Balabit named Representative Vendor in Gartner Mar... » NEW YORK CITY:  Balabit has been listed as a representative vendor in Gartner’s Market Guide for Use... Aricent and Rohde, Schwarz Cybersecurity unveil a ... » REDWOOD CITY, California/ Leipzig, Germany: Aricent, Rohde & Schwarz Cybersecurity have announce... TrapX deepens deception capabilities with Deceptio... » SAN MATEO, Calif.: TrapX Security has released version 6.0 of its DeceptionGrid™ platform. Version 6... Cloud infrastructure services providers comply wit... » Brussels: The Cloud Infrastructure Services Providers in Europe (CISPE)have declared that over 30 se... Armour Comms launches first secure Voice over IP... » London: Armour Communications has announced its integration with Skype for Business. Armour Mobile i... Anam Technologies selected by Deutsche Telekom a... » DUBLIN, BONN:  Anam Technologies has gone into partnership with Deutsche Telekom International Carri... 6.7 percent of programmes on private UK PCs are en... » Maidenhead, U.K: The average private user in the UK has 72 programmes installed on their PC, and 6.7... Multitone’s EkoSecure Personal Alert System chos... » Multitone Electronics plc has announced that its German-based team, Multiton Elektronik GmbH, has su... IoT 2020: Smart and secure IoT platform » Geneva, Switzerland: The Internet of Things (IoT) significantly impacts the global economy and is ex... Letterbox company to keep properties safe with inn... » A specialist mailbox manufacturer has made a pledge to enhance the security of UK properties through...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

London, UK: Reacting to reports in the New York Times and Guardian newspapers on the leaking of wealth and tax arrangements data on 120,000 companies - plus 130,000 high net worth individuals and their financial agents – Varonis Systems says that this highlights the need for organisations to know who is accessing their data internally. And in particular, who has access to what data - and how it is being handled - especially unstructured data such as spreadsheets and documents in email, in order to protect the privacy of individuals.

 

David Gibson, the data governance specialist’s vice president, says that incidents like this leak by the International Consortium of Investigative Journalists show how not all organisations are equal when it comes to data protection.

“Wherever valuable, sensitive information is stored, it should come as no surprise that others – for whatever their reasons - will try to obtain this information. Management professionals need to realize that information now has a very tangible value that can escalate, depending on who wants that data, and what they plan to do with it,” he explained.

Gibson shares five governance rules to plan and militate against these types of disasters:

Understand the value of the information you store –Organizations store large quantities of digital information that often belong to their customers and business partners. Without the ability to access and share information securely, almost every business process will be impaired. For individuals it is not much different: imagine, for example, losing control of your Gmail account, and then your online banking account, etc.

Learn Your Way Around - once we learn to recognise the value of our information, we need to know understand where it's stored and how it is shared. Information can easily be exported, copied and replicated to many systems and formats. For example, don’t assume customer information is only in your customer database.

Insist on fundamental controls - wherever we have assets that need to be protected, we need basic controls around them - such as authentication, authorisation, auditing and alerting. These controls will not stop all attacks, but they will certainly stop most of them, and without them it will be very difficult to recover or even understand what happened.

Make sure data stays in controlled areas - Once you have got the right controls in place for secure collaboration, no one should be allowed to bypass them. The use of unsanctioned public cloud services is an example of how employees can circumvent internal controls. Unfortunately, services that the business does not know about - or approve of - are entirely outside of organisational control, and so is the information stored in them…

Extract Value From Your Data - when information cannot be shared it has little to no value. When it is available to too many people - or the wrong people – it becomes a liability. Information is most valuable when it's available to the right people, and only the right people.