SlideShare a Scribd company logo

Microsoft DATA Protection To Put secure.

Download as PPTX, PDF
J
jayceewong1

Data Protection from Microsoft

Technology
1 of 15
Protecting Data Together A team playbook for securely handling your company's data
Sensitive data is constantly flowing throughout your company like water. Trying to protect something that’s constantly moving here, there and everywhere can be a challenge. Read on to find out how to protect every drop of data – wherever it flows.
All hands on deck It’s easy to think that data protection is someone else’s job. But safeguarding critical data is a team effort requiring everyone in your company to row in the same direction. Some of the biggest data breaches in history were the result of an employee, a team or a supplier just trying to “get the job done.” But getting things done should never come at the expense of your organisation’s security. Working the right way means understanding where your data is, how to handle it and how to protect it – at all times. We’ll show you how to get started. 74% of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective. – “Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025”, February 23, 2023
It’s 10:15 a.m. on a Monday. You’ve already responded to 15 emails, finished a report with a coworker, performed five web searches and been in three different online meetings. Just then you hear a Ding! and look over at your phone. Nancy, a vendor, asks you to send over a spreadsheet that your manager shared with you. Should you send it? Why or why not? And if you do, what’s the safest way to do so? Your company’s security team thinks a lot about these kinds of questions. And it’s a big task. They’re responsible for managing and protecting a never-ending flood of spreadsheets, emails, photos, documents and more – a deluge of data that gets bigger by the day. But they can’t do it alone. Why? Because protecting data is a team effort – the responsibility of every single person in your company. How you handle certain types of data in the moment could have no impact or it could yield disastrous consequences. And knowing the difference will make all the difference. Data, data everywhere
Your data is constantly on the move. It’s created, deleted, stored, shared and used on computers, phones, USB drives, security cameras, printers, cloud storage, email and apps. Data takes countless forms including text, numbers, video, voice, images, emails, spreadsheets, strategy documents, employee records, customer names and credit card information. Data is information created by people and machines that’s converted into a form that can be processed, shared, stored, interpreted and turned into value for your company and your customers. Protect your data, wherever it flows We’ve all heard we’re supposed to protect data, but what exactly does that mean? What’s included in “data” and how do you protect this thing that is often out of sight and out of mind?
Stop the ripple before it starts You don’t have to be an expert in security, but you should embrace a mindset of constant care and watchfulness. Most of the people you’ll share data with have good intentions. But controlling where your data travels will go a long way towards protecting your company from unintentional mishaps, violations of government and industry policies and potential attacks by bad actors. Government and industry data security standards can be strict with significant consequences if you fail to follow them. If you do business across international borders, the stakes can be even higher. We recommend talking to your legal and security teams to find out what measures you need to take to meet these standards. Here are some common scenarios that illustrate how ordinary decisions can turn into a small leak or a big breach. These are all honest mistakes that could have been stopped before they started. A manager is working from a coffee shop and signs in to public Wi-Fi without following company security policies, such as using a VPN. An attacker, using the same public Wi-Fi, manipulates network activity and tricks the manager into disclosing their email credentials. The attacker then downloads all of their emails. An executive on a flight reviews a presentation deck for a highly confidential product launch without protecting their screen. The people around the executive see the presentation, and the launch is leaked to the press and to competitors. An employee connects a third-party software application to their corporate Microsoft 365 account. They quickly skip over the setup screens, granting the software near limitless permissions. The application records the “file names” of all files opened by the employee and stores them in an improperly managed cloud storage medium that is easily accessed by hackers on the open internet.
You and your colleagues are like front doors to your company’s data, so it’s important to be vigilant. Sometimes people make mistakes that lead to a leak. Other times, cybercriminals will actively come after your company and try to get their hands on your most sensitive data. Some of the biggest data breaches in history started when people were just taking care of business as usual and making small decisions in the moment. But those decisions resulted in extraordinary damage to their companies. Vendors and suppliers are on the team, too Do you work with vendors and suppliers? As we saw with the retailer breach, hackers love to go after third parties who have access to their clients’ networks and use them as a back door to steal company data. This is why it’s critical that you hold them accountable to your company’s standards for data handling. Reach out to your legal and security teams to find out how you can do this through your contracts and processes. Don’t drop your guard A top US-based retailer became the victim of one of the largest data breaches ever, with hackers accessing the credit and debit card information of around 40 million customers. This breach was traced back to a heating, ventilation and air conditioning contractor that was working in some of the retailer’s stores and had access to the corporate network. The hacker stole the contractor’s credentials and used them to access the retailer’s systems. The rest is history. — February 2014, KrebsonSecurity, Target Hackers Broke in Via HVAC Company
