Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

4 Ways How Departing Employees Can Leak Confidential Data on Their Way Out

When employees leave, it is not just about more paperwork and recruitment efforts. In fact, enterprises must also make sure that confidential data does not leave with the departing employees. According to Osterman Research, 69% of organization surveyed indicated that departing employees pose a threat of data leakage.

It is important to know “why” departing employees might leak confidential data. Often, the reasons are classified into two characteristics: accidental and malicious. Accidental data leaks are closely related to employees’ negligence of what confidential data means for enterprises and of potential consequences for data leaks. Ponemon Institute study showed that over 50% of the reasons why departing employees took confidential data was the perception that “everyone else did it when they left.”Meanwhile, malicious data leaks are about personal interests. Lately, many enterprises are warned of malicious data leaks, as data has increased in its monetary value, and competition among corporations, which may lead to corporate espionage cases, has never been fiercer.

Then, what are the four potential threats and how do employees attempt to leak the confidential data on their way out?

1) Employees depart with confidential data in their hands, literally.
Whether accidental or malicious, departing employees have a variety of ways to take confidential data on their way out. One of the easiest ways is to secretly export confidential data to employees’ storage devices like USB drives, external hard drives, and even CD/DVDs.In 2017, a data leakage case that involved global semiconductor firm Micron, which suffered data leakage of monetary scale up to hundreds of millions of dollars, was caused by ex-employees who used USB drives to export and steal intellectual properties.

2) Departed employees access old enterprise accounts.
Google Suite, Microsoft OneDrive, Dropbox… Enterprises now rely on cloud-based storage networks for their daily operations, for their convenience and functionality. Therefore, when employees depart, it is crucial that all accounts with access to confidential data are completely deleted. If not done so, enterprises face another risk of data leakage. Personnel changes or big layoffs are already a big burden, but acknowledging the importance of deactivating enterprise accounts must never be ignored.

3) Departed employees instruct current insiders to take confidential data for them.
Even if the relationship between departed employees and the enterprises has been severed for good, those employees can still find a way to get confidential data in their hands. By asking the current employees privately, departed employees can indirectly obtain confidential data, delivered online or offline. Because this case involves multiple individuals in and out of enterprises, a systematic approach that combines both organizational measures and technological solutions are required.

4) Remnant confidential data can be recovered from the PCs previously used by departing employees.
After the employees depart, it is a common practice to reassign enterprise PCs to new employees or dispose of them for good. Before doing so, enterprises initially format the hard disks to make sure that none of the remnant data are recoverable. However, this is insufficient to completely stop data leaks because disk formatting merely removes the path to remnant data, not the data itself. Therefore, proper data erasure, not conventional file deletion commands, must be the priority in preventing potential data leaks through data recovery.

For enterprises, departing employees must mean more than extra paperwork and recruitment efforts, because they can unexpectedly become a source of data leakage, which can be catastrophic to enterprises. It is a tough challenge; however, knowing the four potential methods of data leaks by departing employees, as mentioned above, is a solid starting point to ensure that none of the confidential data leave the enterprise premises.

Categories
Blog Device Control USB Sescurity

How to Deploy and Use USB Drives Safely

As the standard media to share all kinds of files with multiple individuals, USB drives are frequently sought by enterprises to streamline their daily operations both in and out of office. However, enterprises sometimes hesitate to put USB drives into actual implementation because the potential risks that arise from not being able to authorize, protect, and manage USB drives easily can outweigh the various advantages that USB drives bring to enterprise work environments. Such risks can negatively impact the confidentiality of enterprise files head-on. Therefore, the decision to implement and use USB drives in enterprises hinges on the availability of USB drive security solutions that deliver enterprise file protection and comprehensive remote management of USB drives.

With Secudrive’s USB drive security solutions can the enterprises deploy USB drives on an enterprise-wide scale safely for employees both in and out of office. The solutions below will help enterprises with protection, authorization, and management of USB drives to ensure that enterprises files remain protected at all times.

  1. Secudrive USB Drives enforce robust protection against both external and internal threats

Implementing enterprise-wide usage of USB drives starts by using the secure USB drives with security measures that protect the stored files from being leaked or breached by not only the external individuals but also insiders. Secudrive USB Drivesprovide such security benefits with the most fundamental AES-256 hardware encryption and TMUSB Anti-Virus against external threats, as well as an innovative integration of digital rights management. Let’s find out how the three measures provide security for enterprises.

USB drives will perhaps spend most of the time outside the office, traveling with confidential data to different places. Thus naturally, USB drives are exposed to external threats like unauthorized access in case of loss or theft, and ransomware infections. Firstly, AES-256 hardware encryption prevents unauthorized file access by adding the primary security layer with keys, which must be set by the administrator. As for ransomware infections that could occur from repetitive USB drive usage on multiple external PCS, TMUSB Anti-Virus will detect, quarantine, and eliminate malware before it causes any harm to enterprise infrastructure after being recovered from usage.

