Digital Guardian Issues State-by-State Data Breach Law Guide And Remote Worker Cybersecurity Tips

September 12, 2018
data breach guide cybersecurity

A leading security company is making it easier for businesses and cities to navigate data breach laws across the country, while offering cybersecurity strategies for companies and organizations which rely on a remote workforce. Digital Guardian has created an in-depth state-by-state guide to U.S. data breach laws. Additionally, the Waltham, MA-based company recently issued an overview of best practices for securing a remote workforce.

In the company’s “Definitive Guide to State-by-State Data Breach Laws," the update offers an infographic, notification requirements, penalties for violations and pending legislation, and other valuable facts and figures. Aware that navigating data breach laws can get confusing, the company’s guide has been established to help companies, as well as state and city security teams, steer their way through U.S. data breach laws.

All 50 states have enacted their own set of laws, some stricter than others. As noted in the report’s summary, “These laws typically define what is classified as personally identifiable information in each state, entities required to comply, what specifically constitutes a breach, the timing and method of notice required to individuals and regulatory agencies, and consumer credit reporting agencies, and any exemptions that apply, such as exemptions for encrypted data.” The summary further noted, “Entities that conduct business in any state must be familiar with not only federal regulations, but also individual state laws that apply to any agency or entity that collects, stores, or processes data pertaining to residents in that state. While the laws in many states share some core similarities, state legislators have worked to pass laws that best protect the interests of consumers in their respective states.” 

Data breach laws require private entities or government agencies to notify individuals who have been impacted by security breaches that may compromise their personally identifiable information, noted the company. While the laws in many states share some core similarities, state legislators have worked to pass laws that best protect the interests of consumers in their respective states. As a result, some states have much more stringent laws or more severe penalties for violations.

As the company sees it, a data loss program that is limited to protecting data from well-meaning or malicious insiders is no longer sufficient. As the demand within enterprises continues to grow, so, too, does the variety of threats challenging a security team, asserts the security firm. Safeguarding sensitive data from all threats has ushered in “a new dawn for law prevention,” that requires vigorous solutions. Its creation of the comprehensive state-by-state guide is intended to support the development of those needed solutions, and help teams meet current-day security issues.

Remote Workforce Security Tips

With more companies working with geographically distributed teams today, more employees are working remotely than ever before, noted Digital Guardian in its latest update. The company, based in Waltham, MA, has offices in the Washington, DC area (Reston, VA), Santa Clara, CA, Lehi, UT, Europe (United Kingdom), Japan (Tokyo) and India, and works with clients across the globe on best practices.

Looking to help the growing number of companies which have a portion of their workforce contributing remotely, the cybersecurity firm is reaching out to share top tips. The company tapped nearly 20 security experts and issued a summary of best practices for securing a remote workplace on a September 6 DataInsider blog. Because employees are not physically working on-site, they're often relying on their own Wi-Fi networks and devices to access company data. To mitigate security risks, companies must implement clear and comprehensive policies and take proactive measures to ensure the safety and integrity of company data. To gain some insight into the strategies and best practices today's companies can implement for adequate security when working with remote team members, Digital Guardian reached out to a panel of security professionals and asked them to identify the best practices for securing a remote workforce.

One of those professionals offering insight was one of Digital Guardian’s own. Tim Bandos, CISSP, CISA is Vice President of Cybersecurity at Digital Guardian. He has over 15 years of experience in the cybersecurity realm with a heavy focus on internal controls, incident response, and threat intelligence. According to Bandos, some of the best ways include implementing a telework policy, implementing secure remote connectivity, and installing endpoint security. Bandos offered the following guidelines. “Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy around it. This policy should outline what’s acceptable in the form of remote access, how data is handled, what level of authorizations are available, etc. Risk-based decisions can be made here also depending on the types of devices being used for teleworking (ie. Company Issued, Personal Laptop/Mobile etc.). More stringent controls should be in place for devices that aren’t issued specifically by the company. Additionally, offers Bandos, “Any connections made to the company should be performed through a VPN (Virtual Private Network) which either leverages SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote teleworker’s machine; depending on various requirements. This both safeguards the end user along with the corporate environment to ensure no pesky adversaries are snooping in-between.” Lastly, he added, “Installing an endpoint agent(s) with the ability to perform data protection and malware protection will provide greater assurance into securing the endpoint especially if corporate data is allowed to reside on the machine.”

Insight into securing remote workplaces was also offered by Keri Lindenmuth, marketing manager at the Kyle David Group. The company, KDG, has been helping businesses improve their processes, their customer experience, and their growth for more than 17 years. As Lindenmuth sees it, one of the best practices to implement for remote workforce security is using a VPN.

She writes that “A VPN encrypts data in transfer, allowing personal and confidential data to tunnel from one device to the next, away from prying eyes.” If a business decides to go with a VPN, they should ensure the VPN is from a reputable company that doesn't keep a log of a business's activity, she added, noting, “If they do, your data may be at risk of being sold to a third-party. Also, businesses should be aware that remote workers connecting to networks with a VPN may experience slower internet speeds. However, this is a small price to pay for the peace of mind that data is secure.”

Digital Guardian provides threat aware data protection platform that is purpose built to stop data theft from both insider threats and external adversaries. According to the company, the Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, making it easier to see and block all threats to sensitive information, as noted on the company’s website. According to the company, for almost 15 years it has been enabling data-rich organizations to protect their most valuable assets with a choice of on premises, SaaS or managed service deployment. Digital Guardian’s unique data awareness combined with behavioral threat detection and response, enables its users to protect data without slowing the pace of business. 

Overlay Init

Curated By Logo