understand risk in communications and data breach
DESCRIPTION
Secure communications whether you are sending a confidential message or a file with sensitive or proprietary information is necessary for users. IT needs to ensure that confidential business information is safe from data breaches and the negative effects a breach can have on your business’s reputation. Additionally, most businesses must comply with federal and industry regulations. You must maintain compliance with all mandates whether corporate, federal or industry-specific.TRANSCRIPT
Protect Your Customers and Your Business with Secure Business Communications
Jon Gatrell
VP, Product Management
12.16.2009
Business Risks and Realities• Communication requirements growing• Confidential communications
requirements• Complexity is growing• Compliance is critical
3
IT Realities•Users have to collaborate•Global Infrastructures•Too many tools•Limited Control
`Breaches happen everyday – 11.16.2009
FTP alone is not a viable option to give you the insight, security and performance and, ultimately, the risk mitigation necessary to responsibly conduct business.
Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of e-mail that passes through.
Another take on email privacy…
In personal email communications, there has always been, and always should be, an expectation of privacy between the sender and the intended recipients of a message, enabling open communication with friends, colleagues, family, and others…..
Let's be clear: there are issues with email privacy, and most of these issues are common to all email providers. The main issue is that the contents of your messages are stored on mail servers for some period of time; there is always a danger that these messages can be obtained and used for purposes that may harm you, such as possible misuse of your information…
Understanding the scale of data breaches
85% of businesses have had a data security breach
46% of businesses failed to implement encryption solutions even after suffering a data breach!
Source: Ponemon Institute
9
The Impact to Businesses
74% report loss of customers.
59% faced potential litigation.
33% faced potential fines. 32% experienced a decline
in share value
Source: Ponemon Institute, LLC
Number of Data Records Lost
It’s just money….
It happens to the best of us…
Yale has experienced 600 recorded security incidents in the previous 12 months (2008-2009), costing an estimated $200,000 to remediate
• HIPAA• Requires that companies prove that only the intended
recipients received the information and that it was secure
• Safe Harbor Directive• Protecting personal information and transfer
• GLBA• Requires organizations ensure the security and
confidentiality of customer records and information
• SOX• Requires auditable business processes
• E-Invoicing• Long term electronic retention and digital signatures
Governmental Requirements
“A member in public practice shall not disclose any confidential client information without the specific consent of the client.”
It’s not just government, it’s also professional standards
AICPA Code of Professional Conduct - Rule 301
Be concerned about all of these items
• Employee information• Employee Performance Data• Employee Disciplinary Data• Staff Employment Data
• Department Business Data • Credit Card/Purchasing Cards• Customer Information
• Procurement• Vendor Information• Quotes
252,474,509 people affected since 1/15/05
Best Practices to Avoid Exposure
• Use end-to-end encrypted communications
• Track all messages and confirmed who received it
• Manage user profiles, access and groups memberships
18
19
Know who received what messages and files
Historical and Real-Time Visibility into Messaging
Manage Users and their access
Proactively Manage groups and understand their activity
Productivity & Privacy
Financial information
Board of directors or just internally
Customer records and files
No matter what size
28
Do you retain PHI?
Security inside and outside required
Supporting your customers
Confidential environment and operational data is exchanged
31
Access and Controls
The right systems, the right platforms, the people and the right partners
The Benefits of an Easy to Use Secure Communications
Improved Service Levels Quicker cycle times
Improved compliance Corporate (Internal controls/audits, security, sustainability) Governmental (SOX, Basel II, HIPAA…)
Security Enforcement Process level governance Content and session encryption
Improved visibility and control Process status Exceptions Transactions and Trends
Easy to use Ability to deploy quickly Auditing, Security and
Reporting Privacy for confidential
communications Support large files Protect mobile content
Your solution must…
THANKS!
www.scribbos.com www.stonebranch.com managedfiletransfer.wordpress.com
Secure Communications:Enterprise Automation:
MFT Blog: