Stracs Weekly Newsletter - Latest News in Data Privacy

Hi friends,

Welcome to Strac’s weekly newsletter on data scanning, data classification & data loss prevention highlighting interesting and relevant news stories, blog posts, and jobs that I saw from around the internet over the past 7 days. I hope you enjoy it and our new format!

We cover below Strac’s latest blog articles on How to Secure Sensitive Data in LLM prompts, How Secure is Microsoft OneDrive for Business and the Complete PII Compliance Checklist for 2024. We also cover a cybersecurity breach at Prudential Financial, a data breach at Bank of America and how to manage a healthcare data breach. As well as this, we highlight security roles at OpenAI, IBM and Adobe.

Lastly, if you need help scanning sensitive data or eliminating data leaks from SaaS, Endpoint, Cloud, and Generative AI, and the ability to instantly detect & remediate (redact, block, alert) PII, PHI, PCI, Sensitive Data or comply with PCI, HIPAA, SOC 2, GDPR, CCPA, etc, book a call with me here

Warmly,
Aatish

Strac’s Latest Views on Securing User Data

How to Secure Sensitive Data in LLM Prompts?

The article discusses the importance of securing sensitive data in Large Language Models (LLMs) to ensure privacy and trust in technology. It highlights various security risks associated with LLMs, such as prompt injection attacks and data leakage, and provides strategies to mitigate these risks, including input validation, access control, and encryption. The article also introduces Strac, a solution specializing in data protection and compliance, which addresses LLM security concerns through real-time threat detection, adherence to global compliance standards, and seamless integration across platforms.

Read more here

How Secure is Microsoft OneDrive for Business? 

This article is written by Strac founder, Aatish Mandelecha, and explores the security of Microsoft OneDrive for Business, discussing encryption, real-time monitoring, and DLP solutions to mitigate cyber threats. It outlines common security risks including lack of encryption and privacy concerns, weak passwords, and malware vulnerabilities. Best practices for enhancing OneDrive security are provided, along with the introduction of Strac OneDrive DLP solution, offering features like real-time monitoring, automated data classification, redaction, intelligent alerting, and compliance management. Book a call with me here to talk more about this.

Learn more here

The Complete PII Compliance Checklist for 2024

This article written by Strac founder, Aatish Mandelecha, provides a detailed PII compliance checklist for organizations to protect Personally Identifiable Information (PII) and comply with global data protection standards. It covers topics such as the importance of PII compliance, classifying sensitive vs. non-sensitive data, implementing security measures, addressing insider threats and phishing attacks, and the impact of Data Loss Prevention (DLP) solutions like Strac. The checklist includes steps such as identifying and classifying PII, setting up secure policies, strengthening data security measures, implementing IAM practices, proactive monitoring, routine compliance assessments, and updating privacy policies. Additionally, it discusses the role of DLP solutions in ensuring PII compliance and highlights Strac's features for PII data protection and compliance with various regulations. Book a call with me here to talk more about this.

Learn more here

Recent Data Privacy News

Prudential Financial Faces Cybersecurity Breach

Prudential Financial disclosed a cybersecurity breach discovered on February 5, 2024, involving unauthorized access to certain company systems. In response, Prudential activated its cybersecurity incident response protocol and is collaborating with external experts to investigate and address the incident, suspecting the involvement of a cybercrime group. The breach exposed administrative and user data from specific IT systems and some employee and contractor accounts, with no evidence of customer or client data compromise. Prudential continues to investigate the incident's extent and potential impact.

Read more here

Bank of America Customers at Risk After Data Breach

Bank of America has informed its customers of a recent data breach that occurred through one of its service providers, Infosys McCamish Systems (IMS), exposing personal information like names, addresses, and financial details. Approximately 57,028 individuals were directly impacted, according to a notification letter to the Attorney General of Maine. The breach, which occurred around November 3, 2023, involved unauthorized access to IMS systems, affecting specific applications. The breach was allegedly orchestrated by the LockBit ransomware gang, which has targeted numerous high-profile organizations worldwide since September 2019. The incident highlights the need for financial institutions to adopt proactive cybersecurity measures. 

Learn more here

Managing a Healthcare Data Breach 

This article discusses the challenges faced by the healthcare industry in managing and protecting sensitive data in the face of increasing cybersecurity threats. It highlights the growing frequency and cost of data breaches in healthcare, emphasizing the importance of preventive measures and robust incident response plans. The piece outlines various challenges in data management, such as digital hygiene practices, interoperability issues, and ransomware threats, while also providing recommendations for preventing breaches and handling them effectively if they occur. It stresses the need for healthcare organizations to invest in technology and compliance measures to ensure data security and regulatory compliance.

Learn more here

Security Jobs on the Market

Open AI is hiring an Enterprise Security Engineer

Looking for: “an Enterprise Security Engineer responsible for implementing and managing the security of OpenAI's internal information systems’ infrastructure and processes.”

Skills required: Experience in protecting and managing macOS fleets, experience deploying and managing endpoint security solutions (e.g. management frameworks, EDR tools), experience with public cloud service providers (e.g. Amazon AWS, Microsoft Azure), experience with identity and access management frameworks and protocols, including SAML, OAUTH, and SCIM, experience with e-mail security protocols (e.g SPF, DKIM, DMARC) and controls, Intermediate or better proficiency with a scripting language (e.g. Python, Bash, or similar), knowledge of modern adversary tactics, techniques, and procedures, ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.

Learn more here

IBM is hiring a Security and Compliance Automation Administrator

Looking for: “Security and Development Operations Engineers to join our Cloud Security Engineering Team to ensure IBM cloud security and compliance.”

Skills required: 5+ years security industry experience, 5+ years of Unix and/or Linux systems administration, experience in security information and event management such as QRadar, PKI and certificate management, security scanning and testing products such as Nessus or Tenable, chef automation, SaltStack Framework, Jenkins, Jira, GitHub.

Learn more here

Adobe is hiring a Staff Cybersecurity Data Platform Engineer

Looking for “a Staff Cybersecurity Data Platform Engineer to develop security-focused data platform needs and the scaling of a data lake spanning petabytes of data.”

Skills required: 7 years of experience in designing and building solutions in Databricks, across multiple clouds, using orchestration, data ingestion, medallion architectures, unity catalog, autoloader jobs, and Delta Lakehouse concepts, 10 years of experience working as either: Software/Data Engineer: query tuning, performance tuning, troubleshooting, and implementing/debugging Spark/PySpark and/or other big data solutions, 10 years of proficiency in developing or architecting modern distributed cloud architectures using AWS tools and technology, design end-to-end robust, scalable, real-time data streaming (Kafka / Flink) and data platform architecture that will support the analytical and reporting needs of the entire organization, offer technical expertise by collaborating with analysts and business users to translate diverse and intricate functional specifications into technical designs, build data models and improve standard schemas across different data sources and normalize data, significant experience in security, encompassing threat management, incident response, and enterprise security, strong understanding of Security Operations Center (SOC) operations and security management workflows within large organizations.

Learn more here