Skip to content

Linkedin group for partners? Let us know what you think!

In order to provide our partners consistent support and guidance and to give them a platform for discussing and sharing, we have decided to set up a dedicated Linkedin group. This group is for our partners, distributors and resellers, so they can exchange their best practices, discuss their issues and be inspired by others.

If you are one of our partners, we would like to hear your feedback on this group. Please be so kind and take a minute to fill out our 2 question survey. Thank you!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Thanks to Safetica, Suntex reduced their number of data security incidents to zero.

Suntex Pte, Ltd. is an apparel manufacturing company from Cambodia with over 30 years of experience. After the company replaced their previous data loss prevention solution with Safetica, the number of data security incidents was reduced to zero.

Suntex Pte serves global sports apparel brands, so their data on product design, manufacturing processes, and customers is extremely valuable.

The company wasn’t happy with their previous data loss prevention solution provider. With help from their system integrator, Suntex chose Safetica, because it met their primary data needs: data security audit, endpoint data protection, and performance monitoring.

The implementation process took three months, and Safetica has proven to be a very reliable product.

Since we’ve implemented Safetica, the number of data security incidents has been reduced to zero.

Keo Sopheak, IT officer”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

What is GDPR? The scope, purpose, fines and how to comply

GDPR stands for General Data Protection Regulation. GDPR is a European Union protection regulation that came into force on May 25, 2018. It applies to all organizations that process the personal data of EU residents. This means that companies in the EU and abroad are affected. GDPR is the strictest and most complex personal data protection regulation in the world.

Types of data
There are two types of data – personal and non-personal.

  • Personal data
    Personal data is any information that can directly or indirectly lead to an identified or identifiable natural person. General Data Protection Regulation uses the term ‘information’ rather than ‘data’ since the data tends to have an informational value. Any type of personal information can be linked to a specific living person.
  • Non-personal data
    Non-personal data is never linked to an identified or identifiable natural person. This category includes data that was previously classified as personal, although the linkage to a natural person has been removed.

What is personal data processing
Various types of actions with personal data are considered to be personal data processing: Collecting, recording, organization, structuring, storage, adapting or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

GDPR rules apply to companies that process personal data wholly or partly, using automated or manual processing, or if the data is a part of a structured filing system.

Examples of personal data
General Data Protection Regulation applies to the processing of personal data. Companies need to protect the following personal data:

  • Employee personal data (name, address, date of birth, etc.)
  • Information about customers/patients/residents (marketing databases, medical records, contact lists)
  • Non-public personal data of business partners and providers
  • Personal data that is transferred to and processed by third parties (accounting books, credit registers, direct marketing)
  • Images and sound recordings
  • Encrypted data (IP addresses, MAC addresses, cookies if they can be linked to a natural person)
  • Photos of individuals
  • Video recordings

The purpose of GDPR

The purpose of the General Data Protection Regulation is to protect the privacy of citizens. Therefore, companies are obliged to protect the personal data of these citizens and cannot process it or sell it to any third parties without their consent.

In the past, companies would have sold data to one another without the consent of the data subjects. GDPR aims to create a uniform standardized norm for personal data protection within the EU.

Another purpose of GDPR is to modernize the former rules so that they align with the modern digital society.

Rights of the individual
GDPR is intended to help EU citizens understand how their data is being used and how to file complaints. The goal is to give individuals control over their personal data. Citizens have the following rights:

  • right to be informed
  • right to access
  • right to rectification
  • right to erasure/to be forgotten
  • right to restrict processing
  • right to data portability
  • right to object and rights in relation to automated
  • decision-making and profiling

The Scope of GDPR
General Data Protection Regulation impacts all organizations that process the personal data of EU citizens, including every company that offers goods and services or employs people in the EU even if an entity is based outside the EU.

GDPR applies to companies, associations, organizations, authorities and in some cases private individuals.

GDPR covers the whole European Union, and it applies to all the member states and covers the European Economic Area countries, such as Iceland, Lichtenstein, Norway, and the United Kingdom.

