Defensive Controls Against Insider & Outsider Threats
DO YOU HAVE THE ANSWERS TO THE FOLLOWING:
- Where's your source code?
- Whose laptop / workstation has it?
- Has your Intellectual Property been sent to Box?
- Has a salesperson copied your customer data to their gmail account?
- Has an employee sent ePHI or PCI data to a 3rd party?
- Has a Business Associate sent information to his private email account?
- Has malware encrypted your sensitive data and sent it out through an unknown channel?
- Can you inventory your data storage silos?
- Do you understand how much sensitive data sprawl is within you organization?
Best practices for simple defensive controls against insider and outsider threats
- Continuous, accurate Discovery and identification of Sensitive Data
- Continuous Classification of Sensitive Data
- Continuous Monitoring of all channels / ports & endpoints with the ability to accurately prevent the exfiltration of sensitive data
- Encrypt data based on policy - blanket encryption protects the hacker
- Continuous employee and 3rd party training including business associates
- Extension of data protection policies to 3rd parties