Archive for ‘Protective Marking’

3 Steps to Prevent Information From Just Walking Out the Door

Wednesday, January 6th, 2016

kelly_fraser-ns

We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?

blog confidential doc

At first glance it may seem there is nothing we can do, but there are steps that can be taken.
(more…)

 

 

Cyber Security Awareness Month

Thursday, October 8th, 2015

bergen_wilde-ns

October is National Cyber Security Awareness Month. This week, the focus is on creating a culture of cyber security at work. For TITUS, helping to create a culture of security is a cornerstone for our solutions.

Implementing digital and technology security solutions within an organization usually involves several components, including secure network gateways, data loss prevention systems, and encryption. But with the rapid explosion of mobile devices that can store gigabytes of data and the easy access to cloud sync and share services, it is difficult for technology and IT teams to keep up and ensure that users are not accidentally leaking sensitive information. It is essential, therefore, that your users understand digital security risks and correct policies for sharing information.

To foster a culture of security, organizations need a solution that will:
(more…)

 

 

Your Success Is Tied to Your Intellectual Property; Is Your IP Tied to You?

Friday, July 19th, 2013

A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).

Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.

Yikes!
(more…)

 

 

Why Isn’t My DLP Investment Paying Off?

Wednesday, January 4th, 2012

It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.

The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).

The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.

The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)

 

 

New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)

 

 

How Classification Labels Enable End-User Security Awareness

Friday, June 17th, 2011

As much as we’d like it to, technology simply can’t protect our data 100 percent of the time. When it’s in databases, or travelling over a network, data can be encrypted, or can be protected with strict access controls. However, at some point in time, most of our business processes involve documents such as reports, spreadsheets, presentations and emails. Whenever we put information into these kinds of portable formats, it becomes harder to protect with technology. Applying classification labels to documents when they are created enables a level of security awareness among users.  This extends our security policies into the realm of human information exchanges (as opposed to electronic exchanges between systems).

While the big picture view of security awareness and data classification may not be obvious, it’s worthwhile looking at the parallels between automated and manual information exchanges to appreciate the critical elements on the human side. 

(more…)