The Seven Principles of GDPR
GDPR stands on seven principles for the processing of personal data.

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

GDPR violations – fines
In the event of a GDPR violation, there are two types of fines that companies may be obliged to pay.

  • The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher. Violations connected with record-keeping, data security, etc.
  • The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher. These fines are usually issued for violations relating to data protection principles, the legal basis for processing, the prohibition of processing sensitive data, denial of data subjects’ rights, or data transfer to non-EU countries.
    The GDPR fines apply to all types of businesses, from large to small.

The fines are set for each individual case and must be effective, proportionate and dissuasive. There is a catalog of criteria that is used for setting an appropriately high fine. The following criteria are considered:

  • whether the violation was intentional
  • the number of people affected
  • what type of measures the company took to mitigate the damage
  • the level of collaboration with authorities etc.

 

Differences in GDPR within the EU
Germany’s BDSG
When GDPR came into force, so did the new Germany Privacy Act (BDSG-new). It complements, specifies, and modifies the GDPR and focuses on specific topics. The BDSG-new applies to private companies that are based in Germany and which process personal data in Germany, but also to companies that offer goods and services in Germany or monitor the behavior of data subjects in Germany.

Five Privacy laws in the world similar to GDPR


Brazil
Brazil launched the LGPD in September 2020, right after GDPR. They are very similar in terms of scope and applicability. Companies that want to conduct business in Brazil’s economy have to comply with LGPD.

South Africa
South Africa’s Protection of Personal Information Act (POPIA) is applicable as of July 2020. There are a few differences between GDPR and POPIA regarding how strict the laws are. GDPR has higher fines, but POPIA includes criminal charges.

Turkey
Turkey’s Law on Personal Data Protection (LPDP) has been amended several times since 2016 and it is approaching GDPR, especially when it comes to personal data processing.

USA
Every state has their own privacy laws. In the State of New York there is 23 NYCRR 500, which applies to financial institutions operating in New York. In California, there is the California Consumer Privacy Act (CCPA), which closely resembles GDPR.

The CCPA is intended to further consumers’ constitutional right to privacy by giving them an effective way to control their personal information. The bill was passed by the California State Legislature and came into force on January 2020.

Thailand
In February 2019 the Thailand Personal Data Protection Act (PDPA) was approved, but the date of effect was delayed. The law will be effective as of June 1, 2022. The PDPA is like the GDPR, in that it includes a broad definition of personal data, the requirement to establish a legal basis for collection and use of personal data, and high penalties for violation. The fines are lower, although there is a possibility of imprisonment.

Top 3 biggest GDPR fines

#1 Amazon – fine of €746 million
A fine of €746 million was issued by the Luxembourg National Commission for Data Protection (CNDP) to Amazon.com Inc. An investigation was opened due to a complaint filed by 10,000 people against Amazon in May 2018. CNPD found that Amazon had violated GDPR when its advertising targeting system failed to obtain proper consent from users.

#2 WhatsApp – fine of €225 million
Ireland’s Data Privacy Commission (DPC) issued a GDPR fine to WhatsApp Ireland on September 2, 2021. The principle of transparency was violated by WhatsApp Ireland Ltd, and the company didn’t provide proper information to users. In 2021, WhatsApp updated its User Privacy Notice to increase transparency about the processing of users’ personal data.

#3 Google LLC – fine of €90 million
CNIL (The Commission nationale de l’informatique et des libertés) issued a fine of €90 million to Google LLC. YouTube users in France were not allowed to refuse cookies as easily as accepting them. When users are discouraged from refusing cookies, the company benefits, and that is considered a GDPR violation.

 

5 steps to secure data for GDPR compliance
1 Perform a data audit

You should know what type of personal data your company generates and where the information is stored.

2 Implement document handling guidelines

Create a set of rules that specify how personal data can be handled.

3 Educate your employees

Every employee should be aware of how to handle personal data.

4 Encrypt your data

GDPR recommends that all media and external devices should be encrypted.