While the two security measures prove to be effective against external threats, the insider threats to file confidentiality still looms large, as it is often overlooked by most of the secure USB drives. Secudrive’s understanding is that the most critical threats to file confidentiality lies ‘after’ the encryption; therefore, Secudrive USB drives go beyond encryption by integrating digital rights management (DRM), which is capable of restricting specific functions like file copy, screen-capturing, printing, and more. With DRM in place, enterprises no longer has to worry about insiders accidentally or maliciously risking the confidentiality of stored files after accessing the USB drives with credentials.

  1. Secudrive Device Control assures tightened control over authorized USB drives on endpoint PCs.

With USB drive security in check, the next step is to ensure that none of the unauthorized or personal USB drives can access the endpoint PCs. Secudrive Device Control is a solution that helps enterprises regulate and monitor the device access to endpoint ports, ensuring that only selected devices, Secudrive USB drives, in this case, are permitted. Enterprises can initially block all endpoint ports from access, and follow by allowing specific ports for access only by selected devices, under close surveillance from start to finish. In the case when an employee needs to access a blocked port for specific tasks, Secudrive Device Control is capable of temporarily ‘unblocking’ certain ports to ensure that work productivity remains uninterrupted.

  1. Secudrive USB Management Server monitors and manages multiple USB drives simultaneously.

If an enterprise is using USB drives in high numbers, negligence of ownership and responsibility that falls upon the users can cause chaos, which can further lead to costly losses and thefts of assets. To avoid such calamity, Secudrive USB Management Server (UMS) provides a centralized platform where multiple USB drives can be managed and monitored conveniently. Enterprises can remotely track, control, and see multiple USB drives real-time with a bird’s eye view for streamlined management and instant response to potentially catastrophic losses and thefts of USB drives. If such events occur, enterprises can lock or wipe the stored files to make sure that stored enterprise files are kept safe from being leaked. Hence, together with comprehensive remote management, UMS extends the degree of security even outside the office.

The three solutions, Secudrive USB Drives, Device Control, and USB Management Server form a perfect security architecture that provides holistic security to enterprises that wish to use USB drives for functional and streamlined daily operations. With three solutions working hand in hand, Secudrive USB Drive Security & Management will ensure granular security against both external and insider threats to file confidentiality, both in and out of office.

Categories
Blog File Server Security

Why is EDRM Difficult for Enterprises?

Why is EDRM Difficult for Enterprises?

For enterprises, file sharing among employees must be integrated with effective security measures to avoid file leakage by internal employees or unauthorized outsiders, whether intentional or accidental. Commonly, encryption has been that key security measure that helped enterprises with secure file sharing; however, it is now considered as insufficient in protecting the files completely. It is critical that multiple and layered security features are put in place, rather than a single layer of encryption. Encryption plays a fundamental role in secure file sharing, but it alone cannot play entire role in secure file sharing.

Achieving the level of security at which most enterprises can feel comfortable and assured while they let employees share confidential files requires encryption and digital rights management (DRM) to protect file confidentiality ‘before and after’ file access. Adopted to enterprise landscape, DRM is often referred to as EDRM or enterprise digital rights management. It has been continuously touted to become the mainstay component in forming the data security architecture for enterprises, due to its ability to protect data on a file level by enforcing detailed and granular restrictions on specific file functionalities that persist even after leaving the secure enterprise premises and being accessed by external individuals.

In theory, EDRM seems like an effective and assured data security solution. However, according to a Gartner report “Market Guide for Information-Centric Endpoint and Mobile Protection,” it has proven to be rather complex for enterprises, regardless of the size and number of employees, to implement and operate EDRM due to the difficulty in scaling EDRM regarding enterprise-wide implementation and operation. Unfortunately, the troublesome complexity downplays the advantages that EDRM brings to enterprises, to the point where they become reluctant in integrating it into their data security architecture.

Modern enterprise landscape is all about data, which are the basis of a countless number of files that are being created, edited, and deleted repeatedly. The nature of operating with a high number of files means that complex EDRM implementation and operation on a file level can be even more challenging. Applying specific and granular controls for file access and usage to individual confidential files is a tough task that requires IT admins to understand EDRM mechanism thoroughly.

