42 Seconds with a Code42 Customer: Lehigh University

Code42 provides your business with a variety of data security benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. While Code42 has a few primary use cases–backup and recovery, device migration, etc.–we’ve learned that our different customers use Code42 in different ways. To explore how customers use our product, we recently partnered with the talented team at creative agency Crash+Sues to create a series of animated videos featuring the voices and likenesses of actual Code42 users.

In our latest video, Naazer Ashraf, senior computing consultant at Lehigh University, explains why they rely on Code42 over sync and share products for data backup and restore. As one of the nation’s premier research universities, Lehigh’s faculty are known for their excellence in research. Obviously, data is extremely important (and valuable) to researchers, so imagine the reaction when one researcher deleted files from Google Drive to save space–and discovered that doing so wiped the files for 10 other researchers. Naazer tells the story in just 42 seconds. Check it out below.

Forrester Offers Five Best Practices for Ransomware Protection

Ransomware has reared its ugly head again, this time bearing the name Bad Rabbit. According to analysts at Crowdstrike, Bad Rabbit shares 67 percent of the same code as NotPetya, meaning this variant may actually be the work of the same threat actor. Bad Rabbit marks the third major ransomware outbreak in 2017. With WannaCry, NotPetya, and now Bad Rabbit, the public is more aware of ransomware than ever. However, awareness is not enough to protect your organization, your employees, and your files. With every outbreak, we come to realize that prevention is never foolproof, and faster detection only gets you so far. What matters most is the speed in which you can respond and bounce back when disruptions like ransomware strike. Forrester has assembled a guide in the proper response to ransomware in the report “Ransomware Protection: Five Best Practices.” Key takeaways of the report include:

  • Avoiding a ransom payment is possible
  • Preventing ransomware doesn’t require new security investments
  • Focus on your core security needs

In addition, consider these important tips that will also help you amp up your speed of response to ransomware attacks:

The human element of ransomware doesn’t get enough attention.

Laptops and desktops are hit by ransomware most often for a simple reason: they’re operated by users. Your employees are moving fast to create the ideas that make the business run, meaning they are prime targets for threat actors. Plus, cybercriminals are getting more and more sophisticated. They’ve optimized ransomware’s “user experience” to increase the odds that a victim falls prey and inevitably pays up.

Don’t blame humans for being human.

Don’t just give them the tools and training to know the dangers, but also the tools to always bounce back when they’ve made an error. Humans will make mistakes. It’s the role of IT and security teams to minimize the disruption and impact of those mistakes, get the idea engine – your employees – back up and running, so the business keeps moving forward.

Protection requires a renewed focus on IT and security basics.

It’s these basics that Forrester analysts Chris Sherman and Salvatore Schiano discuss in detail in the Forrester report. Read “Ransomware Protection: Five Best Practices” today to learn how to minimize business disruption when ransomware strikes.

Protect Your Data from Insider Threats with Code42

Code42 provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more – all in a single product that’s been proven to ultimately save you money. Recently, Code42 launched Security Center, a new suite of tools to help you spot suspicious data use behaviors in your workforce – and respond to them if necessary. There’s a big reason why we added this feature – the facts show that 89 percent of corporate data loss involves the actions of an insider.

We recently partnered with the talented team at creative agency Crash+Sues to create a series of videos about the core features of Code42. This most recent video focuses on an all-too common scenario in which an employee decides to steal valuable data from his employer. Unfortunately for him, this company has Code42’s Security Center.

Take a look today for an illustration of how Code42 and Security Center can help keep your enterprise’s data safe from insider threats.

Time to Respond: Shrunk with Splunk

I’ve been a user of Splunk software for over a decade now. I loved it back in 2006, and it’s been incredible to watch Splunk software evolve into a tool that brings together a powerful community of administrators and a rich ecosystem of vendors, integrators and enhancements that continue to redefine the power of SIEM and adaptive response.

When I joined Code42, I was pleased to see that the company already had a partnership with Splunk. Together, we are providing our customers an even more expanded view into the data that is living on their devices.

Code42 + Splunk: We’re both in the business of business resiliency

Code42 has always been a natural complement to Splunk software—and vice versa. In fact, to a large extent, Code42 and Splunk software share the same goals:

  • Securing your digital environment and protecting your data.
  • Monitoring activities in your environment and detecting threats—whether it’s an external attack or an insider threat.
  • Ensuring resiliency through rapid incident response and guaranteed recovery.
  • Enabling advanced investigation and forensics.

