Archive for ‘Information Spillage’

AAAAAAHHHHH…NOT REPLY ALL!!!?

Wednesday, November 16th, 2016

nicole_baker-ns

We often talk to our customers and prospective customers about the various benefits of using classification, such as stopping the malicious insider, ensuring your sensitive information is secure, keeping internal information from inadvertently leaking, and many more.

But, what about the basics? What about the dreaded ‘reply all’?

Generally, we think about ‘reply all’ incidents as a source of embarrassment and potentially an information leak. But not every ‘reply all’ scenario impacts your reputation. I’m talking about the scenario of hitting reply all…and there are 840,000 colleagues on the distribution list. Uh oh…

Reply All Banner
(more…)

 

 

Preparing for EU GDPR

Thursday, August 18th, 2016

sandra_catana-ns

On 28th May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will come into force with harsh fines and onerous implications. The primary goal of GDPR is to harmonize the protection of personal data across all EU member states. It will have an impact in the EU and around the world, affecting any organization that handles the personal data of EU residents. Don’t let that seemingly distant date delay you from starting to prepare.

TITUS-EU-GDPR-blog
(more…)

 

 

Bridging the Cybersecurity Talent Gap

Thursday, July 28th, 2016

john_timmerman-ns

Recently, a colleague of mine attended the 2016 CISO Leadership Forum in San Francisco where he had the opportunity to listen to Steve Zalewski, Chief Security Architect for Levi Strauss & Co., discuss the state of his cybersecurity resources. “I don’t need more hammers,” Mr. Zalewski stated, “I need more people to swing them.” The current shortage of cybersecurity experts is creating a “perfect storm” that could spell data disaster for a lot of organizations, both public and private. While cyber threats are growing more sophisticated and dangerous, a recent Cisco report highlights that there are 1 million open cybersecurity positions globally. This is a significant talent gap that is not going to be remedied quickly and is already causing significant difficulties.

So where can a data security team find more people to swing the data security hammers?

cybersecurty shortage
(more…)

 

 

How Will ‘Brexit’ Impact EU GDPR Compliance?

Tuesday, July 26th, 2016

craig_adams-ns

As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…

Brexit
(more…)

 

 

What is Your Data Exposure Risk?

Wednesday, July 13th, 2016

What would happen within your organization if it was faced with the unenviable process of e-discovery? Calm, quick assembly of relevant information, or pure chaos?  My guess is that it would lean heavily towards the latter; in fact, many companies are opting to settle out of court rather than deal with the resourcing and financial hardships which come from the process of e-discovery.

Why? Because companies are sitting on huge piles of data; sure, much of it is relevant business information, but I’d wager that a large percentage is ROT (redundant, outdated, and trivial). This type of data comes from the many versions of files created but never deleted, documents from employees who have long since left the company and are no longer useful, and the myriad of files which were once useful but have long since passed their shelf life (marketing campaigns from 6 years ago, anyone?).


(more…)

 

 

5 Email Policies to Save the Saints

Tuesday, July 5th, 2016

I think that I communicate with my colleagues almost as much via email as through verbal communications – even those I share an office with. In fact, probably about a third of the verbal communications are social interaction rather than direct business discussion. In email, however, most of the communication with my colleagues contains business information, sometimes including large attachments containing sensitive strategic plans. And unlike a verbal conversation which is lost to the ether, email endures. So, while talking about business plans outside the office where someone might overhear has some risk to the company, sending an email to the wrong recipient can be significantly more damaging. Yet, organizations are still not protecting themselves from these accidental breaches.

As a case in point I offer you this example from the National Football League (NFL). It is reported that on July 1st, the New Orleans Saints intended to send an email to the NFL head office regarding their plans to pick up a player who was just put on waivers (released) by the Cleveland Browns. The email, however, was accidentally addressed to the entire league. In other words, they broadcast their plan to all of their competition.

NFL-blog-image
(more…)

 

 

IT is Not Responsible for Your Mistakes

Wednesday, March 30th, 2016

victoria_mcglone-ns

We’ve all been there; heart racing, palms sweating, and gasps of remorse while frantically pressing the email recall button and praying you haven’t done what you think you have just done. You guessed it, I’m talking about the “oops” email – the email that you should not have just sent. The email that could cost you your job, your reputation and a sizable amount of regret!

Suggesting that IT is responsible for protecting today’s data is like suggesting a car dealership is responsible for the safety of drivers.  Ultimately, you can buy a car from a dealership, but it’s your responsibility to be safe and avoid accidents.  IT alone can’t cover the “oops” email or any other user blunders. As we move forward in a world where users are responsible for creating and handling an organization’s most important asset – data – it’s imperative to make users aware of their responsibility. After all, users are often much more aware of the sensitivity of a file than a machine can be.

I hear you asking: “Why is it my responsibility when we have all these great security systems?”

oops-blog
(more…)

 

 

Millennial Privacy – A Paradox?

Tuesday, January 26th, 2016

sandra_catana-ns

Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?

Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.

blog privacy day

(more…)

 

 

Oh Canada! How a Trip to Ottawa Converted a Data Classification Skeptic into a TITUS Champion

Thursday, January 14th, 2016

jeremy_wittkop-ns

The following blog has been re-posted with permission of the author. The original post can be found on Jeremy Wittkop’s LinkedIn blog.

This will be the rarest of posts. I am going to begin my post about why Data Classification is important to a content and context aware security program by telling you all of the reasons why I was originally skeptical of its value. I do so in hopes that people who share the same concerns I did will have an opportunity to experience the magic of the Titus approach vicariously through me. I am also going to do something that few people who are in my position are willing to do, while simultaneously do something no author should ever do. I am going to admit I was wrong and I am going to quote myself.

“I was wrong” – Me

blog_ottawa
(more…)