Blog Banner

Category Archives: Security

SPTechCon: SharePoint Compliance & Security, Chris McNulty Book Signing & More

Logo of SPTechConSharePoint security continues to be an ever present concern for organizations. Consider some recent stats on content security:

  • 46%, out of the 60% who indicated that their companies support BYOD, say that their companies do not use tools or policies to protect corporate data. Survey results reported by Bank Systems & Technology
  • Only 15% of respondents said their information governance plan is “in place, it’s important and it’s communicated and enforced.” AIIM survey of 548 members of its community

Next week, join HiSoftware at SPTechCon: The SharePoint Technology Conference in San Francisco to discuss these issues and how to keep SharePoint secure while maximizing your investment in the collaboration platform. Head on over to the HiSoftware Booth (605) to learn more about our award-winning solutions for secure collaboration and have some fun Sheriff style!

BBC Reports: 2014 the Year of Encryption

decorative image of padlockThe BBC reported that 2014 is the year of encryption. The article points out government surveillance and the threat of attacks from hackers as the main cause. Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company advised in the article:

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure “hardened” computers.

Outside threats are a huge concern, but effective content security needs to be handled from the inside. Forrester reported that 75% of data breaches come from within a company. Of these, 63% result from an employee losing or misplacing corporate assets; 12% were breached with ill intent.

Most Common Governance Mistakes In SharePoint (and how to avoid them)

Decorative logo of Metalogix Best of Breed ShowcaseYesterday I joined Ruven Gotz, SharePoint MVP, Avanade alongside Jill Hannemann, Practice Director for Advisory Services, Portal Solutions and Gail Shlansky, Director of Product Marketing at Metalogix in a best of breed webinar “Most Common Governance Mistakes In SharePoint (and how to avoid them).”

The discussion focused on the mission critical role SharePoint plays in an organizations content management and collaboration efforts and as a result, the important role governance plays in securing information integrity. We also touched on optimizing the value of content stored, accessed and shared within SharePoint. Despite the fact that governance is considered critical, most organizations suffer from a governance gap.

During the webinar, host Ruven Gotz asked panelists a series of questions. Some are summarized below.

Privacy Breaches Must Stop!

Decorative image privacyIf you think content security is a nice to have; think again. Just last week, it was reported that Stanford Hospital & Clinics and two of its vendors are set to pay more than $4.1 million to settle a class action claim. The claim said they violated a state privacy law by allowing the medical information of approximately 20,000 emergency room patients to be posted online for nearly a year.

According to a statement released by Stanford:

  • Multi-Specialty Collection Services and Corcino & Associates will pay $3.3 million
  • Stanford Hospital & Clinics will pay $500,000 for a program to educate vendors on recent regulations that hold them accountable for privacy breaches
  • The hospital will also pay $250,000 to cover the administrative costs of the settlement

Stanford’s breach of protected healthcare information (PHI) was unknowingly and illegally displayed on a public website for nearly a year, beginning on Sept. 9, 2010 before it was discovered. With such steep financial settlements and/or government penalties possible, not knowing that someone in your organization accidentally published PHI or other personally identifiable information (PII) is not a defense. This isn’t an isolated case, a Forrester report shows that a surprising 75% of breaches come from within the company, not outside threats like hackers.  Data from CyberFactors shows a similar picture, where 50% of the reported incidents were caused by an external actor, 40% by someone inside the organization, and 6% by a third-party contractor or vendor. 

Did the Renewed Australian Privacy Act Take You by Surprise?

Australian FlagEarlier this month, on March 12, 2014, the renewed Australian Privacy Amendment Act (PAA) took effect. It now requires businesses and government agencies to notify citizens when their data has been stolen or lost, or their privacy has been violated. The Act is applicable to data breaches where there is risk of serious harm.

The new legislation dictates that both private and public sector data breaches must be reported to the Office of the Australian Information Commissioner (OAIC), and consumers must be informed so they can take proactive steps to protect their data. To help enforce the legislation, the Privacy Commissioner can impose penalties for a breach of up to $340,000 for individuals and $1.7 million for companies. Now add to that number the total organizational cost of a data breach in Australia: $4,104,932[1]. As you can see, the penalties that can be levied under the new Act have the potential to increase the total cost of a breach significantly for an organization.

