- Where’s your source code?
- Whose laptop/workstation has it?
- Has your Intellectual Property been sent to Box?
- Has a salesperson copied your customer data to their Gmail account?
- Has an employee sent ePHI or PCI data to a 3rd party?
- Has a Business Associate sent information to his private email account?
- Data traveling across borders? Do you know? Can you prevent it, based on policy?
- Has malware encrypted your sensitive data and sent it out through an unknown channel?
- Can you inventory your data storage silos?
- Do you understand how much sensitive data sprawl is within your organization?
- Do you know what sensitive data is hidden in imaged documents?
- Are you GDPR compliant?
Best Practices for Data Protection
DO YOU HAVE THE ANSWERS TO THE FOLLOWING:
Here are a few best practices for simple defensive controls against insider and outsider threats
- Continuous, accurate Discovery and identification of Sensitive Data
- Continuous Classification of Sensitive Data
- Continuous Monitoring of all channels/ports & endpoints with the ability to accurately prevent the exfiltration of sensitive data
- Encrypt data based on policy – blanket encryption protects the hacker
- Continuous employee and 3rd party training including business associates
Some data needs to be blocked, some just encrypted while other information can leave without any issue. Does your data protection program have the ability to accomplish this?
With broad coverage for both on premises and the cloud, GTB Technologies Enterprise Data Protection that Works platform incorporates all these best practices for complete insider threat protection. Try it out
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.