Last year, New York became the 1st state that proposed cyber security regulations for the financial organisations. This year, on March 1st, the New York Department of Financial Services (NYDFS) Cybersecurity Requirements came into effect.
This new regulation requires financial institutions like banks and insurance companies, and others to establish and maintain cybersecurity programs in order to protect consumers’ private data. Financial organisations have an 180-days transition period to enhance their infosec implementation in order to protect their Information Systems and Nonpublic Information (NPI). By August 28, 2017, must have a cybersecurity program in place and starting February 15, 2018, they must be able to demonstrate they are compliant by submitting annual Certifications of Compliance.What is the Information…Read more
Apple announced the upcoming release of its macOS 10.13, dubbed High Sierra, at the Apple Worldwide Developers Conference(WWDC) 2017 keynote event in San Jose earlier this month. It brings many under the hood changes along with some new eye catching updates for everyday users.
The Cupertino-based company is clearly starting to take into account the thousands of Macs used across enterprises with some updates aimed to improve the management and configuration of large scale Mac deployments. High Sierra will bring new MDM configurations such as the 802.1X Ethernet, management of firmware passwords and user accounts, tools to shut down and/or restart macOS remotely, FileVault key escrow and restrictions to iCloud desktop and documents. It will also include the ability to delay software updates for up to 90 days so IT teams can test them before installation.
The most notable change in…Read more
Between 6-8 June, security specialists once more descended on the Olympia in London for Europe’s biggest information security event, Infosecurity Europe 2017. Amid stunning Victorian architecture, vendors from across the globe unveiled their latest projects and their most successful products to a crowd of enthusiastic guests from across a multitude of industries. CoSoSys participated for the 4th time this year and our team was on hand to present and guide visitors into a demonstration of our Data Loss Prevention solutions.
Playfulness was the name of the game in the exhibition area, with the Olympia’s Grand Hall highlighting not only the tremendous growth and diversity of the information security sector, but also the creative way the over 360 vendors present have learned to showcase their products. CoSoSys was no exception: our booth’s…Read more
The premier gathering of security leaders, Infosecurity Europe, delivers every year significant insights into the data security world through the exhibition area as well as the conference programs. The event is a great opportunity for IT security professionals and business managers to find inspiration for their data protection challenges in terms of approach and solutions to implement. Infosecurity Europe is the largest and most comprehensive conference program in the region, featuring over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.
We are exhibiting at Infosec Europe for several years now and we are looking forward to this year’s edition. The team will be ready to showcase our latest product update – Endpoint Protector 5 – with the updated eDiscovery module, the redesigned, responsive…Read more
We are excited to unveil the newest version of our Data Loss Prevention solution: Endpoint Protector 5, presenting important updates and a brand new redesigned interface. Our aim, as always, is to constantly enhance the data protection features, while offering an intuitive user experience.
Endpoint Protector 5 presents some essential changes.
With a more intuitive design, the complex process of securing data becomes easier. IT Admins can benefit from a more user-friendly, modern, and responsive interface of the management console.
Key features and benefits of the new UI include:
- Faster access to certain features, such as DLP blacklists and whitelists, which have been included in the main menu as a separate section
- Flexibility – IT Administrators are now able to manage policies and check reports from any device, from desktop to tablet due to the responsive console
When it comes to data protection and regulatory compliance, most of the organizations are not taking into consideration all risk factors that could hinder the security process. The lack of awareness and preparation can lead businesses into failing to protect their company data and preventing data breaches that could cost them their reputation.No BYOD Policies
According to a research study, uncontrolled user access to data and poor management of where data is stored are two of the biggest mistakes regarding a company’s data security.
Reaching compliance is already a complex process, but companies allowing their employees to transfer data inside and outside the network makes it even more difficult. No employee training or monitoring, along with no BYOD policies is a sure road to failure for any business.
The study shows that a lot of IT professionals (69%) allow employees to transfer…
Next to the Gartner Magic Quadrant for Enterprise Data Loss Prevention, CSOs, IT Managers, and other IT security professionals can take advantage of the most recent research published by Gartner: the Critical Capabilities for Enterprise Data Loss Prevention by Brian Reed and Deborah Kish. The research evaluates DLP products for three use cases: regulatory compliance, intellectual property protection and data visibility and monitoring. Scores have been assigned on a scale of 1 to 5 and derived from nine critical capabilities.
- DLP Endpoint
- DLP Discovery
- DLP Network
- Ease of Deployment
- Configuration Flexibility
- DLP Advanced Detection
- Internationalization Support
- DLP Management System
- DLP Vendor Integrations
We are happy to be included in the research and we believe that the scores reflect our strong DLP capabilities, with a focus on endpoint DLP, with advanced detection techniques,…Read more
Financial institutions often deal with data breaches due to the huge value financial records hold for external attackers or malicious insiders. A data security incident in financial organizations can have multiple negative ramifications for both the organization and the owners of the leaked data.
Last year a series of data breaches occurred in the financial sector: Citizens Bank, Nationstar Mortgage, Central Bank of Russia, TD Bank, Bangladesh Bank, and many others. One of the major causes was the significant rise of phishing attacks, especially CEO spear phishing, resulting in the breach of confidential data, starting from PII, dates of birth, home addresses, e-mail addresses, credit card numbers, social security numbers, etc.
According to pcicomplianceguide.org, the Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards…Read more
We use the word “enterprise” for a good reason. Big companies or enterprises with more than 500 employees represent complex ecosystems with incredible resources, structures and more importantly, substantial know-how and data. Information security in these organizations is quite challenging and requires significant efforts from several departments and business unit managers, not only the IT department. But does the joint effort really exist? Or it is only a desire of the idealistic IT security vendors? What other recommended practices are not followed in enterprises?
Let’s see what are the 5 most common data security mistakes enterprises can’t afford to make:1. Failing to make information security a business component
In an enterprise, let’s say, in the clothes manufacturing industry, having a data breach with the unreleased clothes designs is as bad as delaying…Read more
Health-related data is moving more and more from paper to electronic records, determining changes in how healthcare organizations or other industries processing healthcare records are managing and protecting their data today. Businesses that are involved in any way with the use or management of PHI (personal health information) of individuals, need to ensure that they secure their sensitive data against loss or leakage, by following security guidelines, like HIPAA, in order to avoid penalties.What is HIPAA
Health Insurance Portability and Accountability Act of 1996, HIPAA, provides data privacy and security measures for protecting medical information. The legislation is designed to protect the ePHI (electronic protected health information) of individuals, like Social Security Numbers, medical ID numbers, credit card numbers, drivers’ license numbers, home address,…Read more