5 Protect your data against leakages and insider threats

Data loss prevention is a comprehensive strategy that should be implemented not only due to GDPR but because data is one of the most valuable assets that companies have. Secure your data and communication methods, such as e-mail, cloud storage, instant messengers, print, USB drives, mobile devices, etc.

 

How to align with GDPR with Safetica

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.

Privacy and personal data protection should be an absolute right of everyone in the modern world. That’s why we at Safetica place these protections at the heart of each of our products,”

says Safetica CISO Radim Trávníček.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Safetica NXT – SaaS DLP introduction

Safetica NXT, the next-gen SaaS DLP, is a cloud-native solution with super-easy management and flexible subscription. Its risk-driven incident detection is powered by data analytics.

With Safetica NXT, you get:

  • Data discovery (Full audit of sensitive data flow)
  • Data protection (setting up of data protection rules)
  • Incident detection and response (risk assessment)
  • Regulatory compliance (GDPR, HIPPA, PCI-DSS)
  • Fast alerts and intuitive reports

Information at your fingertips:
Overview of the Safetica NXT environment
When opening Safetica NXT, you will land on the Dashboard. It will give you an overview of the most pressing issues that transpired in the environment and show you what might need your attention.

The Data security section lets you scan files for sensitive data, create your own rules for risk detection, create your own protection rules, and investigate detected events for data leaks.

The Workspace section displays the results of our smart detection in your company’s digital workspace, so you can immediately see which web upload domains, outgoing email domains, and external devices (USBs) can be considered as safe or which ones needs to be reviewed. In this section you can also move safe domains and devices into a safe zone.

The Employees section lets you see the number of protected users, their risky events and endpoint use. You can install Safetica to a new endpoint by visiting the endpoint tab.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Data Loss Prevention, Guide for 2022

Data is the most precious asset a company has, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft. 

What You Will Learn:

Let’s start with a real-life experience. When working with an advertising agency, one of my colleagues sent an internal document with all invoices, including prices related to an essential client, to the their account manager’s email address. But unfortunately, instead of choosing the Company/Account she chose the client Company – and the client ended up with a ready-made argument on how to lower their fee. The colleague soon became an ex-colleague, and the client left the agency shortly afterward. 
Even though this scenario may seem like an exaggeration, these kind of mistakes happen in every company. Furthermore, they are compounded by malicious intent, such as a disgruntled employee stealing a client’s database to sell to acompetitor, or a contractor downloading a list of every transaction made. 

What is Data loss prevention? How to take care of your data security  

Data loss prevention (DLP) is simply a process of securing your sensitive data from being lost, accessed by unauthorized persons, or misused. This process usually uses a tool, such as DLP software and platform, to classify data and determine what to protect, and actual protection of that data by implementing/enforcing security policies.

This approach is not only in the company’s business interest, but also legally required by regulations such as GDPR, HIPAA and PCI-DSS. And of course, this process needs to be embedded into company processes and data handling. Every company to some extent, needs to resolve the following issues:  

  • The protection of intellectual property and trade secrets is vital for your organization’s financial results and your brand reputation. 
  • Regulatory compliance to ensure the compliance with information protection security acts, to detect and prevent regulatory violation.
  • Insight into your organization effectivity to optimize internal processes and resources, such as hardware or software use. 

The Main Components of DLP: A short glossary 

Let’s take a look at DLP and what you need to take into account when setting up this process. This will come in handy when discussing the uses and advantages of specific data loss prevention software. 
 
The most important asset is data. 

  • Data at rest: data stored in archives and databases that is not actively accessed or processed. 
  • Data at motion:  data in transit or in flight that is moved from one location to another, i.e., by copying or downloading. This transfer may happen within an organization network or outside it. Both types need to be protected and are most vulnerable to attack or threat. 
  • Data in use: active data that is currently being read, processed, updated or deleted by the system. 

Data loss prevention software protects this data against some types of data incidents. These incidents may vary according to their intentionality (from mistakes to thefts) and with different levels of severity and extent. 