Don’t take the bait Your company’s sensitive data is a lucrative target that outside bad actors would love to get a hold of. Phishing is one tactic that is often used by cybercriminals who disguise themselves as people or organisations you can trust. Attackers generally use one or more of the following tactics… • Convincing you to open an attachment containing malware that they could use to grab your data • Enticing you to click on a malicious link that enables them to break in and steal sensitive data • Tricking you into signing into a service – for example a fake, but highly realistic, Microsoft sign-in page – that gives them direct or indirect access to company data Signs someone might be phishing for secrets... • Emails from people you don’t recognise, especially from someone outside your organisation (look closely at email addresses to be sure) • Threats or urgent calls to download an attachment or click on a link • Generic greetings, such as “Dear sir or madam” • Suspicious links or unexpected attachments If you suspect you’re being targeted by one of these attacks, reach out to your security team. Phishing attacks are designed to steal or damage sensitive data by deceiving people into revealing sensitive data. Attackers use email, social media, texts and other methods to try and get you to take actions that could open the door to your company data.
Every single time you handle data, it should be second nature to see it, label it and protect it
A lot of your data is hidden away in dusty digital folders in email, in the cloud or on your phone. In fact, 42% of organisations said at least half of their data is "dark," meaning it's collected but unused. Leaving this data unattended can be incredibly risky. But it’s hard to protect what you can’t see, especially when data is constantly moving, growing, being shared or being deleted. See your data Making it practical Here are three critical questions you can answer to get a clear picture of your data: Where does all your data live? Is it in your inbox, deleted items, browser downloads, in the cloud, on a thumb drive in your rucksack or somewhere else? Who is the appropriate audience? Is it for your entire company, for a restricted internal audience, for customers only or for the public? How is this data being used or shared? Are people collaborating on it, sharing it over email, presenting it or forgetting about it and leaving it untouched for years? — July 2022, Enterprise Strategy Group, 2022 State of Data Governance and Empowerment Report
Label your data Now that you have a clear picture of the data you’re dealing with, it’s time to label it. Your company likely has a policy you can follow to label your data appropriately so you can protect it from loss, misuse or access by someone who is unauthorised. Does it contain details, plans and discussion of products or services that haven’t been released yet? That likely means it should be labelled Confidential when you share it. Or is it the final version of a product support document? Then perhaps this data is something you can label Public. Making it practical You’re just about to send off an email to your leadership team and to vendors with a presentation attached. You pause for a moment to consider how to label it: Public, General, Confidential or Highly Confidential. You recall the company training that says this should be Confidential, so you label the presentation that way. You press “send,” and now this Confidential label will travel with the email and presentation wherever it goes. If everyone else on your team does their part, this classification will help every person who handles it to immediately understand how to manage it with the appropriate level of care.
Protect your data You’ve identified your data and have classified it – now it’s time to protect it. Whenever you handle data, take a few extra seconds to think through how to handle it and then take the appropriate steps to safeguard it. The best way to get started is to learn and always apply your company’s data protection policies, including: • What data you need to protect and who is allowed to see it • Where data should be stored and how it can be shared • Who can modify data or destroy it • What to do when things get out of hand Making it practical Are you working on a flight or from a coffee shop? Protect your screen from nearby gawkers and follow company policies to securely connect to your corporate network, especially if you’re using public Wi-Fi. Need to use software that isn’t on the approved list? Reach out to your manager or to IT for permission; you don’t know where that software provider might publish or store your data. Are you creating a new password? Use your company’s password manager to keep all your usernames and passwords under lock and key instead of under your keyboard.
% of respondents in a McKinsey survey ceased doing business with a company 40when they found out the company did not protect customer data. 69% of employees have bypassed their organisation’s cybersecurity guidance in the past 12 months. – “Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025”, February 23, 2023 Ride the wave Now that you know the basics, it’s time to put these principles into practice. Remember that staying on top of data protection is a team effort. Here are some simple ways to build momentum and protect data wherever it flows: • Share this playbook with a coworker and help keep each other accountable. • If you see anything suspicious or make a mistake in sharing your data, don’t ignore it. Report any concerns to your security team right away. Sweeping a potential issue under the rug is never a safe approach. • Every time you’re about to create, share, save or delete data, get in the habit of pausing for five seconds to consider how to apply your company’s security policies. — September 2022, McKinsey Survey, Why digital trust truly matters
If you’re a security leader, we recognise that your job is likely harder than ever with the shift to hybrid work, an explosion of endpoints and a deluge of data. If you’d like to increase visibility into your data, govern and safeguard it more effectively and improve your risk and compliance posture, we’d like to help. Microsoft Purview can give you greater peace of mind by helping you secure and govern your data as it flows across clouds, devices and platforms. Learn more about Microsoft Purview Keeping a watchful eye
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. ©2023 Microsoft Corporation. All rights reserved. This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

