So far this year, the majority of data loss incidents have had one thing in common: they revolved around third party data breaches. It’s certainly not a new risk vector, but in our hyper-collaborative economy, it’s rapidly rising in its significance. Whether you’re in financial services, telecommunications, manufacturing, or Hollywood, your greatest risk to data loss occurs when content moves outside of your direct control. But, we can’t afford to stop collaborating. What companies need is a way to keep control over this valuable information without paralyzing their ability to do business. In other words, it’s time to rethink the way companies address vendor security. As more stringent data protection regulations go into effect (GDPR, the New York DFS cyber-security requirements, etc.), it will be up to every company to keep pace. Companies need strong preventative controls that protect their data as it leaves their hands, especially when it’s stored with third parties. The bigger, stronger walls we’ve built are excellent at keeping attackers out, but they can’t protect data we’ve entrusted with others. But, by applying security and identity-based access controls directly to the data, companies can mitigate the risk of human errors that occur when employees accidentally autocomplete an external email address, forward a file they shouldn’t, or move sensitive data off of controlled systems. While people will always be a weak link in the information security process, by applying encryption to sensitive data by default and setting automated policies and controls, IT can take the human decision making out of the security equation. To accomplish this task, we’ve compiled five recommended practices that can help organizations move to a more proactive, data-centric security model. First, take a data-centric approach By taking a data-centric approach, organizations can enable their employees to confidently collaborate freely with whomever they choose, all while ensuring the highest levels of security, visibility and control. Encrypt more data by default Another mistake companies make is putting complete trust into their employees to do the right things. Let IT make it easy for them and set policies that will automatically be applied when data is created or shared externally. Plan for auditing and compliance now With all the new regulations in the US and abroad, almost all companies are now required to provide a paper trail or audit log of what happens to their data. While it’s a requirement, taking steps to plan for these audits today will make you incredibly prepared in the event of a third party data breach. When you can see who has tried accessing your data, and where, you can mitigate the risk of having to issue a notification, and can take steps to minimize future issues. Make identity a central component of security Tying access control to identity gives you control over who has access to your data by making users authenticate to you directly using an email alias. This can prevent forwarding information to unauthorized users or accidentally fat-fingering an email address. Giving data owners the ability to control who can access your data and limit what they can do with it once it’s accessed provides an extra layer of security. Don’t just monitor: take direct control of your data In the event of a third-party data breach, or if your data accidentally finds itself in the wrong hands, you need to be able to kill access to it at a moment’s notice. No matter how high or how strong we build protective barriers, we’re always going to be at risk of a breach, and a hacker’s biggest win is gaining access to your data. Proactively locking down any data they may get their hands on is a huge advantage. By taking a data-centric security approach, you can protect your team against data loss, even for files that have left your physical control. Moreover, you can proactively prevent unauthorized access, and track precisely who should (and who should not) have access to your data. This approach will let you secure files and communications throughout their entire lifecycle, and you’ll be confident that even if your data is sent externally, you can still verify that it was used appropriately. To see how Digital Guardian Secure Collaboration is helping companies across the Fortune 1000 tackle these issues and how you can adapt your team to a more data-centric strategy, check out our Definitive Guide to Data Security.

It’s no surprise to anyone that the amount of data that exists is rapidly growing. A report by IDC predicts that by 2025, the global datasphere will have grown to 175 zettabyes. To put in perspective how much data this truly is, one zettabyte is equal to one trillion gigabytes – that is an astronomical amount of data. Needless to say, humans are not...

Enza Iannopollo, principal analyst at Forrester, recently answered some of the pressing questions we’ve received when it comes to data security, and more importantly building the foundations of your data security strategy. Today we’re looking at what Enza had to say when it comes to implementing DLP and data classification, and if one should come...

As cybercrime continues to skyrocket (security incidents 124% year over year) and headlines are still dominated by high-profile cybersecurity issues ( SolarWinds, Colonial Pipeline, Log4j) the government has become keenly interested in regulating how businesses protect their data and assets. This desire to regulate applies not only to those engaging in business with the federal government but to...

Perimeter-based security is out, Zero Trust architecture is in. Learn what Zero Trust means, why your organization should use it, and how Fortra can help.

Learn why automatic network mapping software might not give you the full picture of your network infrastructure and why you might still need some manual effort to keep your network healthy.

Use our Fortra CUI Training study guide to help you understand what CUI is, who creates and complies with it, and to ultimately pass your training course.

It's the start of a new year, now's the perfect time to review your cybersecurity goals. Each year cyberthreats increase, causing more and more damage. Your security program and protection needs to be updated and adjusted accordingly to match these threats, preventing criminals from breaching your company's security. There are numerous ways your cybersecurity can be strengthened: secured...