The FBI Internet Crime Complaint Center (IC3) has received 3 to 4 times the number of cyber-attack complaints due to the COVID-19 pandemic. Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said that the “rapid shift to telework” has opened a huge amount of cyber vulnerabilities for hackers to exploit. Many companies came to find out that their data was vulnerable. Whether it’s a global pandemic or operating under the normal course of business, your company is at risk if you aren’t properly managing your information. How can you manage what you aren’t aware of, and how can you know what’s truly vulnerable if you haven’t classified it?

In this webinar, Sherpa Software, a leading provider of Data Discovery and File Analysis solutions, and Zasio, a leading provider of Records Management and Information Governance solutions, come together to discuss best practices in Information Governance to ensure your company’s data is properly managed. We share guidance on the best approaches to assessing, analyzing, classifying, retaining, and legally destroying sensitive data according to your retention policies. It’s important to manage your information early, before hackers do it for you!

To learn more about our products and services visit:

• www.sherpasoftware.com
• www.zasio.com

The post While Your Employees were Sheltering, Cyber Criminals were Attacking appeared first on Zasio.

In the fight against cyber breaches, companies are at a steep disadvantage for many reasons. First, the internet was not designed with security in mind. It grew out of an experiment to send messages between researchers’ computers over a network. And its users grew so fast that the network, established on a foundation of collaboration and trust, remained a platform where its users are largely on their own to defend against cyber-attacks.

Second, cybercrime is a low cost, high reward endeavor. Cybercriminals can operate from anywhere, and with impunity in many countries that tolerate and even encourage attacks against the West. Cybercrime is a profitable enterprise with a thriving marketplace for selling exploits (vulnerabilities that allow cyber criminals’ access to connected systems) as well as stolen personal information and trade secrets. To top it all off, well-funded, government-sponsored actors have been blamed for several high profile hacks.

Third, cybersecurity is expensive, constantly evolving, and complex, especially for established companies relying on antiquated technology. Industry researchers are in a race to identify and patch vulnerabilities before cyber criminals can exploit them. In the fight against cyber breaches, every employee and connected device is a potential access point.

Legislative Response – Sanctions

Legislators around the world have addressed the increased frequency of cyber breaches, often by slapping fines on companies they deem to have done too little to prevent them. Under Europe’s General Data Protection Regulation (GDPR), the UK regulator just proposed a fine of £99 million against Marriott in response to a cyber breach it reported in November 2018. [2]  The UK regulator also proposed a fine of £183.39 million against British Airways in response to a cyber breach it reported in September 2018.[3] Proposed new state privacy laws in the United States would, if passed, also increase the cost of incurring a cyber breach.

Cyber Security Efforts and the Value of Information Governance (IG)

As companies move to upgrade their systems to add levels of security to company information, their efforts will be diminished if they retain that information too long or if employees save copies of that information to unofficial locations. Cybercriminals that trick an employee into clicking on a phishing email may have an easier time accessing and removing company information from an employee’s unencrypted device than from an encrypted server. And if the cybercriminal successfully uses that employee’s credentials to access the encrypted server, the loss may be much greater if the company did not routinely dispose of unneeded information.

One tenant of good cybersecurity is good Information Governance (IG). Companies with good IG practices understand what data they have and are empowered to (1) destroy what they don’t need and (2) to protect and maximize the value of the information they do need. By identifying and destroying unneeded information (or information being kept without a legal or operational justification), companies reduce the amount of information that can be compromised. These actions also save companies money on storage and legal discovery costs and reduce legal exposure.

Good IG practices involve:

• establishing internal policies for managing what information is kept, where and how it is kept, and for how long;
• implementing the right technology to track, manage, and dispose of records effectively;
• establishing clearly defined roles for anyone creating, storing, sharing, or disposing of information; and
• establishing procedures that allow companies to meet legal and regulatory compliance by dictating how information should be managed, stored, shared, and disposed of.

Establishing and adhering to good IG practices is not easy, but it is increasing vital to the health and productivity of organizations in the age of the cyber breach.

[1] Data Breach Level Index, Gemalto (Last accessed July 16, 2019), https://breachlevelindex.com/.

[2] Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach, Information Commissioner’s Office (Last accessed July 16, 2019), https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statement-intention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-data-breach/.

[3] Intention to fine British Airways £183.39m under GDPR for data breach, Information Commissioner’s Office (Last accessed July 16, 2019), https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/ico-announces-intention-to-fine-british-airways/.

Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post The Age of the Cyber Breach and the Value of Information Governance (IG) appeared first on Zasio.