To help enterprises easily identify confidential files for selective implementation of EDRM controls, some solutions offer eDiscovery modules that automatically filter out files by matching predefined rules to see if those files contain confidential data. Even though this feature plays a part in streamlining the complex process, the initial stage of determining and defining the rules is just another complex, and even more important task that requires a high level of expertise and lengthy investment of time to get right. All in all, detailed and granular data security controls for confidential files that fall under the predefined rules may seem the right way to go for most enterprises; however, it is simply too complex to do so on a file level in this day and age where employees flooded daily with countless data and files.

Since the EDRM controls are implemented by those who create the files, determining what must be allowed and denied is solely up to the file creators. This may cause the conflict of interest between the two parties, as one party may face hindrance in work productivity. For lessening such complications, EDRM solutions offer adding dynamic controls to grant or revoke more controls to confidential files; however, this action can create a loophole through which confidential files, despite the enforcement of EDRM controls, may be leaked. The complexity that arises from the conflict of interest affects the individuals or groups within not only the same entity but also the external parties, like contractors and agencies with which enterprises cooperate.

File-level data security that persists even after leaving the secure enterprise premise is an appealing proposition of EDRM, and it is perhaps the correct security model that enterprises perhaps should be following. However, the high level of complexity that is apparent from the point of view of both IT admin and file user sides has been making enterprises to think twice before implementing EDRM. Integration of DRM to secure file sharing in and out of enterprises is a must, but doing it more simply and efficiently should be defined to cater to both small and big enterprises.

Categories
Blog USB Sescurity

How to Mitigate Security Risks of USB Drives in Enterprises

Portable, fast, and easy, USB drives have become the household gadget for file and data transfer for the last two decades or so. From USB 1.0 to the newest standard, 3.2, USB drives have undergone tremendous evolution, which provided great functionality and practicality for both personal and enterprise. Especially for the enterprises, USB drives are incredibly functional IT assets, but they involve some risks regarding the confidentiality and security of valuable enterprise data.

  1. Unauthorized USB drives can cause data leakage and management chaos in and out of office.

Employees may use personal USB drives, without permission, to take and use confidential enterprise files in external environments. Therefore, the safekeeping of confidential enterprise files like customer data spreadsheets, financial statements, and engineering blueprints, are under threat of leaving the safe office premises and exposed to unexpected file leakage or tempering. Simply put, confidential enterprise files may end up in wrong places at the wrong time, and the enterprises might not even know such catastrophe has occurred.

Unseen risks associated with corruption, loss, and theft of confidential enterprise files from using unauthorized USB drives in and out of office is one of the biggest reasons why enterprises ditch them, despite the high level of productivity they offer. Therefore, the essential procedure to use USB drives safely in the enterprise environment is to first designate specific, and secure USB drives and their users, in addition to understanding the purpose of using them.

  1. When using USB drives that are unprotected, despite the clear indication of purpose and designated users, safekeeping of confidential enterprise data can still be at risk due to the three big reasons as below.

Lost or stolen USB drives are easily exposed to data leaks if they are found by unauthorized users since they can connect the USB drives to PCs to browse and use, or even leak the stored confidential files. To eliminate the possibility of confidential file leakage from lost or stolen USB drives, enterprises must consider encryption as a fundamental necessity.

Trusted insiders with permission to use authorized USB drivers can be a critical risk factor, despite the enforcement of encryption. They can take the confidential files for personal interests, like monetary gains or corporate espionage, by simply copying or taking the files and contents out of the USB drives. Therefore, enterprises must implement a ‘layered’ USB drive security that protects stored files ‘before and after’ authorized access.

Furthermore, frequent traveling and connection to external, unauthorized PCs may cause USB drives to be infected by malware without warning. Malware can spread itself to enterprise IT infrastructures like servers and endpoint PCs from infected USB drives after being recovered and used in enterprise environment. To use USB drives with minimum hassle, enterprises must consider implementing a trusted anti-virus vaccine that will detect, quarantine, and eliminate malicious codes on USB drives.

  1. Due to the high number of USB drives, enterprises may feel lost in managing the USB drives and their information.

For enterprises, the number of USB drives used may reach up to hundreds or thousands. If so, enterprises will face a difficult task of asset management, which pertains to assignment of the USB drives (which team or group uses which USB). Even though the USB drives have been authorized to be used, negligence of the ownership and responsibility that falls upon the users will contribute to disorganization in enterprises. Furthermore, such information can change as enterprises undergo structural changes in terms of teams and employees. Therefore, for enterprises that wish to operate smoothly with multiple USB drives and minimize disorganization in and out of office, USB drives and their specific information must be managed and even updated on a centralized platform by a dedicated individual.

For personal uses, authorizing, protecting, and managing USB drives may not matter so much. However, for enterprises, it is a completely different story; they simply cannot put their valuable, confidential files at risk by using ordinary USB drives. However, as technologies evolve, so do the capabilities to make sure that enterprises can authorize, protect, and manage USB drives for safe usage in and out of office.

