Since its adoption the EU’s General Data Protection Regulation (GDPR) has created a domino effect around the world, with many countries moving forward with proposals for new data protection regulations or updates to existing ones. From Brazil’s Data Protection Bill of Law to China’s Internet Security Law, it seems data protection legislation is on every country’s agenda.
Australia is no different. In fact, it was one of the countries to get a head start in aligning its 1988 Privacy Act to some of the new concepts and requirements introduced by the GDPR. The Privacy Amendment (Notifiable Data Breaches) Act 2017 was adopted in November 2017 and actually came into force before the GDPR, on 22 February 2018.
As its name suggests, the Notifiable Data Breaches (NDB) scheme introduced mandatory data breach notifications into Australia’s Privacy Act 1988. It puts organizations…
Read more
In an age when data can no longer be left unsorted on company networks and data transparency and the protection of sensitive data have become key to reaching compliance with legislations such as the EU’s General Data Protection Regulation (GDPR) and HIPAA, FISMA, NIST etc. in the US, data classification and Data Loss Prevention have emerged as essential tools for effective data management strategies.
In this week’s blog post we take a closer look at data classification, what it is and how DLP solutions benefit from integration with it.
What is Data Classification?Much like its name implies, data classification is the process of organizing data into appropriate categories for a more efficient use and protection of data across company networks.
In the context of information security, data is tagged based on its level of sensitivity, making it easier to find, track and safeguard …
Read more
We always enjoy hearing from our customers and partners and their experience with the Endpoint Protector product family. It’s not only a matter of professional satisfaction: we build our products with our clients’ needs always before us, often adding new features from feedback sessions or developing them together with customers.
This year, we decided to dedicate an entry on our blog to the top ten features that are most often mentioned by our customers and that rank the highest on their list of things they love about Endpoint Protector. Without further ado, here they are:
1. Easy to install and manageWith one of the biggest concerns about the adoption of Data Loss Prevention (DLP) solutions being how long a potential implementation will take and how difficult the product will be to manage once it’s in place, it is no surprise that our customers are relieved and often enthusiastic…
Read more
It’s been over two months since the EU’s General Data Protection Regulation (GDPR) has come into force on May 25th and, after a feverish rush for compliance overtook all businesses, a period of relative calm followed in the wake of its implementation. Whether this was because both organizations and users suffered from an oversaturation of GDPR-related content, updated privacy policies and consent requests or the new regulation has yet to shed its training wheels, the GDPR has effectively left the limelight.
That being said, if it’s not making headlines as it did a year ago, the GDPR is leaving its mark on the data protection field by being the first legislation of its kind to tackle present-day dangers to data security and companies’ accountability to their customers and the law in the face of these threats.
The post-GDPR world is one full of anxiety and opportunity. Many companies…
Read more
macOS devices are becoming an ever more prominent presence in the work place. This is chiefly due to two trends: bring your own device (BYOD) and employee choice policies. The first allows employees to bring their own devices onto the company network, while the second lets them choose which device they will be using in the work place. A survey conducted by Jamf earlier this year showed that, in the 580 organizations that participated, 72% of employees chose Macs and a further 75% chose iPhones when given the option.
Apple has been actively pushing for a higher adoption rate of Macs in the business environment, with new security features in High Sierra specifically aimed at enterprises. With the launch of its new 64-bit Apple File System (APFS), native encryption options available through FileVault and the possibility to set a firmware password that will prevent non-standard booting through…
Read more
The latest iOS update, 11.4.1, released last Monday, brings with it a new feature meant to safeguard users’ data: USB restricted mode. From now on, if iOS devices have not been unlocked within the past hour, users will be required to enter their passcode when connecting to a Mac or PC or when trying to connect USB accessories to their iPhone, iPad or iPod touch.
This needs to be done only once when first connecting. Even if the devices are then locked, the USB accessories or computer connection will continue. If users don’t first unlock their passcode-protected iOS devices or they haven’t done so in the past hour, their devices will not communicate with the accessory or computer and, in some cases, not even charge. They might also see an alert asking them to unlock their device to use accessories.
Meeting security concernsWhile this feature may have little impact on the everyday use of…
Read more
At Endpoint Protector, we like to take on challenges. When we received more and more requests from customers for the monitoring and blocking of source code, we decided to investigate the matter further and improve on our existing detection techniques. Like any intellectual property, after all, source code is often considered sensitive data depending on the sector a business operates in.
While there are libraries available for programming languages, for them to be effective, they must have an in-depth knowledge of the way these different languages operate in order to accurately differentiate between them. This leads to complex, heavyweight databases that can severely affect the efficiency and speed of the software using them.
Knowing that N-gram-based text categorization had been successfully used to detect natural languages in text in a number of use cases, we theorized that…
Read more
Health data, due to its sensitive nature, has always been considered a special category of data and invariably falls under the jurisdiction of data protection regulations. Under the EU’s new General Data Protection Regulation (GDPR), it is explicitly classed as a special category of personal data under article 9 which requires the strict application of the regulation’s requirements. In the US, health data falls under the incidence of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), two interconnected acts which together guarantee its protection.
Regulated by the Department of Health and Human Services (HHS), HIPAA is enforced by the Office of Civil Rights (OCR), outlines the lawful use and disclosure of protected health information (PHI) and guarantees its …
Read more
Infosecurity Europe 2018 once more welcomed information security professionals from around the world at the Olympia in London between 5-7 June. Europe’s largest and most comprehensive information security event, featuring over 240 free to attend conference sessions, more than 400 exhibitors and a staggering 19,500+ visitors, Infosecurity Europe 2018 is the place to be for anyone interested in feeling the pulse of the information security sector.
This year’s event was no different: tackling the theme of building tomorrow’s cybersecurity today, it offered a mix of panels and talks on already familiar risks along with those on emerging threats. After last year’s full-blown GDPR panic, data protection policies took a backseat to more attractive if considerably more worrying topics such as nation state attacks and AI and IoT related threats.
Baroness Dido Harding kicked…
Read more
While the rise of data protection regulations such as the GDPR in Europe and HIPAA, FISMA and NIST in the US has lead to an increased awareness of the need for Data Loss Prevention tools to ensure compliance, many companies still hesitate to employ them because they fall victims to some of the common myths that plague DLP software since its infancy.
Here are the most prevalent three charges brought against DLP tools and why they are unfounded:
1. Productivity killerA myth that has persistently haunted DLP is its negative impact on productivity. It is blamed for making usually easy tasks time-consuming, thus hindering employees’ efficiency and increasing their frustrations. As all myths, this bit of misinformation started from a grain of truth: it’s a remnant of former inadequacies of first generation DLP tools which, as any new technology just being developed, was still difficult…
Read more