Last year, Renee and her team introduced a new partner program and led partners through the rebrand to Fortra. Here's her take on these achievements and a look at the strategic shifts that will be required for cybersecurity moving forward.

Learn about 50 different types of data encryption algorithms and their unique advantages in the context of data protection.

Organizations use various types of data security controls, along with their corresponding implementation methods, to safeguard their digital assets. This article delves into the main types of data security controls, their associated technologies, and how to implement them for maximum impact.

There's no shortage of data that can be classified. To help you build an effective data classification policy, we look at 50 different examples of data classification.

A recently approved rule on cyber incident notification will impact how credit unions communicate reportable incidents like data breaches.

In a recent penetration test, the Fortra team was able to harvest enough credentials from a customer to know a savvy threat actor could take down their domain. Discover why testing your organization’s defenses is essential to offensive security.

Although data leakage doesn’t pose the same danger as data breaches, it can still threaten organizations. Since any unauthorized transmission of data is a security violation, it is imperative organizations protect their data with data protection software like Data Loss Prevention (DLP). What Is Data Leakage? Data leakage is when data or information is accidentally exposed, disclosed, or divulged to those without authorization to access it. As opposed to data breaches that occur due to compromise from an external source, data leakage originates internally. Unlike data breaches, data leakage isn’t always due to nefarious intent. For example, it can occur in machine learning algorithms while developing predictive models. While data leakages occur accidentally or due to carelessness, they are viewed as a security flaw or violation. This is because the area from which data escapes is typically a secured network perimeter, which ought to have the wherewithal to prevent it in the first place. However, criminals can take advantage of a data leak by exploiting it to launch more pernicious, larger-scale attacks. So, while a data leakage might have innocuous origins, its impact can be devastating in the form of identity theft, ransomware propagation, and providing a pathway to data breaches. What Are the Causes of a Data Leak? Data leaks are due to various reasons, such as the following: Poor data security Without employing standard security best practices, an organization increases its chances of experiencing data leakage. They include not properly vetting third-party applications, which can expose the company to supply-chain attacks. Recycled Passwords The underlying root cause of recycled passwords are organizations that maintain poor password policies. This is also facilitated by the fact that users have to juggle an array of apps in this digital age. Left to their own devices, users reuse the same password for multiple accounts they have to log into, including corporate ones. This increases the possibility of a data leak that exposes these passwords. Hackers and malicious actors can leverage this to launch credential-stuffing attacks to compromise several corporate accounts. Misconfiguration and Poor Infrastructure Misconfigurations are one of the leading causes of data breaches. There are myriad ways misconfigurations can manifest. These improper configurations include poor settings such as using default factory configurations, shoddy permissions, inappropriate settings, and exposing secrets through a lack of proper authentication around cloud storage devices. Unpatched Software and Apps When an organization is negligent in applying security patches and updates to its software in a timely manner, it can create opportunities for data leaks and other types of vulnerabilities. Unpatched software, for instance, can open the door to a zero-day attack. Lost and Misplaced Devices Both company-issued and employee-owned devices can contain an organization’s intellectual property