data privacy

The Panama Papers 2.6 Terabyte Terror

“This is not a leak. This is a Hack.” – Ramon Fonseca

Known to be the largest and now most controversial data leak of all time, the Panama Papers is a prime case to be examined by information management providers. Mossack Fonseca, an international law firm, is now facing extreme backlash for their ties to foreign money.  Hacked and leaked by an anonymous source, this is the largest recorded data breach in history. The crime in question, the hacking of Mossack Fonseca’s private information has been overshadowed by the scandal of their relationships to foreign politicians and what some are saying, dirty money.

Hacking can occur in a number of ways. The computer systems itself can be hacked and mined for information. Websites can be compromised and emails can be phished. If your organization is a target for a cyber hacking, there’s not much you can do to prevent it. See how the NSA, JP Morgan Chase, and Sony Entertainment couldn’t help but be victims to malicious targeted cyber hacks & data leaks.

However, if you’re not a target with a big red market on your back, then it’s still better to be safe than sorry. Take precautions by improving your information security so that an accidental hacking doesn’t tear down your organization. Here are 3 easy benchmarks any organization can check off, to proactively combat a potential cyber hack.

1.    Perform required software updates for your document management systems, operating systems and web browsers.

2.   Ensure implementation of appropriate firewalls to servers, networks, and devices.

3.   Manage all passwords with an encryption software or change your passwords often.

It seems to be that cyber hacking is the new cool but that’s what makes this all the scarier. As intelligent engineers are lured into employing their skills towards malicious criminal activity, all an organization can do is be aware, proactive, and smart about how their information is controlled.

 

4 Keys to Assessing Quality for Enterprise Content Management (ECM)

Is your Enterprise Content Management at the quality that you expect for your organization? Optimize your ECM system to be the best that it can be. Apply these 4 quick FileTrail tips to your ECM strategy, today.

1. Information Governance (IG) Strategy

The first key to assessing quality for ECM is an IG strategy. Has your organization developed a framework for Information Governance goals and benchmarks? IG stakeholders to look at are:  authorities, supports, processes, capabilities, structure, and infrastructure. Go through these one by one and develop a plan for how these stakeholders should work to support compliance requirements, business needs, and utilize available technology.

2. Clean Data Migration

The next key to assessing quality for ECM is validating your data. Migrating dirty data is a complete waste of time for everyone involved.  Minimize errors and duplications to confirm that your information, whether digital or physical, is cleaned up before migration.

3. Standardized Processes

The third key to success I mean, to assessing quality for ECM is standardizing processes. Stated previously as a stakeholder in key number one, this deserves more attention. If your organization runs through different offices, cities, countries, and etc, it’s important to ensure that all employees know the correct way to capture and secure information. A standard method minimizes errors and duplication, effectively reducing  risks while increasing security. Remember, 95% of cyber breaches are user error, so supply your employees with training on standard processes and best practices.

4. High User Adoption

The last key to assessing quality for ECM is ensuring your system encourages high end-user adoption rate. If your organization implements an ECM system but your employees find it either too difficult to use or simply don’t like it, you won’t be able to capture and store the information that the organization must secure. This is where you keep it simple. Provide a software that is modern and user friendly with tools to help access and retrieve information quickly. If it helps to ease their tasks and increase their productivity, the bonus will be for both the user and the organization.

 

 

3 Steps to Protect Against Cyber Breaches

As an organization protecting sensitive data, you do everything in your power to prevent cyber breaches. However, you do wonder how easy it can be for someone to break into your system and take all that they want. Hacking groups have become infamous since the Sony Entertainment breach and JP Morgan Chase chaos.

The most current cyber security breach made public, is happening right now. With the news on the current US primaries, Republican front runner Donald Trump has been chosen by international cyber hacking group Anonymous as their next target. According to a Newsweek article, private information has been leaked by the group pertaining to Trump’s identity, campaign, and business. The group of cyber hackers is calling this their second of three attacks aimed at the politician. With such a large profile case, organizations should take this moment as a learning tool to help protect themselves against cyber breaches.

Here are 3 steps your organization can work on to ensure a more protected network system.

