Information Protection: Symantec Can Assist Vulnerable Multifamily Industry

Jeff Kok, CIO, Mill Creek Residential
206
307
61

Jeff Kok, CIO, Mill Creek Residential

Your information is your lifeblood. Have you ever been a victim of identity theft? Have you ever remediated a corporate security breach? Victims understand that protecting that information is challenging and shifting constantly. Hackers are innovating continuously– finding new ways to penetrate your company’s systems just as quickly as new technology is aiming to combat them.

High-profile companies such as Target, Yahoo!, The Home Depot, Chase and Anthem are among those that found out the hard way, as successful hacks led to a compromise of seemingly secure data and a black eye from a public relations perspective.

The multifamily industry, including Mill Creek Residential, certainly is not immune from the efforts of hackers who want to make good use of the intimate financial details of your company, key information about your vendors, and the personal data of thousands of residents. But today, threats to your information aren’t just coming from external sources, like hackers – they’re also coming from within, your own employees – “insiders.” This threat is not always obvious because most of the time it is unintentional.

Additionally, hackers today look more like an insider than ever before. Hackers have become more sophisticated and found ways to convince your associates to provide them with information and access to your systems through social engineering or phishing scams and then move through your network with authentic credentials eluding detection. This changes the game.

Traditionally it was always about protecting the perimeter, but now it’s about implementing processes, procedures, and technologies that follow strong frameworks like the NIST (National Institute of Standards and Technology) Cybersecurity Framework – identify, protect, detect, respond, and recover.

Ultimately, the best practice to protect your information is to develop a comprehensive cybersecurity program following a framework like the NIST Cybersecurity Framework that effectively classifies data by risk and protects your information based on the appropriate control to mitigate that risk. Those controls can range from a simple policy to a fully automated control using a technology solution. 

A malicious insider is difficult to identify because their movements and actions may look similar to “normal” business operations. For example, a malicious insider may be able to gain access to the associate’s computer through a phishing scam and then extract key files the associate had saved on their desktop through email or uploading those documents through a file sharing solution like ShareFile. Separate of the malicious hacker acting as an insider, you have associates often unknowingly sharing sensitive information with outside sources through file sharing, email, or social media outlets creating a significant hole in your information protection strategy. Unfortunately, associates can be the weakest link.

 A malicious insider is difficult to identify because their movements and actions may look similar to “normal” business operations 

Educating and training your corporate and onsite teams is a solid first step, but the number of security breaches we read about in the news tells us it’s not enough. That’s why over the years I have combined a strategy that takes best of breed solutions like Symantec’s Endpoint Protection and Blue Coat products to build out a few of the components of a comprehensive security program.

The endpoint is the weakest link in the chain because the associate controls the endpoint, and unintentional mistakes occur. Symantec’s Endpoint Protection keeps information where it belongs – in our own protected hands. The solution goes beyond antivirus to detect and block the most state-of-the-art threats aiming to corrupt the walls of cybersecurity.

With the growth of the cloud and Software-as-a-Service (SaaS), the need for a solution like Symantec’s Blue Coat product is vital to successfully protecting data. Visibility is a large part of the protection process and Blue Coat provides the visibility you need to see what is happening with your Internet traffic. It does proxy-based traffic inspection and policy enforcement, encrypted traffic management, advanced threat protection, incident response, analytics and forensics, web application protection, and network performance optimization.

As a proxy and cloud access security broker (CASB) system, Blue Coat monitors all Internet use and can assist with preventing data from leaving the organization without your knowledge by tracking information going in and out of your network through the egress point. When sensitive information is sent to someone outside of the organization, the system can flag it and then we’re able to investigate why the information was shared.

Comprehensive information protection systems like this provide numerous options from a security standpoint. They can provide simple content filtering, which prevent team members from visiting pornographic sites, gambling sites, social media or anything else that could be nonproductive – or potentially malicious. It can also block online shopping from sites like Amazon or eBay.

Through their SSL inspection technology we’re able to take logs of all of user Internet activity, whether they are pushing files through HTTPS or SSL sites. This visibility allows us to have a log collection system in place to track everything down if we need to do an investigation.

In addition, we use on-premise and off-premise content filtering. We can restrict access for a corporate computer that’s used for work only and filter the content on that computer whether the user is in the office, at home, at the airport or overseas. Having a cloud solution that filters every endpoint we have whether or not it’s connected to our network is a powerful feature.

By managing internal and external threats to our confidential information, we lessen the risk of our data being ransomed, landing in the hands of our competitors or helping destroy our brand identity.

Read Also

4 Ways a CISO can Secure Business & Comply with Changing Regulations

John Paul Cunningham, CIO and CISO, Docupace Technologies

Protecting Enterprise Data with User and Entity Behavior Analytics

Mike Lipinski, VP, Chief Security Strategist, Securonix

The Data Breach Counterattack: 3 Ways to Change the Game and Have a Shot at Winning

Dr. Christopher Pierson, CSO & General Counsel, Viewpost

Utilizing Cloud for a Trusted Business Ecosystem

Roland Cloutier, SVP CSO, ADP [NASDAQ: ADP]