and corporate secrets. The loss of these devices due to theft or carelessness qualifies as data leakage that can easily escalate into a data breach. How can these types of leakages be prevented? Fortunately for organizations, several cost-effective and optimal solutions can be used to prevent data leaks. Conducting Vulnerability Assessments An organization should embrace a policy of conducting periodic vulnerability audits and threat assessments. These can be in the form of penetration tests in which the organization’s security infrastructure is probed for flaws and weaknesses. This proactive measure enables an organization to discover and safeguard potential sources of data leaks. Enhancing Document Security When data leakage occurs, it is invariably through the contents of documents that weren’t sufficiently protected. Organizations should adopt document security measures to protect their business information and corporate secrets. Control Access to Data Rampant and indiscriminate access to data increases the possibility of data leakage. To fix this, organizations should ensure that data access is tightened to only required users and apps. Organizations can achieve this by implementing robust user and cloud-based access control mechanisms and following the principle of least privilege (PoLP). Evaluate and Prevent Third-party Risks An organization might apply the requisite security practices and due diligence but can be exposed to vulnerabilities in its third-party applications. Organizations should monitor third-party applications, including open source and other supply-chain applications, to prevent becoming compromised. Implementing Robust Endpoint SecurityWith the proliferation of remote work, mobile phones, and bring-your-own devices (BYOD) in workplaces, endpoints have become crucial points of data leaks. As a result, companies should strengthen endpoint security by applying multi-factor authentication and intrusion detection mechanisms. Implementing Zero-Trust Security The rise of cloud-based computing, coupled with the explosion of endpoints, including mobile devices, means that for many organizations, perimeter-based security no longer suffices. As a result, cybersecurity practices can no longer afford to trust users and applications already inside the network. Instead, companies should adopt zero-trust security and its mantra of “never trust, always verify.” Implementing Data Loss Prevention (DLP) Tools Data loss prevention is akin to killing two birds with one stone, as it protects and defends against both data leaks and data breaches. Here are the following ways DLP can help: Providing overarching visibility: DLP can provide the high-level and granular visibility necessary to combat data leakage. Infosec teams and network administrators can effectively monitor the network, especially in large organizations. Data leak prevention: DLP software has built-in anomaly detection mechanisms. Most of these are now boosted by artificial intelligence to detect and flag suspicious transfers and movement of data to stop illegal exfiltration. Securing data at all stages of the data lifecycle: DLP solutions can secure data, whether at rest, in motion, or in use. It achieves this by combining data security policies with encryption mechanisms. Data identification: First, data categorization techniques can help a business determine whether data needs to be protected. Moreover, based on this identification, it assists in prioritizing risk, which guides the level of protection to be applied. Securing endpoints: Endpoint DLP is specifically designed to safeguard and overcome the challenges of protecting corporate endpoints like IoT and mobile devices. How Fortra Secure Collaboration Can Help You Stop Data Leakage When paired with DLP, Fortra Secure Collaboration can help tighten up your data protection strategy and protect your data anywhere, wherever it travels. Fortra Secure Collaboration is also highly flexible, allowing you to nimbly apply policies to manage and audit data in real-time. To learn more about how Fortra Secure Collaboration can secure your data and how Fortra Secure Collaboration works alongside DLP solutions like Fortra’s Fortra, click here.