1.    95% of Security Breaches are User Error

The best thing any organization can do to ensure security, is to train employees properly. This proactive approach alters the culture of a company to be more security cognizant. Proper training will help eliminate common mistakes that could leave weak spots prone to cyber-attacks. Employees will also become more aware in noticing odd behavior by phishers, fraudsters, and even malicious inside users.

2.    Restrict High-Risks Access

For an organization’s security strategy, consider limitations to what sites your employees can visit while on the company’s network. Many breaches can occur via drive-by downloads from compromised websites. Being able to control what websites are white-listed for employee access, is a key security policy for protecting sensitive, high risk information.

3.    Test, Test, Test

As an organization, you should always be on the lookout. Performing regular vulnerability assessments must be required for your information security team. If you’re a large enterprise with droves of information that needs to be secured, these should be done weekly. Vulnerability test should scan against every system in your company’s network, both internal and external.

Being proactive is the first step in this strategy as employees are often the first responders to data security breaches and abnormalities. A wide open access to the internet may not be the best idea while on your private networks. Having a plan and always being on the lookout, may be the trick to keeping your organization clean of security breaches. Take these 3 key steps and prepare your trump card for when cyber warfare comes your way.

 

How safe is your data?

January 28th was Data Privacy Day and that’s got me thinking. I’m sure we all sometimes wonder how social media apps like Instagram ($715 million) and Snapchat ($16 billion) are valued at insane figures. There’s no mystery behind that. Large companies are purchasing these tech startups for one key purpose: to own the rights to data or information that these startups have generated. Information is lucrative.

As a large enterprise not in the data purchasing industry, managing our own information is a gargantuan task on its own. Whether you’re in legal, life sciences, or the financial industry, information and its proper management is significant to an organizations’ regulation and compliance policies. Since information is a highly profitable resource, knowing how to manage your data is vital to preventing data breaches and unwanted information seizures. Data breaches have caused many litigation lawsuits in recent years: think JP Morgan and Sony Entertainment.

Outside of those examples, the health industry has been a deadly target for cyber hackers. organizations within the health industry understands that client and employee information are meant to be kept extremely private. Not only are these organizations collecting endless bits of data every single day, they are also storing this information in enormous repositories. Why is this a terrifying concept? If information is improperly managed, will the data remain safe?

To prevent litigation and regulation risks, it’s time for organizations to understand that controlling their data and knowing how their information is managed, is the best practice to prevent malicious data leakages. For Data Privacy Day, let’s look into our organization's infrastructure and understand how our information is being managed so that our data can remain safe and private.

Tackle E-Discovery with a Proactive Approach

How to tackle e-discovery with a proactive approach and strategy. How prepared would your company be, if they received an e-discovery request today? For many companies, the practice of disregarding a proper e-discovery plan is far too common. Inefficient e-discovery practices almost always lead to costly expenses, in addition to sanctions or fines that are handed down.

The first step every company should take in a proactive effort to properly prepare an e-discovery strategy, is to familiarize themselves with the Electronic Discovery Reference Model or EDRM diagram.

EDRM.net states, “The EDRM diagram represents a conceptual view of the e-discovery process, not a literal, linear or waterfall model. One may engage in some but not all of the steps outlined in the diagram, or one may elect to carry out the steps in a different order than shown here.”

Taken directly from their website, EDRM.net lists the stages of the EDRM diagram as follows: Information Governance – Getting your electronic house in order to mitigate risk & expenses should e-discovery become an issue, from initial creation of electronically stored information (ESI) through its final disposition.

  • Identification – Locating potential sources of ESI & determining its scope, breadth & depth.
  • Preservation and Collection – Ensuring that ESI is protected against inappropriate alteration or destruction. Gathering ESI for further use in the e-discovery process (processing, review, etc.).
  • Processing, Review, and Analysis – Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis. Evaluating ESI for relevance & privilege. Evaluating ESI for content & context, including key patterns, topics, people & discussion.
  • Production – Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms.
  • Presentation – Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.Preparation remains key for companies that want to proactively handle e-discovery. Ensuring you have the necessary practices and procedures in place, is the first step every company should take in order to be e-discovery ready. The risks far outweigh the benefits of avoiding a proper e-discovery strategy, so start familiarizing yourself with the EDRM stages today!