In our next blog, we will discuss the number of security principles and technical measures to implement for comprehensive USB drive usage and management for enterprises.

Categories
Blog File Server Security

The Need for Digital Rights Management in Secure File Sharing

From simple communication to high-profile business development, collaboration among enterprises and employees in the digital sphere is the everyday essentials for work productivity, and in the heart of it lies the frequent sharing of files between internal and external individuals and groups. However, sharing is often not the end, as users will open and edit the files after sharing the files, which can be exposed to unseen threats of breach or leakage. Therefore, sharing files securely, whether in or out of office, is a priority for enterprises to avoid potentially catastrophic consequences.

Secure file sharing is not just one process, but a set of security measures that not only protect file confidentiality but also provide work productivity, both in and out of office. However, the majority of secure file sharing solutions come short in achieving both objectives, because the solutions focus on a model that is centered only around encryption.

Why is encryption insufficient for secure file sharing?

First of all, encryption works when enterprises assume that the trust in their employees and the legal force of documents, such as non-disclosure agreement, is at 100%. However, such an assumption is never guaranteed, and leaving important matter like file confidentiality to chance should never be considered by enterprises. Such claim is even truer when confidential files with valuable data like financials or business development are being priced higher than ever before and sought by other entities.

Secondly, encryption prevents file confidentiality only from those without access keys. It is true that various encryption tactics like a one-time password or two-factor authentication provide an extra layer of security; however, they merely extend outward, meaning that they provide more security ‘before’ file access.

Therefore, secure file sharing must employ digital rights management (DRM) in addition to encryption to protect file confidentiality ‘before and after’ file access.

The possibility of most critical threats to file confidentiality increases ‘after’ encryption, and they are mainly caused by unauthorized or even the trusted insiders with access keys. Moreover, insider threats are harder to detect and deter, as they come unexpectedly and unknowingly. In response, DRM plays an important role by restricting a specific set of functions after file access, which can potentially lead to file leakages, such as file copying, screen-capturing, printing, network-transferring, and more.

DRM is crucial, but it is not there to replace encryption. Therefore, it is important to acknowledge that DRM is added to encryption, rather than replacing it, to protect file confidentiality from both external and internal threat. After all, insider threats accounted for nearly 75 percent of security breach incidents, according to SecurityIntelligence. By going above and beyond encryption with DRM, sharing confidential files can be truly secure from internal and external threats of breach or leakage.

The need for DRM in secure file sharing is evident, as the idea of holistic file security ‘before and after’ access should be prioritized to prevent both external and insider threats. Furthermore, it provides employees to use a wide range of functions within the files’ native application, under the restriction from using a specific set of potentially risky functions like copying, printing, and screen-capturing. Stepping away from read-only or complete access restriction, specific leakage controls of DRM will help enterprises and employees to share, work, and protect their confidential files with ease. Therefore, DRM will prove to be an important factor in making enterprise file sharing to be completely secure and productive, both in and out of office.

Categories
Blog File Server Security

How to Set up A Virtual Data Room

Secudrive File Server is a secure file sharing solution that helps enterprises to establish a collaborative workspace where multiple users can safely access, share, and edit confidential enterprise files, protected with digital rights management (DRM). Relative to the conventional DRM that is on file-level, Secudrive File Server’s folder-level DRM is a unique proposition as it helps enterprises to streamline and scale data security across enterprises.

With DRM as the core component of data security capability, Secudrive File Server can set up a virtual data room (VDR) that provides not only strengthened security but also continuous productivity. Before we get into how Secudrive File Server achieves such capability, let’s learn briefly about VDR.

What is virtual data room (VDR)? Derived from traditional data rooms, where only the selected individuals are given limited access to handle extremely confidential and sensitive documents within the highly secure environment, VDR achieves the same result but on a virtual scale by eliminating the inconvenience and spending due to increased logistical needs for traveling and spaces for individuals. As enterprises and businesses are going digital, VDR is becoming the staple for industries like legal, accounting, investment banking, and private equity.

Setting up VDR with Secudrive File Server involves its three key security features:

  1. Folder-level DRM
  2. Seamless AD integration
  3. Real-time monitoring and logs

Folder-level DRM, as mentioned above, is the core component of Secudrive File Server that makes VDR setup possible. It can restrict unauthorized actions that could lead to accidental or malicious leakage of documents by copying, printing, screen-capturing, and network-transferring. This capability on folder-level means that all documents within DRM-configured shared folders will be restricted altogether. Therefore, administrators can either create new or designate existing shared folders as VDR to store and handle confidential documents. Since all individuals are restricted from committing unauthorized actions to leak any of the documents within DRM-integrated shared folders, enterprises can securely facilitate handling of confidential documents by multiple, authorized individuals. Last not but least, customized watermark printing can be permitted in the case when certain documents need to be printed for specific circumstances.

