4 Lessons from the Q4 Data Breach Review
Last week, our strategic partner Privacy Ref held their quarterly review of recent data breaches. In his presentation, Ben Siegel, CIPM, identified 4 lessons learned from recent data breaches, including: Google Android; Hillary Tentler, CPA; Folsom State Prison; and the Internal Revenue Service.
#1: Unauthorized Mobile Apps Create Risk
Issue: Users can download apps from sites other than the Google Play store. These apps are not “vetted” and gain access to tokens used to control users’ accounts.
Lesson: As the threat is outside of Google’s control, you need to put systems in place to prevent unauthorized apps from access your company’s data via mobile devices.
#2: Local Data is At Risk, Too
Issue: In the burglary of an accountant’s home, three hard drives were stolen and only one was recovered during the arrest.
Lesson: Physical devices, when stolen, can result in a serious data breach; While moving 100% cloud is more secure, it may not be a practical option for your business yet. You should ensure any local data is encrypted and subject to regular backup.
#3: Internal Breaches are Still a Breach
Issue: A file including names, social security numbers, and other sensitive data was saved to a shared location accessible to anybody in the organization.
Lesson: You can protect yourself from internal breaches with solutions that use defined business rules to automatically enforce permission restrictions based on the content of your files.
#4: It is Too Easy to Email Protected Information
Issue: Employees were sending emails with personally identifiable information (PII) clearly visible, in violation of regulatory requirements.
Lesson: You should not rely on people to do the right thing all of the time — mistakes happen and can be damaging and costly. System exist that scan and encrypt emails automatically if they contain sensitive or protected information.
Do you need a privacy assessment or a privacy plan review? Are you ready to better protect your data — on premise and/or in the cloud?
Contact us to discuss your needs.