A recent security incident at the U.S. Office of the Comptroller of Currency (OCC) has caused organizations to be more concerned about endpoint security, and the information employees have access to. When an employee at the OCC retired, he took over ten thousand staff records with him on two USB drives. The employee was unable to find and return the drives when the OCC asked for them back. Luckily the OCC was prepared for an accidental loss of data, and had measures in place that encrypted the information on the USB drives. Along with the Federal Reserve and the Federal Deposit Insurance Corporation, the OCC is one of the nation’s bank regulators, so a massive data breach at this organization would be catastrophic.
In August, the OCC started doing a retrospective review of how employees handled removable media and data. The OCC found that one week before the employee retired, he or she took thousands of records that contained unclassified information and privacy protected data. Alarmingly, the employee downloaded these records in November 2015, but this internal breach was only uncovered on September 1, 2016—almost a year later. Under the Federal Information Security Modernization Act, once the OCC discovered the information breach, they were required to disclose the incident to the Department Homeland Security and the Government Accountability Office. The OCC also notified the Office of Management Budget and the Treasury’s inspector general investigated the incident.
The information about the security incident was revealed in a statement made last Friday to Congress. According to the OCC’s public statement, there is no evidence that any non-public OCC information has been disclosed or misused. This includes controlled unclassified information or personally identifiable information (PII). However, this misplacement of data is still considered a major incident because the data is sensitive and still hasn’t been uncovered.
Promisec Endpoint Manager (PEM) helps organizations keep their data secure from internal breaches. PEM can help organizations:
In August, the OCC started doing a retrospective review of how employees handled removable media and data. The OCC found that one week before the employee retired, he or she took thousands of records that contained unclassified information and privacy protected data. Alarmingly, the employee downloaded these records in November 2015, but this internal breach was only uncovered on September 1, 2016—almost a year later. Under the Federal Information Security Modernization Act, once the OCC discovered the information breach, they were required to disclose the incident to the Department Homeland Security and the Government Accountability Office. The OCC also notified the Office of Management Budget and the Treasury’s inspector general investigated the incident.
The information about the security incident was revealed in a statement made last Friday to Congress. According to the OCC’s public statement, there is no evidence that any non-public OCC information has been disclosed or misused. This includes controlled unclassified information or personally identifiable information (PII). However, this misplacement of data is still considered a major incident because the data is sensitive and still hasn’t been uncovered.
Promisec Endpoint Manager (PEM) helps organizations keep their data secure from internal breaches. PEM can help organizations:
- Inspect their networks for suspicious activity, like unauthorized downloads from an employee’s computer
- Analyze when systems fail to be complaint with organizational security standards
- Setting application control policies, so employees don’t download malware onto their devices, which could compromise the security of a network
- Ensure complete endpoint security by identifying files that have been compromised with File Integrity Monitoring
No comments:
Post a Comment