Or, to put it simply: We both help you prevent bad things from happening to your data and your ideas—and if something bad does happen, we help you see it quickly and recover faster.

“ The new Code42 app for Splunk gives you Code42-specific dashboards within Splunk software, so you can easily visualize some of the things that matter most. ”

New Code42 + Splunk integration and app

As Splunk software has evolved, Code42’s ability to integrate into the Splunk ecosystem has also grown. This year, we refreshed our Splunk integration to take full advantage of all our backup and security capabilities. We also added a fantastic new Code42 app for Splunk software. These enhanced integrations allow you to take the comprehensive data collection and unmatched data visibility you get from Code42 and feed it into Splunk software’s analytics-driven SIEM tool.

What’s that really mean for you? The new Code42 app gives you Code42-specific dashboards within Splunk software, so you can easily visualize some of the things that matter most, such as:

  • Validating backups: Get a real-time look at how many users, how many devices and how much data are covered by Code42.
  • Monitoring endpoint data storage: See exactly how much data is being stored in each device—so you can see if that number changes drastically or unexpectedly.
  • Classifying endpoint data: Know what kinds of files you’re backing up—how much of your storage is made up of Word docs, emails, Excel files, coding files, etc.
  • Prioritizing alerts: Splunk software’s smart monitoring capabilities give you an at-a-glance look at your most critical alerts—failed backups, server issues, data exfiltration, etc.—so you can prioritize action.

In other words, you get real-time feedback on how we’re protecting your information and any risks that exist. And by integrating directly into your ecosystem and your SIEM, the same data auditing functions you use today can be applied to your Code42 solution. Your existing alerting and workflow pipeline can drive the Code42 alerts. That means we’ve made it easier for you to get up and running, easier for you to stay secure and faster for you to respond to events.

Code42 App for SPLUNK

Synergistic visibility

Like any good partnership, this one’s all about synergy. In this case, it’s synergistic visibility (say that five times fast!). Code42 brings deeper visibility to Splunk software, so the powerful SIEM tools can see all the data living on all your devices. And Splunk software gives you an intuitive visualization of Code42—both what Code42 is doing with your data, and what your users are doing with your data. All that adds up to identifying risks sooner and enabling faster remediation, so you can keep risks from becoming irreparable damage. Together, we’re helping you make smarter, better decisions in less time.

Cure for the Windows 10 Migration Migraine

Keep precious data safe during an enterprise-wide OS upgrade

One-to-one device migrations, when an IT worker spends hours migrating a device to the Windows 10 platform, aren’t fun for anyone. They drain IT’s time and money and render workers idle as they wait for their devices. More importantly, they put the company at risk for data loss.

Gartner estimates that enterprises using one-to-one migration processes for Windows 10 upgrades could spend up to $445 per device. For a large organization with 2,500 employees, that can add up to more than $1.1 million. And that’s not even counting the loss of productivity as workers wait to get their devices back from IT. Some remote employees may even need to ship their device back to headquarters for the migration, adding additional time and cost.

With 2018 shaping up to be a peak year for Windows 10 migration, how can companies avoid the cost and disruption of a large-scale institutional operating system upgrade? And how can they protect valuable company IP while doing it?

“ By using Code42’s migration solution, companies can save time and money while allowing users to control their experience. ”

Faster, easier, safer

Luckily, savvy companies are turning to user-driven migration for Windows 10. By using tools such as Code42, these organizations are making migrations more scalable and repeatable, cutting costs while keeping their data safe. Using Code42’s migration solution speeds the Windows 10 migration from three hours to 30 minutes on average.

Code42 recommends two different Windows 10 migration processes for companies, based on their needs:

  • Classroom-style migration. For organizations not ready to give up full control to users, this one-to-many process can provide a good interim step on the journey to automation. As its name suggests, in this process, IT hosts events during which multiple users bring their devices and perform the migration themselves, with IT walking them through the process. As in any classroom, if a single user has a specific issue come up during the session, the IT “teacher” can provide some one-to-one guidance while the other users are self-migrating.
  • User-driven migration. Organizations can largely eliminate IT involvement in the Windows 10 migration—the dream of many IT teams—by implementing a fully user-driven process. Using Code42’s migration solution, users simply follow instructions and get in touch with IT only when a specific issue comes up. This approach can speed migrations by 75 percent and leave IT more time to focus on critical issues. Users also benefit by remaining in control of their data and making the migration when it’s convenient for their schedules.

