Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Data Protection Best Practices for a New Remote Workforce
Businesses must address risks associated with an expanding remote workforce. Getting started can be daunting, but in this guest post Forcepoint’s Romeo Gain outlines what you need to know to build an effective data protection action plan.
Business leaders are grappling with the challenge of increasing numbers of remote or distributed employees who need secure access to sensitive data and internal resources to get their work done. The data protection challenges businesses face today are credible and arise from many sources, including malicious external or internal attackers and accidental data loss.
Your data is the lifeblood of your company. You have compliance data, such as customer or employee records, and you have critical business data, such as intellectual property, that could include commercially sensitive information like pricing, contracts and formulas. Depending on your industry, there may be numerous compliance requirements and you may even conduct yearly audits to ensure they’re being met. As businesses grow and expand their employees and offices, their critical data has also increased and oftentimes is stored within online cloud solutions. Whether data is stored on your company’s protected network or at a third-party data center, visibility and protection of that data is important.
Accessibility to your data is also a key consideration. When users are given rights to view and use your data, are they accessing the data from a company asset, a personal device or even a public device? How is the data being used? Is it being shared externally, taken from the cloud storage to an untrusted individual or is the data being copied onto a local USB device? Situations like these are where visibility and the ability to protect the data from exfiltration is paramount. Preparing a plan that provides visibility and control of your data, no matter where it may live, will help strengthen the protection of your sensitive information.
When it comes to developing a data protection strategy in a volatile world, it isn’t enough to eliminate day-to-day challenges; it’s about making sure your strategy helps you effectively achieve your business goals. Policies should focus on people’s interactions with data, including endpoints, network storage, email, webmail and even personal devices and cloud apps that you don’t manage. Data protection goes well beyond simply tracking and blocking the movement of files.
An effective data protection strategy starts with understanding who is accessing your data. Based on the user’s role in the company, it can be determined if he/she needs access to sensitive data. For example, if the user is a financial analyst, he/she will have access to the company’s financial data but if the user is a custodian, he/she more than likely should not have access to any company financial data.
The strategy also needs to consider what data is being accessed. If a user is trying to access a file that contains this evening’s grocery list, the risk is relatively low or even nonexistent. However, if the file that a user is trying to access contains client information or intellectual property, security needs to be established around the file to protect it from being accidentally or maliciously exfiltrated. Properly identifying data as critical is important because we want to protect data that is truly sensitive and not block benign information.
Keeping false positives low is also key to any data protection strategy. The last thing we want to happen is to break normal business processes because of false positives. Equally important, this strategy needs to help the company understand what risks the user poses. In many cases, data leaks are accidental. However, when data exfiltration is malicious and sourced from an internal user, the company then needs to investigate further.
These are all activities that could lead to data exfiltration, posing a great risk to the company. Once a company understands the user’s risk level, actions can be taken to prevent data exfiltration by a risky user before it happens, such as automating procedures to eliminate the need for an administrator to make those changes.
Wherever your users may be, whether they are working in the office or remotely from home or a hotel, a strategy around how the company will protect its critical data needs to be in place. This strategy needs to provide visibility into who is accessing your data, what data they are accessing, whether that data is critical to the company and whether the user should have access or be able to move the data around based on the risk they pose to the company.
Your data protection action plan:
Human-centric cybersecurity changes everything and can mean the difference between data leaks and safeguarding data for your company.
Copyright © 2022 Optiv Security Inc. All rights reserved.
No license, express or implied, to any intellectual property or other content is granted or intended hereby.
This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information.
Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards.
Complaints / questions should be directed to Legal@optiv.com
May 28, 2020
Recent research from Gartner and others indicates the COVID Work From Home spike is here to stay.
April 24, 2020
We’ve seen lots of COVID-19-related work-from-home tips, but how has it affected the attacker?
April 06, 2020
Three enterprise security areas deserve focus in WFH environments: email security, tool configuration and chat.
Let us know what you need, and we will have an Optiv professional contact you shortly.