Addressing Insider Threats

Insider threats are defined as people who operate within an organization and work with sensitive information on a daily basis. Insider threats can be malicious and fit into one of three categories:

  • Malicious insiders
  • Negligent insiders
  • Infiltrators

Identifying the right products is critical for understanding the impacts threats can have. When it comes to the usage of inside information within a corporate environment, confidentiality, integrity, and availability (C.I.A) is important. Confidentiality ensures that information is only accessed by authorized personnel. Integrity, then, ensures that information does not need to be modified and is reliable. Lastly, availability, as the name suggests, ensures that information is readily available when needed. Our data security products help to uphold C.I.A.

Data Loss Prevention

We understand the sensitivity around your data and aim to control the usage of the business computers.

What is Data Loss Prevention (DLP)?

Data Loss Prevention (DLP) safeguards against sensitive data being lost, misused, or accessed by unauthorized users. DLP software is a set of tools and processes that classifies regulated, confidential, and business specific data, by identifying violations of policies defined by organizations or a predefined policy pack (e.g., driven by regulatory compliance mandated by HIPAA, PCI-DSS, or GDPR). Once these parameters (violations) are identified, DLP then enacts remediation by utilizing encryption, alerts, and other protective strategies to prevent end users from wittingly or unwittingly sharing data that puts the agency at risk. Data is protected when at rest, in motion, and in use vis a vis data loss prevention software and tools that closely monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud. Part of this process also includes reports to meet compliance and auditing requirements in order to identify abnormalities and weak points for forensics and incident responses.

Why Data Loss Protection Should be Used:

Problems with personal information protection/compliance, intellectual property (IP), and data visibility are solved with DLP.

  1. Personal Information Protection/Compliance: If your company collects and stores personally identifiable information (PII), protected health information (PHI), or payment card information (PCI), then it is highly probable that you are subject to compliance regulations established by HIPAA for PHI, GDPR (specific to personal data for EU residents) or other Privacy Acts that mandate protection of sensitive client data. In this context, DLP identifies, classifies, and tags sensitive data while also simultaneously monitoring activities around such data. Reports can provide details necessary for compliance audits.
  2. IP Protection: If your company possesses intellectual property or trade or state secrets that could put your company in financial risk if lost or stolen, then using a strategy like Digital Guardian, which uses context-based classification, can be applied to this sensitive data and classify it as both structured or unstructured forms and then protects against unwanted exfiltration of the data.
  3. Data Visibility: A comprehensive enterprise DLP solution can enhance an organization’s desire to gain additional visibility into data movement. This system helps one both see and track the data’s endpoints, networks, and the cloud. In turn, this permits the approved user to see how individual users within the organization interact with data.
  4. Data Assessment: Over time your IT staff, providers and applications may change and your organization may lose track of where its sensitive data is. Data assessment services help discover any lost and sensitive data in your systems.

Multi Factor Authentication

Multi Factor Authentication (MFA), sometimes referred to as two-factor authentication or 2FA, is a security enhancement. It permits the presentation of two pieces of evidence (i.e., your credentials) when logging in to an account. Credentials fall into three categories: 1) something you know (e.g., a PIN or a password), 2) something you have (e.g., a smart card), or 3) something you are (e.g., like your fingerprint). Entering two different passwords would not be considered multi-factor because credentials must come from two different categories in order to enhance security.

Generally, most MFA approaches will remember a device so, if one uses the same phone or computer to login, the website will remember your device as the second factor. Between recognizing the device being used as well as analytics, a bank for example, would be the only one who would have to do extra work should you be logging in from a different country.

When should MFA be used?

When it comes to your most sensitive data (i.e., your primary email, financial accounts, health records, etc.) you should use MFA whenever possible. Many organizations offer an MFA as an option you most knowingly turn on, while others require MFA use.

Digital Rights Management

Copyrights for digital media can be protected by digital rights management (DRM). This strategy uses technologies that minimize copying and use of copyrighted works and proprietary software. DRM grants publishers and authors to control what patrons can do with their works. Companies can implement DRM systems in order to help prevent users from accessing or using certain assets, avoiding legal entanglements resulting from unauthorized usage.

DRM technologies do not catch pirates. Rather, DRM makes it impossible to steal or share the content at all.

How Digital Rights Management Works

Generally, DRM’s utilize codes that prohibit the copying of content and limit the time or number of devices on which certain products can be accessed. Content creators (publishers and authors) apply an application to encrypt data, media, content, e-books, software, and other copyrighted material. If one has decryption keys, then they can access the material. Limitations or restrictions can be placed on the material as well.

There are many ways to protect your software, content, or product. DRM allows you to:

  • Restrict or prevent users from editing or saving your content, sharing or forwarding your product or content, and printing your content.
  • Prohibit users from screenshotting or creating screen grabs of your content.
  • Set an expiration date on your content so the viewer cannot access it, which can also be accomplished by limiting the number of uses a user has access to (e.g., after a user listens to a song 5 times or opens and printed something 5 times the product can be revoked).
  • Lock access to only IP addresses, locations, or devices (i.e., if one’s media is only available to US residents, it will then not be available to those who reside outside the US).
  • Establish ownership and identity, watermarked artworks and documents can be made.

Logs of people and the times of use/viewing of media, content, and software is also managed by DRM. For example, a DRM permits the authorized user to see when an e-book was downloaded or printed and who accessed it.

Managing Endpoints

Endpoint management allows designated IT staff to centrally manage and distribute operating systems updates as well as software and application updates. Additionally, it allows for asset inventory, compliance reporting for supported devices, and single administrative console for managing device security policies.