#SPC14 Roundup

SPC14 HiSoftware boothLast week I was at the SharePoint Conference in Las Vegas to talk everything SharePoint compliance and security. After a few days reflection, here’s my roundup of the week:

 1.        Everything Compliance

Microsoft did a lot of taking about SharePoint, Office 365, and Yammer. It became clear that attendees were bee lining it for us to discuss how to make this all compliant. The challenge for these organizations is that they store highly confidential documents that contain personal health information (PHI) and personally identifiable information (PII). Some need to comply with PCI rules. So how do you make all of this compliant? As Microsoft continues to encourage all types of collaboration across its portfolio of products, technology that can audit, classify, restrict, encrypt, track and control content will become essential.

Most Wanted SharePoint Villain Community Choice – the Votes are In!

Decorative image of Dot our most wanted Villian Community contestThis week we have unveiled to you the winning entries for the SharePoint Most Wanted Content including Andy the Anonymous Admin, Felonious Phil and Fran the Folder Fiend. We featured the top eight submissions and asked you to rate your pick for the most notorious SharePoint offender. The votes are in!

The Community Choice for the Most Wanted SharePoint Character goes to… Dot!

Dot, when uploading her documents, enters as little metadata as possible, typing periods – dots – into every required field where it will allow.

HiSoftware’s #3 Most Wanted SharePoint Villain: Fran the Folder Fiend

Decorative Image of Most Wanted Poster FranAfter revealing our winner Andy the Anonymous Admin and runner up Felonious Phil in the SharePoint Most Wanted Contest at the SharePoint Conference 2014 in Las Vegas (#SPC14), today we post the second runner up.

Fran the Folder Fiend  

Fran creates sub-folder after sub-folder within her document libraries. She sometimes buries them 6, 8 or 10 layers deep, instead of adding metadata and columns to make her files easier to sort, filter and find within the library.

What Can Be Done?

The issue with folders is that even if a user puts a document into the right folder initially, he or she will likely copy the document to other folders to collaborate with different users. SharePoint is not just a filing system; it is a platform for collaboration. Creating duplicate copies in multiple locations contributes to the common SharePoint problem of site proliferation. Solving it allows companies to gain the productivity benefits and competitive edge that SharePoint boasts.

HiSoftware’s #2 Most Wanted SharePoint Villain: Felonious Phil

Decorative image of Most Wanted Phil PosterToday marks day 3 of the SharePoint Conference 2014 in Las Vegas #SPC14. Prior to the show we held a month long community contest patrolling for SharePoint Most Wanted offenders who are putting their organizations at risk, bypassing governance and training, and whose bad habits are frustrating their co-workers. Today we post the first runner-up.

Felonious Phil

Wanted for constantly, but unknowingly, sharing PHI (personal health information) with unauthorized users. His innocent, but felonious, actions regularly expose his organization to data breaches and costly HIPAA violations and fines.

What Can Be Done?

If you’re handling PHI, you are bound by HIPAA, HITECH and Omnibus legislation and must have processes in place to safeguard this information. As a first step, you need to understand and assess your risk. As part of this exercise, you should perform an initial audit of content against HIPAA policies to see where potential issues exist in your digital environments. This should include an audit of files shares, intranets, extranets and content management systems (CMS) like SharePoint. Using an automated solution to perform the assessment will also help you to see every person who touches PHI.

HiSoftware Posts SharePoint’s Most Wanted: Andy the Anonymous Admin

Decorative Most Wanted Poster of AndyThe 2014 SharePoint Conference opened last night in Las Vegas #SPC14, and the Sheriff is in town at booth 732 to rein in the Wild West of unstructured SharePoint content.

Prior to the show we held a month long community contest patrolling for SharePoint Most Wanted offenders who are putting their organizations at risk, bypassing governance and training, and whose bad habits are frustrating their co-workers. Today on the first full day of #SPC2014, we post our winning submission.

Andy the Anonymous Admin

Andy logs into TeamSites as the farm account and browses libraries and documents that otherwise are not shared with him. Despite regular audits, he thought his actions were untraceable. Unfortunately, Andy was busy browsing over the holidays when he was the only admin on-site.

Powered by WordPress