Posted on

Facebook Data Breach

It makes sense to check if your Facebook data was exposed.  This site seems like a good place for that according to various news sites – https://haveibeenpwned.com/

This article from Forbes mentions that some users’ dates of birth were exposed by the Facebook breach.  “As well as phone numbers and email addresses, the data exposed in the Facebook breach includes dates of birth, relationship statuses and locations.” – https://www.forbes.com/sites/kateoflahertyuk/2021/04/06/facebook-data-breach-heres-what-to-do-now/

A little more information can be found in this Wired article “What Really Caused Facebook’s 500M-User Data Leak?” including this about the data not coming from the 2018 Facebook data breach “the recently public trove of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature.” – https://www.wired.com/story/facebook-data-leak-500-million-users-phone-numbers/

Posted on

Drop in calls to company ethics hotlines last year.

This article mentions decreased calls to corporate ethics hotlines –
https://www.wsj.com/articles/reports-on-corporate-ethics-hotlines-fell-in-2020-11617615001
The SEC previously reported record tips to their whistleblower program. So what is going on? Maybe more employees are working remotely so they are not witnessing unethical or policy-violating behavior, or the way companies remind employees about their internal hotlines was focused on physical presence like signs in the break room. The article lays out other possibilities too.

Posted on

Archiving Key to Cyber Security Plans

Archiving and Cyber Security

Much like some organizations found themselves unprepared for massive amount of data coming from the business use of social media in recent years, a wave of security fatigue is already emerging for many managers responsible for protecting operational data. The onslaught of news covering cyber security attacks and data breaches are daily. Paired with an always on stream of doom-sayers, organizations are challenged to stay current and ever feel that they are addressing their cyber security risk.

To set your perspective, let us agree that nothing can be made “un-hackable”. Assuming that means we need to determine what are the steps we can take to shore up our defenses to reduce the risk of compromise in our organizations. One area beyond the firewalls and gateways is operational data. This data is, at the core, the electronic bits and bytes that make up nearly all of doing business day to day from an information point of view.

This includes:

  • Messaging, from email to social media, websites as well as text messages,
  • files ranging from reports, correspondence, contracts and other documents,
  • images, video and audio and other more dynamic data, and
  • meta data, such as dates and times and related information that helps define this data.

Where will we find the largest store of this data? Primarily in your archiving and governance platform(s).

While these data can be spread across multiple online and offline locations, the email inbox remains one of the core destinations where all of these data converge. Likewise, that now means it also syncs beyond the organizational computer to tablets and smart phones (and various cloud backup platforms).

While this may make you even more queasy, consider that if more than 100 billion business emails* are being sent per day, the optimal place to insure a secure, accessible archive and backup is your email archiving solution.

This means:

  • Your core operational data is secured in an off-site backup (beyond compromise if your primary network is breached)
  • This data includes communications (email, social, web and text) and the subsequent standard and dynamic attachments of files, audio and video already
  • This data store is easily searched and reported on, with support for not only standard governance needs but also supporting regulatory and other legal elements, for compliance and/or litigation.

By considering your governance and archiving platform(s) as elements of your overall cyber security risk planning – you can balance the resources you need to secure your operational data with strong partners whose sole focus is providing strong, scalable solutions for these needs.

To learn more about how archiving is as key to cyber security as it is compliance, contact us.

*Radicati Group: Email 2015-2019: http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf

Posted on

Avoiding Archiving Fines: Review of Policies & Tech

Avoiding Archiving Fines for Email and More

Archiving and supervision as a process have been in the lexicon of most businesses since at least the late 1990s. However, avoiding archiving fines seems to continue to elude some organizations. Capturing electronic communication – be they for regulatory purposes or just good record keeping – should be in the “DNA” of any organization as good governance.

Of course in many industry segments – financial services, government and healthcare to name a few – it is mandatory. However, for the vast majority of organizations, having a record of what has been “said and done” allows you to manage and defend yourself, your organization and the brand.

Email Archiving WORM Storage and Policy Reporting

Year over year, the fines and penalties continue to mount, even for something as mainstream (now) as email archiving. Even in the last six months we have seen fines both large and small, for failure to supervise email communications as well as for failure to properly design secure storage for retention of email messages.

Consider the addition of social media, blogs as well as text messaging as now largely normal daily activities, and the job of oversight, storage, reporting and exporting data becomes overwhelming. Avoiding archiving fines does not have to overly complicated.

Email, Social Media, Text Messages and More

There are key steps you can take to insure you not only have the right policies and procedures – but that they are evolving with your organization and the technology you use.

Review Consistently and Often

The days of just a cursory annual glance at your handbooks, policies and procedures are long gone. Not only does technology change at a breakneck pace – but so likely is your business and customers. Often this may be more subtle than you might imagine.

