling without necessary permissions. Businesses must have a procedure in place that not only ensures only authorised people directly handle data, but that every person who may process data in some way does so safely.

Data loss prevention (DLP) solutions help to form good policy to help identify, report and stop the movement of data in and out of your network.

IT security best practice

If a person’s device or computer has access to a system that holds data, any viruses that affect it or hackers that attack it can pose a potential risk to data security. It’s crucial that good IT security practice forms an integral part of business culture.

IT security best practice includes:

  • updating systems
  • upholding policies around patch management to ensure systems are kept up to date and protected against hacking
  • installing antivirus software
  • setting secure passwords
  • using more advanced security solutions such as two factor authentication

The introduction of GDPR has made such policies and best practice even more important.  If you feel your business is vulnerable, an IT consultancy offering IT security solutions and services such as eSpida can help.

/0 Comments/by
DLP and CASB

An Introduction to CASB and DLP

With the introduction of Bring Your Own Device (BYOD) into the workplace, holes have appeared within many organisations’ security and compliance applications.  Holes which some IT users are blind to.

Software programs such as OneDrive, GoogleDrive and Dropbox that users install on their personal equipment to move files to work on outside of the workplace, are highly susceptible to such “holes”.  These transferable documents may contain sensitive data and can pose a threat to any organisation if compromised.

Cloud Access Security Broker (CASB) and Data Leakage Protection (DLP) software is designed to eliminate such issues.

What is CASB?

  • CASB stands for cloud access security broker.
  • It is an application that separates the company’s own on-premises infrastructure and an external cloud provider’s infrastructure.
  • CASBs identify active cloud applications and detect high-risk users and applications.
  • CASB extends organisational security policies beyond internal infrastructure.

What is DLP

  • DLP stands for data loss prevention.
  • DLP products enable network administrators to regulate the business data that users can transfer to ensure confidential or sensitive data is not sent outside the business network unless authorised.
  • DLP applications use predefined rules to categorise and protect confidential information to prevent users from sharing such data, be it accidentally or maliciously.

Forcepoint CASB and DLP

Forcepoint has developed its Cloud Access Security Broker (CASB) and Data Leakage Protection (DLP) applications to offer organisations an effective and efficient way to protect business-critical, sensitive data.

Forcepoint CASB along with its sister product Forcepoint DLP allows organisations to monitor who, what and when with regards the movement of information and data between the organisation and the cloud applications installed on user devices.

The software allows IT departments to discover and assess the risks of the unsanctioned cloud apps and will also enable tighter control of sanctioned cloud apps, facilitating a greater understanding of organisational data flow and the prevention of critical data loss.

These two Forcepoint products have been recognised as the market leaders in this area by analysts.  They provide industries with the most complete data protection platform, utilising its functionality in data discovery and data leakage prevention and as such provide a secure base for organisations to meet industry compliance requirements such as the General Data Protection Regulation (GDPR).

Never has an IT department’s role in the protection of data been as crucial as it is today.  Educating employees is a fundamental starting point. And to take care of the inevitable mishaps, having the right protection in place is imperative.

Take a look at the Forcepoint webpage to find out more.

/0 Comments/by