A few weeks ago, we conducted a mini-webinar series on Managing Security for eDiscovery with Modus Discovery CIO John Crites. We’ve been breaking down the information shared during that webinar in our blog ever since. In this week’s blog, part 3 in a series, we cover The Reality Gap – the gap that exists between the perception of security and the reality of it.
Picture yourself in court. Your company has just experienced a data breach. Somebody has stolen personal information and you’re being sued for it. You’re in front of a jury of your peers, and more critically, you’re in front of a jury of your clients and your customers in the court of public opinion. What are you going to tell them about the security in your company? Are you going to tell them that you were told everything was secure and locked down? Or are you going to be able to tell them that you understood the risks and went through an organized process like an ISO review or an organized audit? If you must stand in front of a judge you want to tell the story that you knew what was going on and you were taking appropriate actions.
One typical gap is lies between a company’s policy – and their ability to enforce it. Many companies have written policies, but in reality, information is flying out the door. It’s going out through emails. It is being downloaded to iPhones. It’s getting onto thumb drives. There is a difference between having a policy and what is actually going on in your company.
Another gap is firewalls. Many people have a misconception that if firewalls are in place, nothing more is needed. Nothing could be farther from the truth. There are a lot of different ways around firewalls. In the recorded webinar, we discuss some of the ways hackers can get around firewalls.
There is also a gap in the segregation of responsibility. Every company needs a segregation between the people developing software and the people managing security. A software developer’s priority is to create a new function, and to get it out to the production environment. Security, on the other hand, should be able to control when new software is released based on whether it contains a security threat.
Those are the key gaps that we typically find. You should know your gaps. You will never close all your gaps, but you need to be aware of where they are. Do an organized assessment of the organization, know your gaps and manage the appropriately.
In the recorded webinar, you will also learn:
- Software that will help alert users to potential data breaches
- Ways hackers can get around firewalls
To watch Part Three of the mini-webinar series, click here now.