A migration tool that works

To make either of these options work requires the right tool: a simple, intuitive, user-friendly system. Code42 provides this through:

  • Automatic, continuous endpoint backup. Any backup solution that requires manual user activity is doomed to fail because not all users will follow the protocol. Implementing Code42 lays the foundation for a successful migration to Windows 10 because we back up every version of every file, every 15 minutes. No matter how reliable—or not—users are, their endpoint data will be safe.
  • Clear, simple instructions for users. Organizations typically have users who run the gamut of comfort with technology. Code42’s system is powerful enough to facilitate a complex migration like one from Windows 7 to Windows 10, but easy enough for even the least technically savvy employee to walk themselves through the process.
  • Access to data during migration. For certain high-profile users, not being able to access their data for even an hour during migration is unacceptable. Code42 makes it easy for users to access their most recently used files while the other files are migrating.
  • Migration of profiles and device settings. After the Windows 10 migration, users will be up and running more quickly if their device looks, feels and performs as it did before the migration. Code42 migrates device settings so users don’t have to spend precious time doing it themselves.

From dreaded to done

IT teams and users often dread the process and aftermath of an operating system upgrade. By using Code42’s migration solution, companies can save time and money while allowing users to control their experience. More critically, Code42 ensures the security of valuable endpoint data during the Windows 10 migration. IT can focus on more mission-critical tasks and users can continue doing their jobs.

Code42 Diversity and Code42 Inclusion

Code42 is Committed to Diversity and Inclusion

What makes a company a great place to work? In our diverse world, having engaged and empowered employees requires more than just good pay and benefits. At Code42, we believe that employee satisfaction is enhanced when we go beyond just business goals, truly listen to who people are and make concrete efforts to include them. This is why we launched Belong at Code42, a team dedicated to creating a culture of inclusivity within the company.

Belong at Code42

Belong at Code42 is a group of 14 people from across all departments, skill levels, backgrounds and identities. The team comes together regularly to help the company fulfill three key goals for our employees: ensuring everyone is a resource, everyone has a place, and everyone thrives at Code42.

“We’re focused on the current state of diversity and inclusion in the company, how we hope to see things change, and what we can do to affect that change,” said Derek Sung, Code42 committee member and senior designer. “Our goal is to help employees feel like they can be their authentic self at work. It feels good to be a part of this, because it doesn’t feel like it’s just an HR exercise.”

“Previous companies I’ve worked at didn’t have much interest in inclusion,” said Code42 committee member and senior talent acquisition business partner, Heidi Daumen. “But focusing on diversity and inclusion is such a big part of building a culture. As a group, we work hard to develop goals that are actionable and measurable. It’s very hard to get 14 people in a room and not have it turn into strictly philosophical conversations. But we are doing it.”

Putting focus on inclusion

In its first six months, Belong at Code42 has taken concrete steps to make the company more inclusive for everyone, including hosting outside speakers and panel discussions, and delivering training for Code42 employees on a variety of diversity and inclusion topics. The employee handbook has been rewritten with more inclusive language to make employees of all backgrounds feel welcome. Code42 has signed both the Minnesota Technology Diversity Pledge and the National Tech Inclusion Pledge.

These positive steps have been noticed by the Code42 workforce as a whole. “People are really happy that this is happening,” said Daumen. “This is an environment that is very open to what we’re doing. Making sure that everyone feels comfortable and welcome when they come to work is only going to make the company better for all.”

One outward sign of success: Code42 was recently named one of Minnesota’s Top 150 Workplaces for 2018 by the Star Tribune. Of course, we don’t work to achieve an inclusive culture simply to win awards. We firmly believe that creating and maintaining an environment that supports authenticity and celebrates what makes us different ultimately benefits our customers. We have a big job here at Code42. The customers we support, the ideas we protect and the trust we maintain with our customers is the backbone of our company. When employees are happy and comfortable at work, they can better focus on meeting the needs of our customers. We all do our best work when we’re in a place where we feel like we truly belong.

For information about careers at Code42, visit code42.com/careers.