For example, the combination of smart phones (iPhone, Android, et al) the mass popularity of Facebook and YouTube have pushed even the most tech averse individuals to heavy daily use of their mobile devices. This has resulted in more than 50% of ALL Internet traffic being mobile. This means a higher proclivity to:

use a mobile device for business and personal apps throughout the work day,
message more informally across email. social media and text channels,
and visit web sites in mobile browser versus returning to laptop or desktop.
Just that simple shift has implications on your policies and procedures for:

general electronic communications use,
accessing the Internet from organization devices and networks,
email and social media policies,
mobile device policies.
Beyond that – are you archiving and managing all of those various communication types?

Building electronic communications policies and procedures into a quarterly review process will help keep you prepared. Likewise, speak with your vendor(s) providing archiving and automated reporting to insure your keyword and phrase policies are accurate and automated. Perhaps most critical, make certain your storage is non-delete and secured – as fines and legal damages can be most painful around inappropriate storage that leads to lost or deleted data.

Posted on

Reducing eDiscovery Costs with Archiving

eDiscovery and Archiving

Often overlooked when implementing archiving solutions for messaging is the value in reducing the overhead of eDiscovery. This often occurs as archiving is primarily driven by the need to satisfy specific compliance activity for regulatory purposes. However, an archiving solution is much more. Even in light of improving conditions on some legal front, specific to consumer class action pre-trial discovery (see the Wall Street Journal article here), overall the need to be able to produce data for discovery can be overwhelming. This is both from a resource perspective along with the need for assembling the data results into proper format for courts.

As you can from a survey this year by Carlton Fields (see report here) a majority of corporate counsel continue to see at least one class action a year. Those costs run into the billions annually. Tackling eDiscovery costs with your archiving solution comes in two parts, one being the capabilities of the technology and second, the configuration and use of the search and reporting tools available that extend beyond just compliance procedural review.

The Technology of Archiving

This consideration occurs at your due diligence of selecting a solution. It is driven by your messaging need and policy on electronic communications. For example, if your company utilizes email, social media, public web sites and text messaging in your communications day to day – you will need a platform capable of accommodating those message mediums. All of these message types can be considered in discovery requests for electronic records along with the files/documents you may also be producing.

From a complexity perspective, tackling the capture and archiving of these data are ranked below.

Moderate Complexity – Major Discovery Value

The capture of email and web sites has some proven history in business and is straightforward step you can take in securing your archiving for compliance and eDiscovery. It also has major discovery value, as email and web sites are most commonly cited in records requests.

Email is considered the most straightforward, as you can connect your company mail server(s) to an archiving solution to insure constant capture of all email communications, along with attachments and other meta data.
Web sites, likewise, can be directly linked to an archiving solution to capture the web pages and related items (images, files, et al) for archiving.

Higher Complexity – Major Discovery Risk

A more modern communications challenge has been to identify and capture social media posts and text messages for archiving. This content can come from a multitude of devices and sources and requires access to many data connections. Identifying an archiver who can assist you in capturing this data not only streamlines your message archiving needs – but also reduces serious discovery risk.

If you would like to explore how Message Watcher can assist you – contact us for a demonstration and more information.

Posted on

Modern Messaging Series – Social Media Archiving

What has been classified as a commodity, message archiving, should be viewed as a key component of your overall business and technology strategy. This is not just wishful thinking on our part, or salesmanship. Messaging has forever changed in the past decade as traditional communications via email has transcended to numerous channels – social media, instant messaging and blogging.

What began as very manageable communications methods in the 1990s via email and the web (and to some extent, instant messaging in the old form) has been disrupted and put many business managers and owners at great unease as to how to properly govern them. The challenge is they’re now essential business tools versus luxury – and this is also the opportunity.

In our modern messaging series, we explore three elements in brief segments:

  1. Business Continuity
  2. Social Media Archiving
  3. Productivity and Efficiency
Posted on

Modern Messaging Series – Business Continuity Through Archiving

What has been classified as a commodity, message archiving, should be viewed as a key component of your overall business and technology strategy. This is not just wishful thinking on our part, or salesmanship. Messaging has forever changed in the past decade as traditional communications via email has transcended to numerous channels – social media, instant messaging and blogging.

What began as very manageable communications methods in the 1990s via email and the web (and to some extent, instant messaging in the old form) has been disrupted and put many business managers and owners at great unease as to how to properly govern them. The challenge is they’re now essential business tools versus luxury – and this is also the opportunity.

In our modern messaging series, we explore three elements in brief segments:

Business Continuity
Social Media
Productivity and Efficiency