In this digital era, data has become the most important currency around which e-commerce and business revolve. Data-centric security highlights this by providing greater emphasis on the data itself rather than the technologies, and infrastructure, surrounding it. What Is Data-Centric Security? Data-centric security revolves around the actual data, focusing on core attributes like its lifecycle and dependability rather than the risks associated with inadequate security infrastructure protecting it. As a result, it involves protecting data wherever it is, whether at rest, in motion, or in use. This makes sense since most of the data an organization generates rarely stays within the confines of its corporate network. Instead, it is shared with third parties, advertisers, and other outside collaborators. Data-centric security represents a paradigm shift from the traditional security route organizations follow to protect data, which mainly consists of beefing up their digital infrastructure. While technology is still involved in data-centric security, its solutions are more geared towards providing layers of governance, policies, and best practices to protect data. This focus on data extends to how it is stored, where it is located, and how it is accessed. What Are The Advantages of Data-Centric Security? As data becomes increasingly valuable as a competitive advantage, organizations have increased spending on their cybersecurity apparatus. Yet, this hasn’t truly mitigated cyber attacks, hacking, and other security breaches from occurring. Lowering the Compliance Cost of Data By focusing on the data itself, data-centric security ultimately reduces the incidence of data security breaches. It also lowers the cost of maintaining compliance, often requiring constantly updating equipment, systems, and their underlying technology. Improved Handling of a Remote Workforce Technological changes and the Covid pandemic accelerated the adoption of a remote workforce. However, the proliferation of remote endpoints outside corporate infrastructure and networks drastically increased security risks posed to data. Adopting a data-centric solution that protects data wherever it goes reduces the risks highlighted by remote work. Guaranteeing File-Level Security Data-centric security involves more than a pivot from the traditional infrastructure-focused approach. It applies more granularity to data security by leaning more heavily on file-level security. This, in turn, makes it easier to track, store, and safeguard your data. In addition, file-level security facilitates the implementation of robust encryption mechanisms, along with strong access controls and policy enforcement. Without this document security, you can more reliably control what and when users can access resources. Creating Data Security Independent of Device or System Data-centric security relieves organizations of the burden of being beholden to any system or device. By building strong cybersecurity regardless of platform, they have more leeway for data management, especially with their supply chains. This is vital because while security infrastructure can fortify a system, it often results in presenting or providing security as an end in itself instead of the means to an end – which is protecting an organization’s data crown jewels. Moreover, data security independent of a system mitigates the risk or possibility of an attack on the organization’s data. Data-centric solutions also reduce the incidences of data silos and harm when a systemic failure occurs. How to Create a Data-Centric Security Model Creating a genuine data-centric security model brings security down to the data level. Defense-in-depth Defense-in-depth is the most salient feature of a data-centric security model. It entails adopting a military strategy that encloses data in successive layers of security. These concentric rings of security may start with the desktop as the outer layer, then move to network access and operating system controls before presenting authentication. Defense-in-depth provides sufficient redundancies that act as barricades of increasing complexity from one layer of security to the next. Data Discovery, Identification, and Classification The first step in building a meaningful data-centric model is auditing and taking inventory of your organization’s data across its intranet, databases, cloud systems, and various platforms. Before an organization can keep its data secure, it needs to know where it is located and how it is stored. The next step is properly classifying and labeling the data because you cannot accurately deploy protection until you know the value of the data you are dealing with. Once data classification has been achieved, possibly with the means of automation, infosec teams can prioritize the level of protection each category of data deserves. For instance, intellectual property information like patents and company secrets might need to be protected differently from, say, credit card details. Identity and Access Management (IAM) Identity and access management is a critical part of data-centric security. IAM ensures that only authorized users can access an organization’s data. Coupled with the principle of least privilege (PoLP), it provides the necessary controls so that users are exposed to only the data required to perform their duties. Governance and Compliance To be truly effective, data-centric security must adhere to industry-specific and governmental regulations, including federal and international mandates. One of the most all-encompassing is the General Data Protection Regulation (GDPR) of the European Union (EU). If your organization operates in the healthcare industry, then HIPAA laws cover the storage, handling, and overall confidentiality of patient information. As a result of data regulations, organizations adopting data-centric solutions must periodically conduct risk management audits to ensure they are maintaining compliance with data governance rules. Data Loss Prevention (DLP) One of the best ways to approach data-centric security is to incorporate a data loss prevention solution. DLP excels in preventing data from entering into the wrong hands or being exposed to unauthorized access. It detects and prevents data loss from data breaches, data leakages, and data exfiltration. DLP uses encryption and data masking to obfuscate and protect the data from unauthorized access and illegal tampering. How can Digital Guardian Secure Collaboration help you with Data-Centric Security? Digital Guardian Secure Collaboration possesses the correct tools to aid organizations in their data-centric security journey. With secure file collaboration technology, like digital rights management (DRM) and information rights management (IRM), Digital Guardian Secure Collaboration can help complement your DLP solution and extend your data protection strategy across your enterprise. Digital Guardian Secure Collaboration solutions provide data security that travels with your digital crown jewels wherever they go. Moreover, our solution works independently of the platforms, applications, and databases you use. To learn more about data loss prevention and how we integrate with DLP solutions, like Digital Guardian, here.

