Understand Risk in Communications and Data Breach


Published on

Secure communications whether you are sending a confidential message or a file with sensitive or proprietary information is necessary for users. IT needs to ensure that confidential business information is safe from data breaches and the negative effects a breach can have on your business’s reputation. Additionally, most businesses must comply with federal and industry regulations. You must maintain compliance with all mandates whether corporate, federal or industry-specific.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • http://mail.google.com/mail/help/about_privacy.html
  • 95% of businesses suffering a data breach were required to notify data subjects whose information was lost or stolen.
  • Federal regulations – Alex
  • AICP Code of Professional Conduct
  • HR sends sensitive data that should be secured, as should procurement information! Bank routing data and alike.
  • Software help desks should communicate securely. Your customers may have PCI or PHI information in their databases you exchange for support purposes
  • Lawyers, designers anyone should send confidential information securely
  • Please feel free to ask questions, we will address them at the end. As business continues to move at a faster pace you use more and more tools to communicate with colleagues, business partners, and customers. Whether its email, mobile apps or FTP you send and receive confidnetional info at the blink of an eye. It may make you concerned if these methods of communication are secure. With recent data braaches in the headlines becoming increasly commen, there is a real business issue regarding infomation security. That‘s why we are hear today.
  • Understand Risk in Communications and Data Breach

    1. 1. Protect Your Customers and Your Business with Secure Business Communications Jon Gatrell VP, Product Management 12.16.2009
    2. 2. <ul><li>Communication requirements growing </li></ul><ul><li>Confidential communications requirements </li></ul><ul><li>Complexity is growing </li></ul><ul><li>Compliance is critical </li></ul>Business Risks and Realities
    3. 3. IT Realities <ul><li>Users have to collaborate </li></ul><ul><li>Global Infrastructures </li></ul><ul><li>Too many tools </li></ul><ul><li>Limited Control </li></ul>
    4. 4. ` Breaches happen everyday – 11.16.2009
    5. 5. FTP alone is not a viable option to give you the insight, security and performance and, ultimately, the risk mitigation necessary to responsibly conduct business .
    6. 6. Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping . Current industry standards do not place emphasis on security ; information is transferred in plain text , and mail servers regularly conduct unprotected backups of e-mail that passes through.
    7. 7. Another take on email privacy… In personal email communications, there has always been, and always should be, an expectation of privacy between the sender and the intended recipients of a message, enabling open communication with friends, colleagues, family, and others….. Let's be clear: there are issues with email privacy , and most of these issues are common to all email providers. The main issue is that the contents of your messages are stored on mail servers for some period of time; there is always a danger that these messages can be obtained and used for purposes that may harm you , such as possible misuse of your information…
    8. 8. Understanding the scale of data breaches <ul><li>85% of businesses have had a data security breach </li></ul><ul><li>46% of businesses failed to implement encryption solutions even after suffering a data breach! </li></ul>Source: Ponemon Institute
    9. 9.
    10. 10. The Impact to Businesses <ul><li>74% report loss of customers. </li></ul><ul><li>59% faced potential litigation. </li></ul><ul><li>33% faced potential fines. </li></ul><ul><li>32% experienced a decline in share value </li></ul>
    11. 11. Source: Ponemon Institute, LLC Number of Data Records Lost It’s just money….
    12. 12. It happens to the best of us… <ul><li>Yale has experienced 600 recorded security incidents in the previous 12 months (2008-2009), costing an estimated $200,000 to remediate </li></ul>
    13. 13. <ul><li>HIPAA </li></ul><ul><ul><li>Requires that companies prove that only the intended recipients received the information and that it was secure </li></ul></ul><ul><li>Safe Harbor Directive </li></ul><ul><ul><li>Protecting personal information and transfer </li></ul></ul><ul><li>GLBA </li></ul><ul><ul><li>Requires organizations ensure the security and confidentiality of customer records and information </li></ul></ul><ul><li>SOX </li></ul><ul><ul><li>Requires auditable business processes </li></ul></ul><ul><li>E-Invoicing </li></ul><ul><ul><li>Long term electronic retention and digital signatures </li></ul></ul>Governmental Requirements
    14. 14. <ul><li>“ A member in public practice shall not disclose any confidential client information without the specific consent of the client.” </li></ul>It’s not just government, it’s also professional standards AICPA Code of Professional Conduct - Rule 301
    15. 15. Be concerned about all of these items <ul><ul><ul><li>Employee information </li></ul></ul></ul><ul><ul><ul><ul><li>Employee Performance Data </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Employee Disciplinary Data </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Staff Employment Data </li></ul></ul></ul></ul><ul><ul><ul><li>Department Business Data </li></ul></ul></ul><ul><ul><ul><ul><li>Credit Card/Purchasing Cards </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Customer Information </li></ul></ul></ul></ul><ul><ul><ul><li>Procurement </li></ul></ul></ul><ul><ul><ul><ul><li>Vendor Information </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Quotes </li></ul></ul></ul></ul>
    16. 16. 252,474,509 people affected since 1/15/05
    17. 17. Best Practices to Avoid Exposure <ul><li>Use end-to-end encrypted communications </li></ul><ul><li>Track all messages and confirmed who received it </li></ul><ul><li>Manage user profiles, access and groups memberships </li></ul>
    18. 18.
    19. 19.
    20. 20. Know who received what messages and files
    21. 21. Historical and Real-Time Visibility into Messaging
    22. 22. Manage Users and their access
    23. 23. Proactively Manage groups and understand their activity
    24. 25. Productivity & Privacy
    25. 26. Financial information Board of directors or just internally
    26. 27. Customer records and files No matter what size
    27. 28. Do you retain PHI? Security inside and outside required
    28. 29. Supporting your customers Confidential environment and operational data is exchanged
    29. 31. Access and Controls The right systems, the right platforms, the people and the right partners
    30. 32. The Benefits of an Easy to Use Secure Communications <ul><li>Improved Service Levels </li></ul><ul><ul><li>Quicker cycle times </li></ul></ul><ul><li>Improved compliance </li></ul><ul><ul><li>Corporate (Internal controls/audits, security, sustainability) </li></ul></ul><ul><ul><li>Governmental (SOX, Basel II, HIPAA…) </li></ul></ul><ul><li>Security Enforcement </li></ul><ul><ul><li>Process level governance </li></ul></ul><ul><ul><li>Content and session encryption </li></ul></ul><ul><li>Improved visibility and control </li></ul><ul><ul><li>Process status </li></ul></ul><ul><ul><li>Exceptions </li></ul></ul><ul><ul><li>Transactions and Trends </li></ul></ul>
    31. 33. <ul><li>Easy to use </li></ul><ul><li>Ability to deploy quickly </li></ul><ul><li>Auditing, Security and Reporting </li></ul><ul><li>Privacy for confidential communications </li></ul><ul><li>Support large files </li></ul><ul><li>Protect mobile content </li></ul>Your solution must…
    32. 34. THANKS! www.scribbos.com www.stonebranch.com managedfiletransfer.wordpress.com Secure Communications: Enterprise Automation: MFT Blog: