Low Tech Data Leakage Protection

Analysis and Commentary, Broadcast

Low Tech Data Leakage Protection

1 Comment 31 May 2011

Simple Ideas For Protecting Against Data Leakage

On the last (ISC)2 ThinkT@nk Roundtable webcast (link to the archive is below), I had the good fortune to moderate a very interesting panel about low tech methods for securing your data. Our panelists ranged from the academic to the pragmatist.

What I found most exciting about the event was the sheer number of ideas being offered by the audience members. While I usually have little trouble keeping up with audience questions during these types of events, we had over 400 people in attendance and the ideas were coming at me so fast that we ran out time before getting to all of them. I want to take a minute to share more of what was going on “behind the scenes” and see if this sort of recap is useful to you. Let’s keep the discussion going. Just add your own ideas and thoughts on the roundtable in the comments section below.

  1. Being a supporter of the (ISC)2 Security Leadership Program, and the sponsor of this event, it was no surprise that 3M’s privacy filters were discussed as a means of guarding against “shoulder surfing”. These filters are now available for just about every mobile device on the market now and seem like a good starting point.
  2. Within just a few minutes of the call, Robert Curee from Rite-Solutions, Inc. brought up another obvious choice: laptop cable locks. I can’t even count the number of times someone at a coffee shop has asked me to keep an eye on their new MacBook while they scurried off to the bathroom. This just seems like a no-brainer for the mobile worker.
  3. Martin Linda, from Siemens, then quickly added that they issue laptop bags that don’t look so much like laptop bags. Being able to hide the fact that you are even carrying a mobile device, makes you less likely to be targeted. He went on to add that at Siemens, they issue backpacks and other alternatives to traditional laptop bags with each new laptop going out.
  4. Just a couple of minutes later, Jospeh Valinotti of Valador piped up that he encourages larger bags for travelers so that they put their personal affects in with their laptops. His theory being that this helps raise awareness because the user is also thinking about their own “stuff”, not just company assets.
  5. In a spark of creativity, David Nelson from the FDIC started attaching a small cat bell to his own laptop bag. This simple idea let’s him know when his bag is being  tampered with, even when out of sight such as when going through airport security.

These first few items seem like an easy way to mitigate data theft, but the questions soon shifted toward how to implement these and other controls. Here are some of the key items we captured on the discussion.

  • For physical security controls, such as cable locks and laptop bags, integrate with the purchasing department to ensure that every new mobile device getting released to the field comes with these basic protections.
  • Train your users on the proper use of these tools and direct them to your company policy regarding their responsibility for protecting company assets, both physical and ephemeral.
  • Not only should you reach out to purchasing, but while we were on the topic of policies, Larry Chu from RS Investments reminded us of the need to include HR in the policy making decision. Especially if you use language around penalties the user could face, such as termination.
  • While we are on the topic of HR enforcement of policies, Petr McAllister mentioned a policy of “lose your laptop, lose your job” that he recalled from the CSO of Visa who imparted these words of wisdom at RSA back in 2007 or 2008 (if anyone has a link to the presentation, please send it along).

Keep the ideas coming, we had a great discussion and some of the comments on the live were very encouraging.

Very interesting discussion with a variety of relevant viewpoints

Learned a lot of new ideas to help me in preventing mobile data breaches.

Good presentation. Covered a wide range of issues and potential solutions.

Jam-packed with practical real-world tips, this was an excellent presentation!

In case you wanted to watch it again, or pass it along to your colleagues, the archived event is below.

Continue Reading

(ISC)2 Secure Metro New York

Analysis and Commentary, Field Notes and Research, Newsflashes

(ISC)2 Secure Metro New York

No Comments 04 May 2011

The CISO/CPO Partnership: Addressing Online Risks

Brightfly is pleased to announce that Managing Director of Research, Brandon Dunlap will be presenting at this exciting event brought to you jointly by (ISC)² and the International Association of Privacy Professionals (IAPP) on May 10th, 2011.

This event promises to be a day packed full of discussions on common threats and risks to online security and privacy.

In addition to Brightfly’s perspective on building “Guardrails on the Road to the Cloud”, you’ll also  hear from leading members of the security community as they address recent developments across a number of areas that include mobile communications and social media with a focus on effective techniques for ensuring online security and privacy.

This event will be held at the Sheraton Newark Airport:

128 Frontage Road
Newark, NJ
07114 

Like all Security Leadership Series events, this is a free member benefit (only $99 for non-members) and is a fantastic opportunity to connect with your peers from the metro area. 

A special thanks goes out to all of the sponsors who make this valuable learning experience possible through their continued support and contributions.

Just click the button below to register for the event. Hurry, they fill up quickly!

Register Here


Twitterstream

© 2011 Brightfly, Inc.

Powered by You, the Community.