Folder-level DRM is what differentiates Secudrive File Server VDRs from conventional VDRs as the latter merely provide an extremely limited, read-only environment, which completely overlooks productivity in addition to heightened security. As the DRM integrates to native applications with which the confidential documents are opened and handled, individuals can still benefit from all the capabilities that the native applications offer, minus the actions that could potentially lead to accidental or malicious leakage.

Seamless AD integration means that Secudrive File Server can manage who can or cannot enter certain shared folders, based on the currently existing AD configurations of an enterprise. Managing who is allowed or restricted from entering VDRs is a critical aspect in talking about the security of VDRs. Straight from the management console, Secudrive File Server administrator can grant or revoke access to shared folders that have been designated as VDR with ease.

Real-time monitoring and logs give enterprises the visibility to see every piece of the action of all individuals inside the shared folders that have been designated as VDR. With the real-time visibility in check, enterprises can detect anomalous activities that may signal the leakage intentions, to which they can instantly respond by cutting access to VDR on the spot. Moreover, the visibility extends further by recording all the activities as logs to ensure that document confidentiality remains true even after the tasks in VDRs are complete, as the enterprises or the third-party auditors can review and check for suspected wrongdoings that could have been missed.

Secudrive File Server’s unique stance on confidential data security enables enterprises to set up VDRs where only the selected individuals can enter to handle confidential documents. The real benefit lies in the swift and smooth designation of shared folders as VDRs, as existing enterprise AD and folder settings can be configured straight from the management console. This benefit will certainly cut time to explore, and costs to the additional purchase of conventional VDR solution, which offer an only read-only environment that lacks the productivity aspect. With Secudrive File Server’s DRM, enterprises can benefit from trusted document security in an environment where unauthorized copying is denied, while necessary editing can be permitted.

Please visit Secudrive File Server product page for more information!

Categories
Blog File Server Security Insider threats USB Sescurity

An Economical and Effective Data Protection Tailored to Small and Medium-sized Businesses (SMBs)

Data breach threats are growing exponentially; even the small and medium-sized businesses (SMBs) are now in danger, and are most likely to suffer more than the big enterprises. According to UPS Capital, “60% of smaller businesses are out of business within six months of suffering a cyberattack.” Despite the potential catastrophe due to data breaches, preventing it is challenging for the SMBs. First of all, SMBs have relatively less budget and resources for investment. Second, they do not consider themselves as the targets of data breaches, despite the tendency that cybercriminals tend to take the path of least resistance. Simply put, SMBs are left unaware of and vulnerable to data breach threats that can sink businesses outright in extreme cases.

Due to the ever-growing number of data breach threats, we see a variety of enterprise-targeted, complex solutions like data loss prevention (DLP), enterprise digital rights management (EDRM), user and entity behavior analysis (UEBA), and virtual desktop infrastructure (VDI). Unfortunately, it is extremely difficult for SMBs to implement these types of solutions due to high cost and resource requirements for purchase, deployment, and operation. Having found the demand for solutions tailored for SMBs, some solutions vendors provide similar solutions that are less expensive. However, these solutions are still complex to operate and requires dedicated personnel to manage them effectively. Therefore, SMBs need a new concept of data protection with appropriate practices, which will suit their limited budget and resources.

Practice 1) Treating all relevant data and files as one entity, rather than classifying them by the degree of importance or confidentiality
Understanding this practice is the primary goal to set up cost-effective data protection for the SMBs, as all relevant data, whether confidential or not, is unstructured. This means that all relevant data resides anywhere in the files that are being used daily at multiple endpoints. Therefore, SMBs must first consolidate all its data into a system of data repositories, which require physical and network isolation to prevent physical harm and Internet-based threats, respectively. It is all about reducing the number of exit points from which confidential data can be leaked since SMBs will only have to protect data repositories, rather than tens and hundreds of endpoint PCs.

Practice 2) Protecting consolidated data with solutions that provide not only simple operation but also continued productivity for both administrators and employees
Limited resources for SMBs mean that they have less leeway in hiring or assigning time and personnel to implement and manage solutions on a regular basis. Therefore, quick and easy implementation, along with thorough training for operation is important for the administrator. For employees, the solutions must not interfere them from sharing and working with the protected data and files. If the data protection solution goes as far as hindering business productivity of the employees, it may cause more discomfort than the sense of relief.