  • Data loss: event that results in data being deleted, corrupted, or made unavailable  
  • Data leakage/data leaks: unauthorised transmission of data 
  • Data breach: intentional or unintentional release of sensitive information 

Even though the actual name “data loss prevention” implies that it prevents data loss, most software protects against data leakage and, in some scenarios, against data breaches. The term “data loss prevention” is used so widely, and has been for such a long time, it will probably remain the preferred way to describe a solution that makes it difficult for sensitive data to be leaked or misused outside a company. 
 
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD. 

The most critical process is determining the value of data, since not all data was created equal.

It is important to consider the following when determining the value of data:

  • Data identification and classification simply means discovering where the data is and if it needs to be protected, and to what extent. This process may be manual, using rules and metadata, or semi-automatic using content & context classification and end-user classification. In the future, AI and ML could theoretically enable fully automated classification (but should still be subject to human control). Data classification is done using content and context. 
  • Content of the data: if a document contains credit card numbers or hospital patient information, it would be worth preventing it from being sent to persons outside the company or even unauthorized persons within an institution. 
  • Context of the data: where and when the information was created, where was it stored, and how it was changed.
  • And finally, with all these components in place, you may be able to detect data leaks and/or prevent them. Detection means having the information after the fact (such as an alert that an employee sent a sensitive file outside the company). In contrast, prevention means making sure a leak doesn’t happen (e.g., when attempting to upload a file to the internet, the upload is blocked).    

Data loss is caused by internal and external actors. 

“Next time we run a company, no employees.” Chief data security officers would agree, since around half (from 40% to 60%, according to different sources) of data breaches are internal. They come from employees, contractors, and other actors connected to the company. What are the most common scenarios? 

Mistakes: sharing sensitive data outside a company can happen in a blink: replying to all or sending to the wrong person. This unintentional or negligent data exposure constitutes the majority of data leaks. 

Intentional disclosure of the information: an internal actor, such as an employee or a contractor, moves sensitive data outside the organization for their own benefit. 

Use of incorrect software or process: uploading a client’s file on a public repository, or using a public computer or wifi areexamples of another common problem. “Shadow IT”, i.e., the use of unauthorized software and services, may be improved through employee training, but data loss prevention software can systematically solve this issue, like blocking data transfers to those services. 

Theft or loss of devices: hybrid work results in the increased portability of company devices and therefore more occasions for loss or theft. You may remember the Secret service agent’s stolen laptop that contained Hillary Clinton’s emails. Or read our article about the risks of external devices.

Data loss prevention software: why and how to choose   

DLP software identifies, detects, and protects an organization’s sensitive data, whether they are at rest, in motion or in use on its different endpoints.

The main advantages of data loss prevention software are protecting a company’s reputation and upholding its business value by detecting or preventing data leaks. In the first case, it lets you take appropriate measures and mitigate incidents; in the second, it prevents incidents from even happening. In the wrong email address example, detection could mean determining that a sensitive document was sent to an unauthorised address; prevention would be not allowing the employee to send the material at all.

Another long-term benefit of these solutions is employee education. Because they are warned or notified of unauthorized data-related operations, they learn and internalize the correct way to manage sensitive. As demonstrated, the weakest link of every security solution is human. By educating employees, contractors, and other internal actors, a company can improve its data security in the long run. Some DLP platforms incorporate this already: a user can upload a sensitive file by justifying the action, knowing that everything is logged. 

How to choose a DLP solution? First, you need to determine what legal frameworks apply to your company and what main scenarios you want to protect: audit and monitor your data, protect your data against insider threat or audit your company’s use of resources.  

Questions to ask potential vendors

  • Does it cover the security scenarios of your organization?  
  • Is it sufficient for the size and complexity of your organization?  

Your ideal vendor should work with you during each step to help you determine the extent of the solution you need, starting with a data management audit. Implementing data loss prevention does not stop with the choice of vendor and setting up the software. Even though it is usually the IT department who runs this initiative, all employees should be aware of the process and educated about the use of the selected software and correct data-related behavior.
 