Recommended

En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secureBurCom Consulting Ltd.
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 

Recommended

En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secureBurCom Consulting Ltd.
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureBurCom Consulting Ltd.
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksSkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksSkillmine Technology Consulting
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?Fuji Xerox Asia Pacific
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDFBan Selvakumar
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingDanielle Bowers
 
Is It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdfIs It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdfIT AMC Support Dubai - Techno Edge Systems LLC
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?IT AMC Support Dubai - Techno Edge Systems LLC
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

More Related Content

Similar to Microsoft DATA Protection To Put secure.

Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureBurCom Consulting Ltd.
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingDanielle Bowers
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 

Similar to Microsoft DATA Protection To Put secure. (20)

Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business Secure
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seeking
 
Is It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdfIs It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdf
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Microsoft DATA Protection To Put secure.

  • 1. Protecting Data Together A team playbook for securely handling your company's data
  • 2. Sensitive data is constantly flowing throughout your company like water. Trying to protect something that’s constantly moving here, there and everywhere can be a challenge. Read on to find out how to protect every drop of data – wherever it flows.
  • 3. All hands on deck It’s easy to think that data protection is someone else’s job. But safeguarding critical data is a team effort requiring everyone in your company to row in the same direction. Some of the biggest data breaches in history were the result of an employee, a team or a supplier just trying to “get the job done.” But getting things done should never come at the expense of your organisation’s security. Working the right way means understanding where your data is, how to handle it and how to protect it – at all times. We’ll show you how to get started. 74% of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective. – “Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025”, February 23, 2023
  • 4. It’s 10:15 a.m. on a Monday. You’ve already responded to 15 emails, finished a report with a coworker, performed five web searches and been in three different online meetings. Just then you hear a Ding! and look over at your phone. Nancy, a vendor, asks you to send over a spreadsheet that your manager shared with you. Should you send it? Why or why not? And if you do, what’s the safest way to do so? Your company’s security team thinks a lot about these kinds of questions. And it’s a big task. They’re responsible for managing and protecting a never-ending flood of spreadsheets, emails, photos, documents and more – a deluge of data that gets bigger by the day. But they can’t do it alone. Why? Because protecting data is a team effort – the responsibility of every single person in your company. How you handle certain types of data in the moment could have no impact or it could yield disastrous consequences. And knowing the difference will make all the difference. Data, data everywhere
  • 5. Your data is constantly on the move. It’s created, deleted, stored, shared and used on computers, phones, USB drives, security cameras, printers, cloud storage, email and apps. Data takes countless forms including text, numbers, video, voice, images, emails, spreadsheets, strategy documents, employee records, customer names and credit card information. Data is information created by people and machines that’s converted into a form that can be processed, shared, stored, interpreted and turned into value for your company and your customers. Protect your data, wherever it flows We’ve all heard we’re supposed to protect data, but what exactly does that mean? What’s included in “data” and how do you protect this thing that is often out of sight and out of mind?