Practice 3) Acknowledging that data breach threats arise from both inside and out
Data breach threats are no longer about outside-in; according to IBM, 60% of attacks are carried out by those who have insider access. Effective data protection is all about considering both inside and out; threats like hackers, phishing, and ransomware are from outside, while inside threats include malicious and accidental data leaks by the employees. It is crucial that all relevant data is protected while in use, and in motion by regulating what each employee can do and by monitoring what is happening at file and user level.

Naturally, SMBs have less freedom of budget and resources to run their businesses efficiently, and this constraint makes it difficult to find the right ways to protect their data from being breached by ever-growing threats from both inside and out. Blending data consolidation and protection helps SMBs to achieve the primary stage of complete data protection effectively and efficiently. With added protection against data breach from inside and out, SMBs can cap off the implementation and operation of data protection that delivers cost-efficiency and effectiveness to suit their limited budget and resources.

To learn how Secudrive solutions help SMBs protect their important data from being breached from internal and external threats, please read our next blog!

Categories
Blog File Server Security Insider threats USB Sescurity

3 Reasons Why Data Breach is a Difficult Challenge for Most Small and Medium-sized Businesses (SMBs)

Data breach is causing a lot of headaches among global businesses, and it does not seem to slow down anytime soon. In the US alone, businesses and customers suffered 1,120 total breaches and more than 171 million record exposures during the first 10 months of 2017, according to Identity Theft Resource Center (ITRC). Furthermore, its impact is growing as the average cost of a data breach in 2017 has been reported to be $3.62M globally and $7.35M in the US, according to 2017 Ponemon Cost of Data Breach Study.

These numbers may reflect only the reality that big enterprises face; however, to small and medium-sized businesses (SMBs), data breach is a threat that is just as clear and present. In 2016, Symantec’s Internet Security Threat Report reported that43% of data breaches were targeted at SMBs.

Data Breaches Hit SMBs Harder!

Data breaches cause SMBs the financial, reputational, and other organizational damages. A report by Kaspersky Lab shows that average cost of a data breach for SMBs was measured at $117,000 per incident, while more potent and targeted breach cost SMBs $188,000 on average. Some of the key spendings on damage control were as below.

  1. Hiring professional experts and preparing employee training programs
  2. Lost customers or business
  3. Lowered credit rating and increased insurance premiums
  4. Software and infrastructure improvement
  5. Brand image reparation and customer compensation

Monetary loss or business setbacks like above may not be the end of what data breaches can inflict the SMBs; data breaches can lead to business bankruptcy as SMBs are most likely to be lacking in the capital and resources to handle such impact. To According to UPS Capital, “60% of smaller businesses are out of business within six months of suffering a cyberattack.”

Why Do SMBs Suffer More?

SMB owners already have more than enough responsibilities to drive their business forward with limited capital and resources, and this puts data security in a less prioritized position, where it gets either neglected or overlooked without any seriousness. SMB owners and employees are generally unaware of the current state and potential damage of data breach; therefore, they naturally become good, naïve targets of opportunity for the cyber criminals, whether they are inside or outside the organization. This lack of awareness ties closely into the nature of data breach, being not only malicious but also accidental, as most breaches are in fact, caused by mistakes like negligent employees mishandling security configurations or employees clicking wrong links online. Not only that, the limitation of capital and resources will lead to difficulty in covering the costs of implementation of technical measures and damage control. The absence of technical measures undoubtedly puts SMBs in a vulnerable position, which is exposed to data breach threats from various fronts.

Say that SMBs were familiar with and prepared for data breaches, the measures which they implemented can turn out to be insufficient as security gaps can unexpectedly emerge, opened to exploitation by data breach threats. This issue can be considered as a by-product of current trend of data security industry that is focusing on providing enterprise-grade security that demands high investment, dedicated IT resources, and complex configurations. Thus, SMBs are finding it difficult to find the right solutions that will meet their specific requirements, and they are left to settle for cost-effective alternatives that are less capable.

If you, as an SMB owner, have experienced or are worried about data breaches, the important thing is to start seriously considering the potential risks now, and not after the damage has been done. With lack of awareness, capital, and resources, SMBs can be left unsure on “how and what” to do to prevent data breaches. Head to our next blog to learn how SMBs can establish their data security against data breach threats from outsiders and insiders.

Categories
Blog USB Copy Protection

[USB Copy Protection] Secure content delivery on USB drives with copy-protection

Distribution of valuable contents like intellectual properties, marketing materials, and educational publications brings the content producers to decide on the appropriate media with trusted security to prevent unauthorized copying or redistribution. Notably, CD/DVDs were once popular for its low-cost advantage; however, they are now considered obsolete due to its vulnerability to piracy and relatively low storage. Thus came the USB drives that provided portability and practicality with decreased size and increased storage space, respectively. Furthermore, they can be made to protect the stored contents from inside and out, satisfying the needs for trusted security that CD/DVDs lacked.