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
 
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management. 

Your data is your most important asset – protect it accordingly.  

Data loss prevention software helps not only protect company sensitive data against insider threat and loss but also helps to future-proof your organization when it comes to business continuity, reputation, and knowledge management. It is an important part of data-driven decision-making, helping you prevent or resolve data-related incidents and educate employees about the necessity of treating data as the most critical business asset.
 
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.

Why Safetica

Learn how can Safetica meet company sensitive data protection and operation audit goals.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

SoftwareReviews: Safetica is a DLP Emotional Footprint Award Champion

DLP software users evaluated how they feel about their products across 26 dimensions, from vendor-client relationship to product effectiveness. Safetica and McAfee DLP both placed in the Champion Quadrant.

In February, SoftwareReviews published their Emotional Footprint Awards 2022. Safetica and McAfee were the only companies to reach the Championship Quadrant for Best Data Loss Prevention Software.

Safetica: DLP Diamond Champion

With 53 reviews, Safetica earned a +95% emotional footprint. The only other DLP provider to place in the DLP Diamond was McAfee DLP.  McAfee received 20 reviews and had a final score of +98%.

This is what Safetica customers think of us. And we are very proud of it.

  • Service Experience 
    Safetica was highly rated as respectful, caring, time saving.

  • Conflict Resolution
    Customers appreciated client-friendly policies, altruism, and trustworthiness of Safetica.

  • Negotiations and Contracts
    Users believe Safetica is generous, transparent, friendly in negotiations, and that they over deliver and put client’s interests first.

  • Strategy and Innovation
    According to users, Safetica helps innovate, is continually improving, includes product enhancements, is inspiring.

  • Product Impact
    Users consider Safetica performance enhancing and protecting security.

    (Safetica placed in the top two in each of the areas above.)


We at Safetica believe that data protection should make running your business easier, not harder. We are very pleased that our customers agree that we make their bussines more secure – and that our cooperation is a pleasant and nice experience.

Richard Brulík

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

The Top 5 Biggest Data Leaks in 2021

Data breaches are a common phenomenon in the world of data and can pose serious threat to organizations. When a data breach occurs, a company’s reputation is at risk, and fines from legal authorities may be imposed. The costs of such breaches can be enormous. According to IBM’s Cost of a Data Breach Report, issued in conjunction with the Ponemon Institute, in 2021 the average cost of a data breach reached $4.24 million per incident, in healthcare it was $7.13 million. Let us walk you through the biggest data breaches of 2021.

#1 Twitch

Number of records leaked: 5 billion

The Amazon-owned streaming service experienced a data breach in October. There was an error in a Twitch server configuration change that resulted in access to 100GB of data by a malicious third party and data leak.

An investigation was launched immediately, the company fixed the configuration and secured the systems. This leak was caused by a human error, hence an insider threat.

Types of data exposed: 

  • User data
  • Client list
  • Twitch’s source code
  • Security tools
  • Three years of payment information
 

#2 Astoria Company

Number of records leaked: 30 million

Astoria Company LLC focuses on lead generation from various websites and collects data for its clients.

In January, the team at Night Lion Security discovered several new breached databases of Astoria Company for sale on the dark web. Night Lion notified Astoria Company, the company was not aware of the breach.

Types of data exposed: 

  • Social security numbers
  • Bank accounts
  • Driver’s license numbers
  • Names
  • Email addresses
  • Dates of birth
  • Mobile phone numbers
  • Physical addresses
  • IP addresses
  • Credit history
  • Medical data
  • Home and vehicle information
 

#3 Park Mobile

Number of records leaked: 21 million

Park Mobile provides the largest cashless parking app in the U.S. In March, the company experienced a data breach in which the personal data of 21 million customers was sold online by Russian hackers.

The breach occurred due to vulnerability in a third-party software that is being used by the company. Park Mobile immediately launched an investigation, notified legal authorities, and recommended that customers change their passwords.