  • 6. Stop the ripple before it starts You don’t have to be an expert in security, but you should embrace a mindset of constant care and watchfulness. Most of the people you’ll share data with have good intentions. But controlling where your data travels will go a long way towards protecting your company from unintentional mishaps, violations of government and industry policies and potential attacks by bad actors. Government and industry data security standards can be strict with significant consequences if you fail to follow them. If you do business across international borders, the stakes can be even higher. We recommend talking to your legal and security teams to find out what measures you need to take to meet these standards. Here are some common scenarios that illustrate how ordinary decisions can turn into a small leak or a big breach. These are all honest mistakes that could have been stopped before they started. A manager is working from a coffee shop and signs in to public Wi-Fi without following company security policies, such as using a VPN. An attacker, using the same public Wi-Fi, manipulates network activity and tricks the manager into disclosing their email credentials. The attacker then downloads all of their emails. An executive on a flight reviews a presentation deck for a highly confidential product launch without protecting their screen. The people around the executive see the presentation, and the launch is leaked to the press and to competitors. An employee connects a third-party software application to their corporate Microsoft 365 account. They quickly skip over the setup screens, granting the software near limitless permissions. The application records the “file names” of all files opened by the employee and stores them in an improperly managed cloud storage medium that is easily accessed by hackers on the open internet.
  • 7. You and your colleagues are like front doors to your company’s data, so it’s important to be vigilant. Sometimes people make mistakes that lead to a leak. Other times, cybercriminals will actively come after your company and try to get their hands on your most sensitive data. Some of the biggest data breaches in history started when people were just taking care of business as usual and making small decisions in the moment. But those decisions resulted in extraordinary damage to their companies. Vendors and suppliers are on the team, too Do you work with vendors and suppliers? As we saw with the retailer breach, hackers love to go after third parties who have access to their clients’ networks and use them as a back door to steal company data. This is why it’s critical that you hold them accountable to your company’s standards for data handling. Reach out to your legal and security teams to find out how you can do this through your contracts and processes. Don’t drop your guard A top US-based retailer became the victim of one of the largest data breaches ever, with hackers accessing the credit and debit card information of around 40 million customers. This breach was traced back to a heating, ventilation and air conditioning contractor that was working in some of the retailer’s stores and had access to the corporate network. The hacker stole the contractor’s credentials and used them to access the retailer’s systems. The rest is history. — February 2014, KrebsonSecurity, Target Hackers Broke in Via HVAC Company
  • 8. Don’t take the bait Your company’s sensitive data is a lucrative target that outside bad actors would love to get a hold of. Phishing is one tactic that is often used by cybercriminals who disguise themselves as people or organisations you can trust. Attackers generally use one or more of the following tactics… • Convincing you to open an attachment containing malware that they could use to grab your data • Enticing you to click on a malicious link that enables them to break in and steal sensitive data • Tricking you into signing into a service – for example a fake, but highly realistic, Microsoft sign-in page – that gives them direct or indirect access to company data Signs someone might be phishing for secrets... • Emails from people you don’t recognise, especially from someone outside your organisation (look closely at email addresses to be sure) • Threats or urgent calls to download an attachment or click on a link • Generic greetings, such as “Dear sir or madam” • Suspicious links or unexpected attachments If you suspect you’re being targeted by one of these attacks, reach out to your security team. Phishing attacks are designed to steal or damage sensitive data by deceiving people into revealing sensitive data. Attackers use email, social media, texts and other methods to try and get you to take actions that could open the door to your company data.
  • 9. Every single time you handle data, it should be second nature to see it, label it and protect it
