Monday, February 28, 2011

88% of Breaches Involve Insider Negligence



Malicious acts only account for 12% of reported breaches. Preventing the negligent acts, which are the cause of a breach 88% of the time, is much easier than trying to stop someone who is actively attempting to steal data. By creating an risk strategy and putting DLP policies and an Enterprise DLP (eDLP) technology into place, an organization can protect itself from negligent data loss.

Someone maliciously trying to steal data has a high likelihood of success. If organizations can effectively stop the easy stuff, the negligent leaks, they will achieve a much higher risk reduction than if their focus is simply to stop malicious acts. 
Posted by at 8:22 AM 0 comments
Labels: , , , , , , , ,

Friday, February 25, 2011

Mobile Internet Adoption Introduces a New Level of Risk


The graph above shows mobile Internet growth accelerating at rates unseen before. This growth is higher than the Internet adoption rate of AOL or Netscape. Businesses see this growth, and are actively devising business strategies to drive revenue via these devices.
  
Mobile devices are becoming as powerful as our desktops and laptops, and the data that is stored on these mobile devices needs to be equally protected.

How will we manage this quickly-growing service? Going forward, Mobile Internet devices like SmartPhones and tablet PCs need security too. It is not just your internal network. Proactively manage your risk by creating a risk strategy with these devices in mind. 
Posted by at 3:38 PM 0 comments
Labels: , , , , , , ,

Wednesday, February 16, 2011

DLP Webinar Topics

For those of you who participated in any of our past webinars, thank you. We hope you have enjoyed them. For those of you who have not attended yet, we have our final webinar scheduled for Feb. 24th at 1:30 PM EST.

The purpose of this blog is to allow past and future webinar attendees to provide us with topics they would like to see discussed. Simply reply to this post with your suggestions.

The topic next week is DLP Buyers Guide: What You Need to Look for in a Solution.  If you have specifics within this topic you would like to know about, let us know.

We are looking forward to hearing from you next week! Register using the link above or the link on the right hand side of the blog.
Posted by at 10:46 AM 0 comments
Labels: , , , , ,

Tuesday, February 8, 2011

Ignorance of the Law is No Excuse

Many healthcare providers and vendors could find themselves claiming ignorance was as an excuse for not complying with the new HITECH Act regulations. HITECH compliance regulations are like a traffic sign; by simply doing business you are subject to the government’s "signs" regarding compliance regulations. The HITECH Act (Health Information Technology for Economic and Clinical Health) applies to healthcare providers, health insurance companies, clearinghouses, and business associates. A business associate is broadly defined as vendors, service providers, or even consulting and staffing companies.  Yes. That is correct. Business associates must comply with this law. What exactly is a business associate? Well the HITECH Act defines it as anyone who provides…

"... a function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing?" [45 CFR §160.103(1)(i)(A)]; or
"... legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity" [45 CFR §160.103(1)(ii)]

Do you need to comply with this law? Not sure? The best step to take is to discuss it with your legal counsel.  While you’re at it, you might as well discuss other regulations you must comply with and put together some policies and procedures that address them. This might be more work than you expected, but it will be worth it in the long run. The cost of compliance is much lower than if you are found guilty of non-compliance. Try $5 million dollars less.  Now go do your homework and read up on the regulations you must follow. The DLP Toolkit Regulation Finder is a great place to start.
Posted by at 8:12 AM 0 comments
Labels: , , , , ,

Friday, February 4, 2011

Can You Afford the Cost of Non-Compliance?

The Ponemon Institute recently released a study titled “The True Cost of Compliance.” This study uncovered the average cost of compliance for organizations is $3.5 million and the cost of non-compliance is nearly $9.4 million. These numbers vary from industry to industry, but the averages accounted for a $5.8 million dollar difference in compliance vs. non-compliance. 
Source: Ponemon True Cost of Compliance
Compliance involves following all privacy and data protection laws and regulations and policies that are designed to protect individuals’ sensitive and confidential information. Costs necessary for compliance include staff to support a risk strategy and enabling technologies to decrease risk. Costs that can occur due to non-compliance include brand losses, legal costs, public relations costs, auditing, consulting, and more.
Some of the most important, but also most difficult, requirements to obey are the Payment Card Industry (PCI) standards, the various state data breach notification acts, the European Union Privacy Directive, and Sarbanes-Oxley (SOX).  Do you know what regulations your organization has to follow? Use the Regulation Finder in the DLP Toolkit to determine which regulations and guidelines you must observe.
What sounds better to you, paying the cost to comply, or approximately 2.65 times the cost of compliance in the event of a data breach? You are not invincible. In 2010, over 16 million records were breached and over $3 billion was spent on remediation.  Do not become a part of this statistic.  Start creating a risk strategy today.
Posted by at 4:22 PM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)