Types of data exposed: 

  • License plate numbers
  • Email addresses
  • Phone numbers
  • Vehicle nicknames

 


#4 ClearVoiceResearch.com

Number of records leaked: 15.7 million

ClearVoice Research focuses on market research surveys. In April, the company discovered that a backup file of one of their survey databases from 2015 was exposed and sold online.

The company launched an investigation, located the backup file, secured it and eliminated any further exposure. Other files were checked to see whether they were secured properly against other breaches.

ClearVoice Research reset the passwords of people whose data might have been compromised and implemented security measures to prevent the recurrence of such an event.

Types of data exposed: 

  • Names
  • Email addresses
  • Addresses
  • Home addresses
  • Phone numbers
  • Dates of birth
  • Passwords from 2015
  • Responses to various questions (such as health conditions, political affiliation and ethnicity)

 


#5 Jefit

Number of records leaked: 9.05 million

Jefit is a workout tracking app. In March, the company experienced a data breach due to a security bug. The breach impacted clients’ accounts that were registered before 20th September 2020.

The company secured the servers and impacted accounts immediately and launched an investigation and contacted the authorities. Jefit also adopted new security measures to avoid another breach in the future.

Types of data exposed: 

  • Account usernames
  • Email addresses associated with the accounts
  • Encrypted passwords
  • IP addresses when creating the account

 


How to avoid data breaches

There are various ways to avoid data breaches. The tips below might help you to protect your company’s valuable data.

  • Identify all the sensitive data in your company and review who can access it and why.
  • Review security policies and make sure they are not too difficult to understand and follow.
  • Educate your employees and reiterate why data security is important.
  • Implement a DLP solution that helps you to perform security audits and set and manage security policies.

Eighty-five percent of companies experience a data breach and 60% of small businesses close within 6 months due to a major data leak. At Safetica, we help all companies, large and small, from various sectors to protect their data against leakage and insider threats. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

What is an Insider Threat? Definition, Examples and Solution

An insider threat is a data breach security risk caused by people that have legitimate access to an organization’s data. Insider threats can be either unintentional or malicious. Insider threats are on the rise and are intensified by digital workspaces, flexible and remote work, and the agile behavior of companies without strict policies.

What is insider threat?

Insider threat is a malicious or unintentional threat to an organization that originates from internal operations or people who have access to an organization’s data.

The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 in 2021. For even better context, overall costs were $8.76 million in 2018 (Ponemon). The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.

Insider threats are on the rise due to digital workspaces, flexible and remote work, agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

The motivations for malicious insiders to misuse company data may vary. They either want to harm the company or make money. Employees might also be negligent and send data outside the company by accident.

If you process personal data and there are names, contact details, security numbers, card numbers etc. in your CRM, the data could be sold on the dark web where anyone can buy it. Your company is at risk if you sell products or services, or collect application data from customers.

If you have customer databases, your data might be sold directly to a competitor, who would then have access to valuable information about your clients and could easily lure them away. This might happen, for example, if you provide financial services, leasing, etc.

Types of Insider Threats

Insider threats can be divided into the following categories:

  • Data reseller – an employee who is financially motivated to sell a company’s data. Such an employee might willingly harm your company. Your company’s data can be sold on the dark web (if you work with personal data), or directly to your competitors (i.e., customer databases).
  • Lazy worker – an employee who is negligent and does not follow a company’s security policies. This type of employee is only doing their job and does not comprehend all the complexity behind data security. If a company’s policies are too strict and make daily business more complicated, the risk of non-compliance increases.
  • Owner – exiting employees who think that everything they created during their employment is their own property. They may take data with them to show to future employers, or take a company’s customers to a competitor.
  • Gullible employee – an employee who is a victim of a phishing campaign. For example, an employee opens an attachment or clicks through an email sent by an external social engineer, who steals the employee’s credentials and accesses company data. This type of leak is very difficult to spot since the thief then acts under the identity of the employee. A good DLP software might help with this.

 

How can I protect against Insider Threats?

