The crisis generated by covid-19 has forced teleworking to be implemented almost completely throughout the business fabric. This new system, in which employees have moved their office home, has brought many benefits, but also carries the odd risk of vital importance to companies. One of them is undoubtedly the greatest possibility of information leakage and loss, one of the greatest assets for any corporation. Data, knowledge and design or patents are invaluable for companies, presenting themselves as the basis of business and the main weapon to gain and maintain competitiveness in the market. Only a minimal leakage of this information can lead to losses of millions of euros and put the future and credibility of a company on hold, as well as putting all its customers at risk and vulnerability, as has happened in the recent case of EasyJet airline. In some cases, it has even led to bankruptcy and final closure.
The current situation, with millions of workers operating from home and immersed in a huge job uncertainty, translates into an unsafe behavior of a user outside the comfort environment of the company, trying to adapt to the new telematic means with which he now carries out his work. .
An open field for new cyber attacks targeting this new condition. The most effective strategy is to protect data and information, in the different states in which it may be found, wherever it resides, be handled in any way and by the most diverse means. This point, in addition, is mandatory, as required by both the Organic Law on Protection of Personal Data (LOPD) and the new European regulation RDGP, which provides penalties of up to 4% of billing for companies that violate the regulations.
Three types of users based on intent
Information protection requires companies to allocate a risk-aligned budget, now triggered, and identify users. It is necessary to be aware that there are different profiles depending on the intention. The most common practice is that the loss of data is caused by those called users accidental, 68% of the Security budget is usually assigned in control measures. In these cases, there is no bad intention on the part of the workers, but due to poor configuration, ignorance or malpractice, they usually carry out activities that are not allowed by the company. There are also committed users, which are usually the most mature scenarios in terms of measures implemented and, therefore, where the least budget is dedicated, only 10%, since, in addition, it is very common for the solutions deployed on the network to cover almost all of the threats.
Here, ignorance can lead employees to be in a position to cause an incident due to being compromised by an external attack. Finally, there are the malicious users, those who will try to take advantage of the knowledge of the environment and the existing controls to carry out non-legal activities with the resources and information of the company. They can affect the core of the corporation and the most critical assets and are the most difficult cases to identify, especially if there is no prior analysis of worker behavior and actions. The companies dedicate 22% of the budget to them in terms of security, but the effectiveness of the measures is seriously lacking.
The present scenario means that the measures implemented are no longer sufficient. None of them prevents the dissemination of information that we can access or that, by mistake, falls into the wrong hands. For this reason, IECISA is committed to the implementation of Forcepoint, a technological solution that allows companies to protect the entire life cycle of said information and data and whose portfolio offers a set of market-leading security solutions. The vision of this tool is risk management resulting from the analysis of user behavior and having technological solutions that dynamically adapt the security policy to the reality of the risk posed by the worker at any given moment.
Control of channels and documents
Forcepoint DLP allows you to control all the channels through which a user has the ability to exfiltrate information to a secure or unwanted medium. “We protect email, navigation, messaging applications, that certain information can be printed or not, that activities can be carried out in the cloud application such as: upload, download, share sensitive information with external addresses, etc. among many other activities. In addition, we apply visibility and control when sensitive information stored in our cloud application is accessed, even when it is an unmanaged or non-corporate team, ”they explain from IECISA.
The native integration of Forcepoint DLP and Forcepoint CASB solutions lets you ensure that every document that is uploaded or downloaded from Office 365 does not violate the corporate data loss prevention policy. It is managed and administered from a single centralized console, through which you can access reports and reports of incidents related to information leakage. “What incidents have happened, the action taken, on which transmission channel has been identified, what type of incidents pose the greatest risk to my organization, and from the same platform, take the necessary mitigation actions. Of course, keeping all the records and forensic evidence that each incident may require ”, they expose from IECISA, where they guarantee that the information is discovered and protected in its three possible states: at rest, in motion and in use.
To close the circle of Data Protection it is necessary to identify three phases: before, during and after. Forcepoint’s Dynamic Data Protection allows us to monitor user activities and the associated risk at all times, understand what they were doing before the incident and what the usual profile of behavior is; in the during, Forcepoint DLP and Forcepoint CASB provides the discovery, protection and governance of information in all its phases; and, for later, Forcepoint integrates with the solutions most demanded by clients such as Microsoft Azure IP, Boldon James, Sealpath, etc. They classify and protect files with a series of permissions that travel with the document, even when leaving the company, allowing control of the document even when it is in possession of an external receiver outside the business.