Blog

How Secure Are You?

May 17, 2016
EmailTwitterLinkedIn

It started on a Monday with a single exclusive story published on the Reuters website, where user information for over 200 million stolen email accounts encompassing mail.ru, Google, Yahoo and Microsoft landed in the hands of hackers. (http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6)

Fast forward to Friday, and the Internet was dominated with news stories on large institutions and how their data and information either fell into the wrong hands or was accessed by the wrong people. Among some of the more prevalent stories:

  1. A criminal investigation is underway at the FDIC on multiple internal data breaches. Specifically, the regulator reported to congress on Monday that five ‘major’ data breaches occurred, involving former employees downloading information and taking it with them. (http://thehill.com/policy/cybersecurity/279752-criminal-investigation-open-in-fdic-data-breach)
  2. Allen Memorial Hospital, located in Waterloo IA, reported that an employee accessed confidential information for over 1,600 patients over the course of 7 years, including social security records, insurance information and additional information on treatments received.
    (http://siliconangle.com/blog/2016/05/12/hospital-suffers-data-breach-as-employee-steals-over-the-course-of-seven-years/)
  3. Fast Food Chain Wendy’s, based in Dublin, OH reported that 5% of their restaurants were affected by a data breach. The details, which emerged earlier this year, centers on malware installed through compromised ‘third-party vendor credentials,’ which gave access to data from one particular point of sale.
    (http://www.foxnews.com/tech/2016/05/11/wendys-data-breach-hit-5-percent-our-restaurants.html)

They all started with an internal factor – access control.

The question is, how do you close the gaps?

The answer is to put the right access management program with the right strategic foundation and tactical elements in place.

This includes, but is not limited to:
– Establishing a methodology to reduce open and excessive access
– Identifying appropriate guidelines for access authorization
– Developing automated and ongoing exception based reports
– Implementing data classification

Knowing who has access, who is utilizing access, what they are accessing and being able to audit that information will make your environment much more secure.

Keep Reading

Related Resources

Explore more resources.

View All Resources
Mastering Data Governance & Law Firm Data Security
Blog

Mastering Data Governance & Law Firm Data Security  

The legal sector is increasingly vulnerable to cyberattacks, with more than 29% of law firms reporting breaches in 2023. As threats like ransomware and phishing evolve, law firms must prioritize comprehensive Identity Hygiene and data protection strategies. SPHEREboard offers innovative solutions to secure digital assets, manage compliance, and maintain...
Read More
Watch the webinar now to equip yourself with the knowledge needed to manage and protect digital identities effectively.
Blog

Identify Your Identities: Bob Smith is Not BSmith

Read More

Stay in the loop

Join our mailing list and get notified of the latest SPHEREinsights