Keeping sensitive data secure requires a combination approach. However, it is easier than it might sound to protect your data against insider threats.

policy 

Evaluate your security policies

Make sure that your security policies are clear and easy to understand. The more complicated your policies are, the higher the chances employees will ignore them. It is also important that your employees understand why data security is important and why they should handle sensitive data with care.

badge 

Screen new hires and monitor your compromised employees

Make sure that you perform a background check on your new hires. Create a secure off-boarding process to make sure that exiting employees will not take any data with them. If you are aware of any employees who might be compromised, keep an eye on them and check what type of data they have access to and if they need it.

school 

Educate your employees

The importance of data security might be too abstract for some employees, so it is important to constantly educate them. They should be aware of what type of data your company considers sensitive and how it can be misused. However, make sure you are also clear about the consequences of stealing your data. Your goal is to motivate people to protect your data, and to not take it outside.

search

Investigate past incidents

Have you ever experienced an insider initiated data leak? Then you know how unpleasant the process of investigating can be. When this happens, it is imperative that you investigate it properly and set appropriate measures after the incident. Also, notify fellow employees about the incident and advise them on how to comply with security policies.

verified_user

Implement a data security solution

All the steps above can help you with data security, but your most powerful tool is a software solution that helps you do it all. One advantage of such software is that it will not interrupt the daily work flow or lower the productivity of your employees in any way. The solution runs in the background and keeps data secure at all times.

With Safetica, for instance, you can even label your sensitive data by context and see how your employees access and work with it. You can set specific security policies – block file operations, data capture (like screenshots), or specific email domains, restrict usage of external devices, restrict data upload to the cloud and so on. On top of that, Safetica is super simple to implement, integrate and use. If you are interested, check out this link for more information.

Insider threats examples

#1 Ubiquiti

Ubiquiti is one of the top worldwide producers of wireless communication devices. The company had a malicious insider among its employees. Nickolas Sharp stole gigabytes of company data and tried to ransom his employer.

Nickolas Sharp used his cloud administrator credentials to clone and steal confidential data. He tried to hide his activity and changed log retention policies so his identity would remain unknown. When he obtained the data, he demanded almost $2 million from Ubiquiti in exchange for the return of the files. However, the company refused to pay, found him and changed all of the employees’ credentials.

In January 2021, Ubiquiti issued a data breach notification, and Nickolas Sharp was arrested for data theft and extortion.

#2 Amazon

In October 2021 a few Amazon employees were responsible for leaking customer data, including email addresses, to an unaffiliated third-party. This behavior violated company policies. The company fired these employees and referred them to law enforcement. Amazon never announced how many customers were impacted.

#3 The Swedish Transport Agency (STA)

In September 2015, the Swedish government had a data leak and the data of millions of citizens were exposed. The Swedish Transport Agency (STA) outsourced the management of its database and IT services to companies outside of Sweden. STA uploaded their entire database onto these companies’ cloud servers and some of their employees received full access to the database. The leaked data included all Swedish drivers’ licenses, personal details of Sweden’s witness relocation program, elite military units, fighter pilots, pilots and air controllers, citizens in a police register, details of all Swedish government and military vehicles and information about road and transportation infrastructure.

The director of the STA, General Maria Ågren, resigned and was found guilty by a Swedish court. She had to pay a fine of half of her monthly salary, which was, according to some citizens, not sufficient.

The data is still under the management of the two non-Swedish companies.

#4 Coca-Cola

In 2018, The Coca-Cola Company announced a data breach. A former employee was found to have an external hard drive that contained information stolen from Coca-Cola.

“We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company,” a Coca-Cola spokesperson told Bleeping Computer.

#5 Trend Micro

In 2019, Trend Micro experienced a leak of personal data caused by a malicious insider. The company learned that some of their customers were getting scam calls claiming to be Trend Micro support.

An investigation was launched right away, and it confirmed that it was an insider threat. An employee got access to a customer support database with names, email addresses, Trend Micro support ticket numbers and telephone numbers. The employee sold the sensitive data to a third-party malicious actor.

