Adding Data Security to Your Off-Boarding Checklist

Every time an employee leaves the company, whether willingly or unwillingly, HR has a checklist to complete. Not only are you responsible for coordinating their departure and replacement with their team, supervisor, and subordinates, but there is also an incredible amount of data management to do. This was one of your flock, one of the […]

Read More

Lessons from the OPM Data Breach

In 2015, the US government’s Office of Personnel Management (OPM) reported data breaches that affected millions of applicants and employees. It was the worst data breach in history in a human resources department. Most of the news coverage focused on the politics of the attack, which came from China. From the standpoint of HR departments, […]

Read More

What if your data could talk?

Digital transformation and how to listen to your data It is estimated that 80% of organisations are currently undertaking or planning some form of business or digital transformation, with the aim of increasing revenues, improving efficiency, managing risks and reducing costs. While these efforts can be absolute game-changers for businesses and many of the strategies […]

Read More

Encrypt Everything!? Maybe not.

I was working as a Security Architect when the Director of Strategy and Architecture made the announcement that our latest strategy was to “Encrypt Everything”. This was a telecoms company with a distributed IT infrastructure, thousands of staff, and a huge number of networks. The volume of confidential documents created daily numbered in the thousands, […]

Read More

The Problem with Data Security

Data breaches are a huge problem and one that’s still growing. In the United States alone, over 20 million records were stolen in the first two months of 2018, and those are the ones that we know about due to disclosure. It’s fair to wonder why this is happening, and what the true scale of […]

Read More

DLP as part of a Data-Centric Security Strategy

Strategies usually have a short discussion window for Executive approval, and it is the job of the CISO to get complex security messages across to the board. Boards typically understand Risk, Finance, and, rarely, there are technical board members who understand IT. Security is a difficult combination of these concepts, focused on protecting the most […]

Read More

ITAR-Compliant Cloud Services

Businesses that handle US military data must be extremely careful. The regulations under ITAR (International Traffic in Arms Regulations) and EAR (Export Arms Regulations) carry severe penalties for disclosing restricted data, including civil fines, criminal charges, and forfeiture of restricted materials.  The situation is similar in some ways to the protection of personal health data […]

Read More

ITAR and EAR Compliance in the Cloud

Recent changes to the EAR regulations provides a way for organizations to store data in Cloud environments and stay compliant with export rules. We first learned of these changes in the June 3, 2016 Federal Register but they are now final and part of the U.S. Code 15 CFR 734.18 and 734.19. In short, the […]

Read More

Reading between the lines of the US Homeland Security data breach

In January 2018, the US Department of Homeland Security (DHS) announced a data breach involving the personally identifiable information (PII) of 246,147 current and former DHS employees. The information included social security numbers, names, dates of birth, positions, pay grades, and work locations. Basically, a database of confidential human resources information. A former DHS employee […]

Read More