  • 10. A lot of your data is hidden away in dusty digital folders in email, in the cloud or on your phone. In fact, 42% of organisations said at least half of their data is "dark," meaning it's collected but unused. Leaving this data unattended can be incredibly risky. But it’s hard to protect what you can’t see, especially when data is constantly moving, growing, being shared or being deleted. See your data Making it practical Here are three critical questions you can answer to get a clear picture of your data: Where does all your data live? Is it in your inbox, deleted items, browser downloads, in the cloud, on a thumb drive in your rucksack or somewhere else? Who is the appropriate audience? Is it for your entire company, for a restricted internal audience, for customers only or for the public? How is this data being used or shared? Are people collaborating on it, sharing it over email, presenting it or forgetting about it and leaving it untouched for years? — July 2022, Enterprise Strategy Group, 2022 State of Data Governance and Empowerment Report
  • 11. Label your data Now that you have a clear picture of the data you’re dealing with, it’s time to label it. Your company likely has a policy you can follow to label your data appropriately so you can protect it from loss, misuse or access by someone who is unauthorised. Does it contain details, plans and discussion of products or services that haven’t been released yet? That likely means it should be labelled Confidential when you share it. Or is it the final version of a product support document? Then perhaps this data is something you can label Public. Making it practical You’re just about to send off an email to your leadership team and to vendors with a presentation attached. You pause for a moment to consider how to label it: Public, General, Confidential or Highly Confidential. You recall the company training that says this should be Confidential, so you label the presentation that way. You press “send,” and now this Confidential label will travel with the email and presentation wherever it goes. If everyone else on your team does their part, this classification will help every person who handles it to immediately understand how to manage it with the appropriate level of care.
  • 12. Protect your data You’ve identified your data and have classified it – now it’s time to protect it. Whenever you handle data, take a few extra seconds to think through how to handle it and then take the appropriate steps to safeguard it. The best way to get started is to learn and always apply your company’s data protection policies, including: • What data you need to protect and who is allowed to see it • Where data should be stored and how it can be shared • Who can modify data or destroy it • What to do when things get out of hand Making it practical Are you working on a flight or from a coffee shop? Protect your screen from nearby gawkers and follow company policies to securely connect to your corporate network, especially if you’re using public Wi-Fi. Need to use software that isn’t on the approved list? Reach out to your manager or to IT for permission; you don’t know where that software provider might publish or store your data. Are you creating a new password? Use your company’s password manager to keep all your usernames and passwords under lock and key instead of under your keyboard.
  • 13. % of respondents in a McKinsey survey ceased doing business with a company 40when they found out the company did not protect customer data. 69% of employees have bypassed their organisation’s cybersecurity guidance in the past 12 months. – “Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025”, February 23, 2023 Ride the wave Now that you know the basics, it’s time to put these principles into practice. Remember that staying on top of data protection is a team effort. Here are some simple ways to build momentum and protect data wherever it flows: • Share this playbook with a coworker and help keep each other accountable. • If you see anything suspicious or make a mistake in sharing your data, don’t ignore it. Report any concerns to your security team right away. Sweeping a potential issue under the rug is never a safe approach. • Every time you’re about to create, share, save or delete data, get in the habit of pausing for five seconds to consider how to apply your company’s security policies. — September 2022, McKinsey Survey, Why digital trust truly matters
  • 14. If you’re a security leader, we recognise that your job is likely harder than ever with the shift to hybrid work, an explosion of endpoints and a deluge of data. If you’d like to increase visibility into your data, govern and safeguard it more effectively and improve your risk and compliance posture, we’d like to help. Microsoft Purview can give you greater peace of mind by helping you secure and govern your data as it flows across clouds, devices and platforms. Learn more about Microsoft Purview Keeping a watchful eye
  • 15. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. ©2023 Microsoft Corporation. All rights reserved. This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.