The employee was fired immediately, and customers were advised not to react to the scam calls.

Summary

Insider threats are on the rise due to various “new normal” ways of working. When protecting your data, keep in mind that there are two types of employees that can put your data at risk.

The first group is aware that sensitive data is a valuable commodity that can be sold to a third party. These employees are constantly trying to find ways to steal data while remaining undetected.

The second risk group may not be aware that data is an important asset, and thus does not handle it properly, or they misuse it (by taking documents to a new employer). The risk of accidental data loss increases if a company does not use a DLP solution or has unclear security policies. Keep in mind that this is the largest risk group and accidental data leaks are very common.

Protect your data by adopting appropriate measures that will help you to keep your sensitive information safe. Perform an audit of your data and check who can access it and for what purpose. Take care of your employees as well. Education about data security can help a lot, as can easy-to-understand security policies.

Your greatest data security asset is the right software. Find one that combines all the important features and protects your critical data as well as your employees. Remember that if people feel safe, your company’s data will be safe too.

Safetica offers a solution that helps you keep your data safe – from initial (and continuous) discovery of sensitive or other business-critical data in your digital workspace through the efficient dynamic data leak and insider threat protection, to easy integration with other tools and into a multi-domain enterprise environment.

Finally, Safetica is super easy to implement and integrate. And this isn’t just our opinion, but our customers think the same! We placed at the top in 2021 Data Loss Prevention Data Quadrant by SoftwareReviews.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Safetica prevents data leaks for Voltamp Transformers

VOLTAMP TRANSFORMERS OMAN SAOC is a manufacturer of transformers based in Oman, and data security is one of their top priorities. The company replaced their previous DLP solution with Safetica because it offers the features the company needs to protect its sensitive data, such as client lists, manufacturing processes and R&D prototypes. Using Safetica brings Voltamp peace of mind and reduces their data security costs.

The problem

Their previous DLP solution, TrendMicro, lacked features like OCR blocking, specific path leakage prevention, file-extension based data protection, signature based prevention, etc.

The company decided to use Safetica because it checked all the boxes for DLP and insider threat protection. With help from Salama Integrated Technologies, Safetica ONE was implemented in under a month. It included security Audit, endpoint data protection, security automation, enterprise features and performance monitoring.

Benefits of Safetica

Voltamp’s company data was classified based on importance and criticality, and policies were developed for users and computers to prevent data leakage. After implementing Safetica, both internal data security and security risk level improved as a result of the periodic reviews of actual data leakage.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

What do partners have to say about Safetica?

Our partners are in everyday contact with customers and provide us with crucial feedback from different industries, geographies, and use cases.

Secure & IT

Visibility, traceability and forensic analysis on the actions performed by users.
At Secure & IT, we work with Safetica DLP with UEBA (User and Entity Behavior Analytics). This tool allows the information to be classified automatically, assigning labels to each type of data. Thanks to this, it is possible to create reports on the type of information handled by each employee, controlling all the actions and documents with confidential information. This tool provides us visibility, traceability, and forensic analysis on the actions performed by users.
Francisco Valencia
Managing Director, Secure & IT

Andorsoft

I have full confidence in Safetica as a tool for securing my customers' critical information.
Protecting our customers from information leaks and insider threats is critical nowadays. With Safetica's solutions, we can identify and classify information handled by employees, provide complete visibility into user activity, and block information leaks reliably and straightforwardly. In our first project with Safetica Discovery at a major insurance company in Andorra, we have been able to monitor employee activity, having complete visibility from a security and productivity point of view. It allows us to establish analytical reports, and we ensure regulatory compliance at the audit and security level.
François Ruiz
CEO, Andorsoft

ICOS

Safetica is the optimal solution for companies of all sizes.
Easy to install and manage, it has fantastical features that allow you to prevent data loss by monitoring everything from printouts to USB accesses, to use behaviour and much more. What about Safetica's support and people? Simply spectacular! Professional and always ready to support us.
Katia Rovezzi
Product Account Manager, ICOS

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.