top of page
Data Aegis

Simply put, we protect our assets.  

Now that may seem obvious to you. However, your most precious assets (your identify, credibility, very livelihood) are compromised with every <click> to a website. Your activity is captured & sold to marketeers (possibly racketeers).  The US Government is committed to a strong, dynamic cyber security program. The UK is , the EU may be ahead of the US in this effort, which has privacy regulation down to the individual.

Recently, the majority of institutions have stepped up efforts to protect themselves against nefarious cyber activities. Largely due to being directly impacted (note - companies now carry cyber insurance to their protection portfolio). As the threat landscape evolves, organizational data citizens are now active participants in data security threat testing & reporting, yet security breaches continue to proliferate due to human error. Sadly, the war on cyber crime has many battles yet to come.

On a side note - In larger organizations, a dedicated team manages risk, usually led by a Chief Security Officer (CSO). However, it is the role of a Chief Information Security Officer (CISO), dedicated to the protection of data.  Take note that this role is in its infancy.

Here's the data aegis decoded advice:

  • Technology is the easy part. Most unauthorized access is social (user) error.

  • Change passwords 'early & often' and get really clever with the password too. Here’s a way to do it- think of a sentence that would be memorable to you and then follow a rule I created, which you can remember as the ASS rule (awkward name, I know but it works): 

  1. Abbreviate the sentence

  2. Swap letters for special characters

  3. Swap numbers for roman numerals & visa versa

  4. Let’s try ASS using this passphrase: Hooray! The Patriots won the SuperBowl in 2017.

  5. The ASS password = Hry!TPtrtswon$BLI

  • ALL Email encryption methods get exposed at some point, just give it time.  therefore, be proactive.

  • A platoon of little minions are necessary to monitor log files (byproducts of your Data Loss Prevention Program), otherwise ‘stuff’ goes unnoticed

  • Apply the ‘Kill Pill’ method to your digitized sensitive reports (unlike SnapChat, the data really is deleted).

  • Run a very tight (TIGHT) port of data entry. Whatever visible data you are allowing in may contain mutant data, awaiting further instruction! API’s for data exchange are a great way to commoditize data movement.  However, API's are gifts from afar, never forget that.

  • Purchase printer ink from a supplier that sells disappearing ink (not kidding!). Your printout visibility has a life expectancy of a couple of days. Think of how green your company will be with the reuse of paper too.


Regulation, eah?

One notable difference between the EU and the US is the EU’s emphasis on an individual’s rights to data privacy; this can be seen in the General Data Protection Regulation (GDPR) inclusion of EU citizens’, giving them the “right to be forgotten”. This right would be an empty shell if EU data protection rules were not to apply to non-European companies and search engines (Google, Yahoo etc). If a data subject makes this request, the controller must erase the subject’s personal data “without undue delay”, typically within a month. For the first time, the proposed GDPR, leaves no legal doubt that no matter where the physical server of a company processing data is located, included non-European companies, when offering services to European consumers, must apply European rules.

For the record, GDPR is the largest data privacy regulation enacted in twenty years. Founded by the UK, in support of an individuals data is intended to strengthen and unify the protection of individuals data within the European Union. However, under the GDPR, jurisdiction is less related to the location where a business is incorporated/headquartered and more to the location of the business activity. This is why the U.S. is impacted.  There are hefty fines not to mention loss of industry reputation, so do adhere to this regulation.

 

Back to an individual's privacy;  the EU Court in its judgment did not elevate the right to be forgotten to a “super right” trumping other fundamental rights, such as the freedom of expression or the freedom of the media. And how forthcoming the regulation will affect the Internet Archive’s 20 years of internet history remains to be stated (accessible via it’s ‘Wayback Machine’). Do we lose the ability to look back in time at data that involves an individual? Should ANY individual have the right to have their data expunged?  These questions and many more to follow.....

Click here to continue discussion of data aegis services.

bottom of page