Secudrive USB Copy Protection (UCP) Basic satisfies the needs of those who wish to distribute their valuable contents without having to worry about unauthorized content copying and redistribution. UCP Basic operates by converting ordinary USB drives into secure USB drives with security policies, file encryption, digital rights management, and application whitelisting. Firstly, UCP Basic creates specific security policies with a wide selection of configurations as below:

  1. Password settings and complexity rules
  2. USB drive usage period
  3. Maximum logins allowed
  4. Maximum offline logins allowed
  5. Automatic USB drive lock/wipe after maximum incorrect password entries, usage period, and logins

Security policies created by these configurations act as the first layer of security that restrict the outsiders’ attempts to access the stored contents after unfortunate losses or thefts. Furthermore, the automatic USB drive lock/wipe feature after maximum usage period and logins give the producers to maintain the exclusivity of their contents.

UCP Basic encrypts all the stored contents and information, making sure that it is protected from start to finish, at the core. Once encrypted, all the activities regarding the stored contents must be performed within the secure USB drives produced by UCP Basic. The significance of this security feature is the ability to render the contents inaccessible and unusable outside the USB drives.

Secure USB drives made by UCP are equipped with digital rights management (DRM) that restricts the users from unauthorized file copy, clipboard copy, print, screen-capture, and network-transfer. It is the core element in security against accidental or malicious insider threats, as it protects the data from being leaked out while in use. The innovative integration of DRM into the secure USB drives made by UCP provides the practicality, as well as the trusted protection against leakage by the insiders.

To ensure that the possibilities of security bypass are eliminated, UCP provides application whitelisting that allows the producers to designate certain applications to be run on the USB drives. It prevents non-whitelisted applications from being installed and run on the USB drives to protect the contents from being harmed by external cyber threats like ransomware.

Understanding the needs of different content producers, the advanced Secudrive UCP+ introduces remote update feature along with all security features of UCP Basic as previously mentioned. This feature is ideal for those who wish to update their contents regularly and USB drive security policies without having to recollect the distributed USB drives from the users. With a few clicks and configurations, UCP+ remote update provides cost efficiency and additional security for content distribution and the USB drives, respectively. Compared to ordinary USB drives or CD/DVDs, secure USB drives with remote management helps achieve cost efficiency as content producers can eliminate extra USB drive production, and shipping duties from and to the USB drive users. As for security, the remote update takes it the extra mile as the producers can reset or renew the security policies if they suspect or confirm that the existing policies have been compromised. Furthermore, content producers can remotely lock or wipe the USB drives. In other words, the remote update feature gives the producers the ability to remain in control of the stored contents, even after the USB drives are distributed to the users.

Secudrive UCP Basic produces secure USB drives on which content producers can store their works for distribution. A wide range of security features guides the producers to set up and apply extensive and persistent security policies that protect the stored contents. UCP+’s remote update achieves cost efficiency when distributing the contents that require regular or occasional renewal, in addition to additional security measures that will help content producers to respond to potential content violations, even when the USB drives are out of the hands of content producers.

Please visit Secudrive UCP product page to discover more about USB Copy Protection and its features!

Categories
Blog Data Erasure Device Control File Server Security USB Sescurity

[General Data Protection Regulation ④] How to Comply with GDPR

Secudrive recognizes the GDPR as a welcoming and progressive leap to protect the rights and freedom of all EU citizens with the new laws for comprehensive personal data protection, and an exciting opportunity for us to solidify our commitment to what we do best: providing reliable data security solutions for businesses and organizations.

The GDPR requires global organizations to comply with its organizational and technological requirements if or to process personal data of any EU citizen. Organizational requirements are considered as clear-cut, as they pertain to appointing the right people for the right positions, such as Data Protection Officers (DPO), and educating the employees and external personnel about the GDPR and the rights of the EU citizens. On the other hand, meeting technological requirements are rather obscure and difficult, as organizations are now flooded with numerous data security solutions in the market and simply unsure where to begin. To guide the organizations to an effective shortcut to comply with the GDPR, Secudrive provides a lineup of four data security solutions.

  1. Secudrive File Server
  2. Secudrive Device Control
  3. Secudrive USB drive solutions
  4. Secudrive Drive Eraser

It is critical to protect the confidential data in storage, and even while being processed by individuals. As mentioned in the previous blog, organizations can consider typical solutions like data loss prevention (DLP), enterprise digital rights management (EDRM), and virtual desktop infrastructure (VDI). These solutions promise to be effective in protecting your personal data, but are considerably challenging to implement and manage without professional consultants or qualified data security managers. Big, rich organizations may feel indifferent to these potential barriers, but SMBs with limited capital and human resources may look for other solutions that are as comprehensive and straightforward.