Data loss prevention software protects and secures your data from going where it shouldn’t go. What Are the 3 Types of Data Loss Prevention? Data Loss Prevention emerged to address the proliferation of data and is used to help organizations protect sensitive data, such as intellectual property and other business-critical data, from loss, damage, theft, and malicious abuse. The three types of data loss prevention are: Network DLP: This consists of security software and practices that monitor, track, and analyze activity across a network. Through network security, it tries to detect and prevent critical, confidential, or sensitive data from being exfiltrated through network traffic. In addition to inspecting network protocols, network DLP can discover sensitive information across various local and remote repositories (ex. Network share and MS Sharepoint Online), including databases. Endpoint DLP: Endpoint DLP extends monitoring for data loss to endpoints such as mobile devices, IoT devices, laptops, desktops, and servers. Endpoint DLP is predominantly concerned with protecting data in use and data at rest. Cloud DLP: Because the cloud is a storage location, cloud DLP is used to protect data at rest. In addition to the public cloud, this DLP can also protect data inside a private cloud run on a virtual server. How Does DLP Work? DLP has to engage with many attack vectors and access points in its task of data loss prevention. In addition to leveraging encryption and user access control, here are the processes involved in making DLP work. Classifying data: Data classification is an important prerequisite for DLP. This includes labeling data in an organization’s possession into, say, public, sensitive, or internal classification levels. Because classification can be labor intensive, most DLP solutions provide automated data discovery and classification services. This technology can scan your data repositories to classify new data entering the organization’s infrastructure. Establishing confidentiality levels: While DLP solutions provide classification features by default, you shouldn’t totally outsource this function. IT departments should assign data classification labels that make sense within the context of their data security. Typical classification examples could range from credit confidential, card information, sensitive, top secret, private, and internal. Linking protection to the right context: Because data in the enterprise can occupy several states (at rest, in motion, or in use), DLP has to account for the susceptibility of data loss at each stage and with each loss vector. Developing DLP policy: Configuring a DLP system’s behavior by creating data rules and policies. These encompass how the DLP system should react to data events. These may include revoking user access when someone is in violation of policy, issuing alert notifications when confidentiality markers are triggered, and so on. Monitoring and investigation: With the visibility provided by DLP, security experts can easily detect data leak security incidents through anomalous behavior, and subsequently reduce the chance of data loss and reputational harm. In summary, DLP requires discovering sensitive data, accurately classifying it, and taking remediation actions such as denying access or removing duplicates and inaccuracies. General DLP Use Cases When a data breach occurs, it exposes organizations to significant reputational, financial, and regulatory risks. A data breach or incident can manifest in several forms, such as insider threat, data leakage, data exfiltration, or data loss. Data loss generally encompasses any action or event that renders data usable through destruction, damage, or corruption. Insider threats are caused by authorized users who either maliciously or unintentionally cause data loss or abuse. Data leakage occurs due to the unauthorized but unintentional transfer of confidential or sensitive data. Data exfiltration is, on the other hand, the unauthorized and intentional transfer of confidential or sensitive data. Fortunately, DLP is designed to address these concerns in a concerted manner. Preventing Data-Related Incidences DLP solutions are primarily tasked with preventing data loss and data leakage. These are the ways DLP helps to achieve this objective. Providing Data Visibility Data visibility is a prerequisite for data security. You can’t monitor your data without knowing where it resides, its movement flow, and its chain of custody. Comprehensive DLP solutions typically provide insight into data at the three stages of the data lifecycle. Protecting IP and Competitive Advantage Business battles are increasingly waged on eCommerce front stores through digital products and the power of digital brand awareness. Data is increasingly the bedrock of building intellectual property, trade secrets, and product designs that drive corporate profits. Without DLP standing as a bulwark, the proprietary information, and the data that comprise it can be easily lost through theft and corporate espionage. Ensuring Regulatory Compliance Is Maintained The sensitivity of data and the risk it poses to people’s privacy have compelled governments around the world to enact legislation to protect personally identifiable information (PII), including health and financial records. Some popular ones include GDPR, HIPAA, PCI DSS, SOX, and CCPA. Complying with all these cybersecurity laws can be challenging for businesses. DLP software provides a mechanism to monitor data and ensure the right policies and data frameworks are applied. What are the similarities and differences between endpoint vs. network vs. cloud DLP? Although they each have different objectives, both network, cloud, and endpoint DLP are necessary to fortify an organization’s data security posture. Together, they ensure that all the bases are covered with regard to data protection, namely, monitoring movement and activity surrounding critical data, protecting in all phases of the data lifecycle, and controlling who and how it is accessed. Network DLP protects data traveling across the network. As a subset of network DLP, cloud DLP extends protection to cloud repositories for organizations that leverage cloud computing resources. In addition to protecting data in motion, endpoint and cloud DLP prevents data loss when it is being processed and in general use. Also, the common denominator across these three DLP processes is encryption. It is used to protect data, whether it is at rest, in motion, or in use. Network DLP vs. Endpoint DLP As its name implies, network DLP secures data transmitted across a network. It also protects data on web apps like email and other file transfer processes from being exfiltrated. These operate at the network periphery and act as agents of network transmission. Unlike network DLP, which is equipped to protect data in motion and data at rest, endpoint DLP protects data in all three data cycle phases: data in use, in motion, and at rest. Endpoint DLP mainly achieves this through the installation of agents. The prominent use case of endpoint DLP is protecting intellectual property and ensuring compliance to data policies are adhered to. Learn How Fortra Secure Collaboration Helps to Extend Security in DLP Products (like Fortra DLP) to Safeguard Your Data Fortra Secure Collaboration's ability to extend security in DLP solutions allows you to combine the best of breed data protection to include network and endpoint DLP along with digital rights management (DRM), and information rights management (IRM). These measures ensure your data is protected regardless of where, how, or who accesses it. To learn more about data loss prevention and how to bulletproof your endpoints, read about how we work with DLP solutions here.

To help defenders close the gaps, we asked more than 30 experts what the most overlooked element of preventing cyberattacks is.