Data Security Tips for the Indian Media Industry
A sunrise sector in the Indian economy, the media and entertainment industry is on an impressing growth path and is expected to expand at a much faster rate than the global average. Along with this, the stakes related to data breaches are also getting higher for the affected organizations.
Media and entertainment companies, including television, print, film and radio have embraced digital transformation during the past decade. This resulted not only in new and compelling ways of creating and delivering products, but also meant collecting, storing and using a massive amount of data in order to gain deeper insights about customers. With the proliferation of devices and applications, the increasing amount of content and data to handle as well as with data breaches and leaks making headlines, cybersecurity became a prevalent issue faced by these organizations.
Data breaches pose significant financial and reputational risks to media and entertainment companies. The emergence of cloud applications, mobile devices, wireless connectivity and other forms of computing resulted in an increased potential for attack points. Protecting digital assets, like documents, motion pictures and audible content for production, storage and distribution and safeguarding valuable content from being stolen or misused are challenges broadcasters, media content producers and distributors constantly face.
The Emergence of Data Protection Regulations
As general and industry specific data protection regulations are becoming prevalent and more rigorous on a global level, compliance is also a crucial aspect to consider for companies. The implementation of the General Data Protection Regulation (GDPR) has caused a stir amongst businesses worldwide; the EU wide legislation is an important milestone and reference point, and many countries are now trying to follow suit.
In India the draft of an extensive data privacy bill was submitted to the Government in 2018 and with this the country moved one step closer to its first data protection law. The long-awaited Personal Data Protection Bill, 2018 (PDP Bill) makes individual consent central to data sharing and provides a framework for government and private entities in India to process personal data, thus reshaping the relationship between Indian citizens, companies and government actors to whom they entrust their data. The PDP Bill is yet to be passed by the Parliament and is expected to be tabled after 2019 general elections.
Data Loss Prevention for Media Companies
As companies in the media and entertainment industry are vulnerable to threats on both the content and infrastructure sides, it is essential for them to have strong security measures in place to safeguard personally identifiable information (PII) and valuable intellectual property (IP). Additionally, contracts may have non-disclosure agreements that should be protected.
In data leakage incidents, confidential information is disclosed to unauthorized persons by either malicious intent or an inadvertent mistake. In the case of media and entertainment companies it is extremely important to protect sensitive information about future productions, whether in text, image, video or audio format. As the industry heavily relies on public trust, the pressure to protect information and their reputation is significant.
Let’s find out how Data Loss Prevention (DLP) solutions can help media and entertainment companies safeguarding their sensitive data.
As a result of the BYOD (Bring Your Own Device) and COPE (Corporate-Owned, Personally-Enabled) policies adopted by an increasing number of media and entertainment companies and the proliferation of devices at the workplace, risks related to security and privacy became primary concerns. From a security standpoint these trends can be a sinkhole if users are unaware of the risks associated with carrying valuable business data with them.
With DLP solutions businesses can ensure that end users do not send potentially sensitive or critical information outside the corporate network. Endpoint Protector’s Device Control module is a cross-platform functionality, that allows to control the portable devices (USB storage devices, printers, iPads etc.) connected to the computers and to monitor all transfers of data to authorized devices.
Content Aware Protection
In order to provide premium content in a profitable way, media and entertainment companies should employ an ongoing process to protect sensitive data against unauthorized usage and distribution. With content aware protection companies can ensure that sensitive data doesn’t leave the organization and/or gets in the hands of inappropriate persons through various exit points and online applications.
The Content Aware Protection module of Endpoint Protector makes it possible to block the transmission of files depending on the file type. This option includes graphic files (JPEG, BMP, PSD, TIFF etc.), office files (Word, excel, Powerpoint, Pdf etc.), archive files (Zip, Ace, Rar etc.), media files (mov, avi, wav, m3u etc.) and other files. Filters can be created based on predefined content, like Aadhaar number or phone number, thus blocking the transmission of the selected sensitive data. The newly introduced Deep Packet Inspection feature allows the whitelisting and blacklisting of specific URLs. This module has predefined policies that help companies achieve compliance with different regulations and it allows the creation of new policies as well.
With accessibility and portability being an important part of daily work, sensitive data travels a lot. As portable devices can be easily lost or stolen, unencrypted USBs can easily constitute the cause of a major data breach.
Endpoint Protector’s cross-platform Enforced Encryption module represents an added security layer for corporate confidential information that is transferred to USB portable storage devices. By using this, media and entertainment companies can ensure that sensitive data will not fall into the wrong hands due to unauthorized access, lost or stolen devices.
While data at rest is sometimes considered to be less vulnerable than data in transit, attackers – both external and internal – often find data at rest a more valuable target than data in motion.
The eDiscovery module scans sensitive data at rest, residing on computers, shared file servers and in cloud storage, based on predefined custom content, file name or a specific compliance profile. Based on the results, data can be encrypted or deleted.
DLP products can help media and entertainment companies in preventing potential data breaches and leaks by monitoring, detecting and blocking sensitive data while in motion and at rest. Check out our case study on how Endpoint Protector offers data loss prevention for a media company.