Secudrive File Server is a data loss prevention (DLP) solution for file servers, equipped with digital rights management (DRM) and application whitelisting to prevent internal data leaks and external cyber attacks, respectively. As file servers serve as a popular form of repository for confidential and unstructured data like personal data, organizations must consider some of the key security principles like network separation, encryption, anti-virus solutions, and backup. However, insider threat prevention must also be considered as confidential data is most exposed to data leakage when it is being processed. With Secudrive File Server, users are configured with different DRM policies, which can restrict them from unauthorized copy, print, screen-capture, and network-transfer; therefore, all personal data that are either in storage or processing will be prevented from accidental or malicious leaks. Against external cyber attacks like ransomware, application whitelisting prevents unauthorized applications or even malicious malware from being installed and run on the file servers to protect the personal data from harm. For visibility across an organization, Secudrive File Server provides logging of all file and user activities for real-time monitoring and future audits. It also provides security for personal data in motion, as its secure audited copy protocol (SACP) allows users to first encrypt the files for export, transport them in Secudrive USB drives, and decrypt later for access within Secudrive File Server environment.

Secudrive Device Control prevents internal data leaks by regulating the access of various ports such as USB, Wi-Fi, LAN, and IEE 1394, and monitors all activities regarding storages devices like USB drives, external hard drives, and smartphones that are connected to endpoint PCs. Among various ports, it is crucial to regulate the ports to storage devices, as data leaks through storage devices do not leave traces for the organizations to investigate and identify the wrongdoers. Therefore, organizations must either completely restrict or temporarily permit these ports for access. Secudrive Device Control achieves this with an added security feature of real-time monitoring in case of temporary USB port permission.  However, what if it is unavoidable for an organization to use USB drives, and simply restricting USB ports is no longer a viable option? Organizations can consider permitting only the designated USB drives with reliable security features like password encryption, file activity logging, and remote management.

Secudrive USB drive solutions provide a system that helps organizations securely manage the storage and transportation of personal data while being protected from accidental or malicious leaks even outside secure office premises. First, Secudrive USB drives are well-equipped against losses and thefts, the two most common human occurrences during data transport. Furthermore, Secudrive USB drives provide visibility as it records all file activities as logs for future audits. For the organizations that wish to manage multiple Secudrive USB drives simultaneously, Secudrive USB Management Server(UMS)  provides management of monitoring of multiple USB drives in real-time and even lock or wipe them remotely through a centralized console. With UMS,  organizations have the liberty to manage thousands of Secudrive USB drives and security policies remotely and respond to thefts and losses as swiftly as possible.

Lastly, Secudrive Drive Eraser provides assured and cost-effective data wiping for organizations. The caveat here lies in the danger of potential data leakage through recovery, even after deleting the stored data beforehand. Not only that, PC disposal is often performed by specialized facilities outside the office, and this leaves in doubt the danger of data leakage through loss or theft while en route. Secudrive Drive Eraser eliminates this danger by allowing the organizations to wipe the data on the PCs within the secure, on-site premises, and even to ‘recycle’ them to help cut costs. Furthermore, it provides extraterritoriality with the ability to distribute the solution to the PCs via online, wipe the PCs, and monitor the entire process remotely from a centralized location. Last but not least, Secudrive Sanitizer boasts effortless data wiping for any organizations as it performs with only a few clicks, even while operating systems are running.

The GDPR is out to achieve a common goal across the EU, but organizations of all sizes and industries are considering the Regulation a varying level of difficulty and different perspectives. As a data security solutions provider, Secudrive considers it as an exciting opportunity to provide a reliable blend of data security solutions that are comprehensive and straightforward. With Secudrive Device Control, organizations can ensure that untraceable data leaks through storage devices are restricted at the endpoints. Meanwhile, Secudrive File Server protects the confidential data directly from where it is stored by enforcing user-specific DRM policies for insider threats and application whitelisting for external attacks. When organizations require transporting their personal data outside the secure office premises, Secudrive USB Drive Solutions provide on which the personal data can be stored and protected from leakage with hardware encryption, DRM, and remote management. Finally, Secudrive Sanitizer helps organizations to ensure that personal data are deleted and rendered unrecoverable before disposing of the PCs. With our solutions lineup, will be well-prepared to carry on their operations without having to worry about where and how to begin their action plan for GDPR compliance.

Blog Posts in this Series:
① The GDPR Summary: The 5 Key Points
② Checklist for the Organizations to Comply with the GDPR
③ Data Protection by Design and by Default: Technological Measures
→ How to Comply with GDPR