Code42 Data Exposure Report: A must-read for security and business decision-makers

Data Exposure – Stockpiling Cryptocurrency? Save Your Money.

For years, organizations have heard the drumbeat of building digital security perimeters to protect their data. And to the best of their ability, they’ve listened to the experts, followed best practices and spent billions on strategies to prevent data losses and breaches.

Unfortunately, that strategy is no longer working and companies know it. In an increasingly complex digital threat landscape, cybercriminals are constantly evolving, waging successful ransomware attacks even on organizations that have well-established breach-prevention profiles. Our recently released Data Exposure Report, which surveyed nearly 1,700 security, IT and business leaders across the U.S., U.K. and Germany, tells this story in stark relief.

Playing defense in an unpredictable threat landscape

I wasn’t surprised to read in the report that 64 percent of CISOs believe their company will have a breach in the next 12 months that will go public. Furthermore, 61 percent say their company has already been breached in the last 18 months. What is surprising to me is the narrow window of time in which these breaches are happening, demonstrating the increasing severity of the threat.

Even more concerning is the growing number of companies that are reacting to ransomware by purchasing cryptocurrency. Nearly three-quarters of the CISOs we surveyed admitted to stockpiling or having stockpiled cryptocurrency in the last 12 months to pay off cybercriminals. Worse yet, 79 percent of them have actually paid ransoms to regain access to their corporate data.

“ Nearly three-quarters of the CISOs we surveyed admitted to stockpiling or having stockpiled cryptocurrency in the last 12 months to pay off cybercriminals. ”

Get hit, get back up

Security and IT leaders estimate that 39 percent of their organization’s data is only held on endpoint devices — making it more difficult to track. As we discussed in our previous blog, “The Risks of Playing Data Hide-and-Seek,” this lack of visibility over endpoint-only data puts valuable company IP at risk — and updating a company security policy will not change the outcome because some employees simply don’t follow the rules.

In business, time is money. This is especially true in the seconds, minutes, days and weeks after a security breach. Yet according to about one-third of security and IT leaders, it would take up to one week to enact their recovery plan.

There is another way

While companies might think that they have no choice but to pay cybercriminals, they do actually have other options. And the overwhelming majority of CISOs agree. Nearly three-quarters (72 percent) reported that their company must improve its breach recovery ability in the next 12 months. And 75 percent stated that their company needs to shift the focus away from prevention-only security to a prevention-and-recovery strategy.

So what does that mean?

Recovery and prevention

From an IT perspective, prevention is only a single facet of a robust security approach. Possessing the capability to find out how a breach occurred — then being able to recover in real time — is the ultimate definition of resilience. With a comprehensive data recovery tool that includes visibility and recovery for endpoints, companies wouldn’t have to a pay a ransom to regain access to their data. They would simply restore their data using their recovery solution.

Code42 can help organizations regain control post-breach. To find out more, click here.

In case you missed them, get the full Code42 Data Exposure Report blog series:

Code42 Data Exposure Report: A must-read for security and business decision-makers

Data Exposure–The Risks of Playing Data Hide-and-Seek

With cybersecurity threats continuing to evolve, even organizations wielding security tools and policies are at risk from a potential breach. In fact, 20 percent of security and IT leaders admit they do not have full visibility to where their data lives and moves—leaving their organizations with a data security blind spot.

According to the findings of our new Data Exposure Report, which surveyed nearly 1,700 security, business and IT leaders, 80 percent of CISOs agree that, “You cannot protect what you cannot see.”

It seems business leaders, on the other hand, are not always aware of the challenges security and IT leaders face to protect data. The overwhelming majority (82 percent) of business leaders believe IT can protect data they cannot see. This disconnect has major implications for data security, as business leaders often determine the budgets that security and IT need to do their jobs.

“ Keeping track of company data is not as straightforward as it may initially seem. Today, it goes beyond simply monitoring traditional sanctioned storage—even in the cloud. ”

Data at risk

With the rise of flexible working practices and the ongoing digitization of information, the importance of data visibility and forensics across employee endpoints cannot be underestimated. In modern enterprises, with data flowing freely in and out of the organization, traditional security perimeters are no longer enough to prevent breaches.

Without the right tools, endpoint data is particularly vulnerable. In fact, 86 percent of security and IT leaders believe saving files outside of company storage—for example on an employee laptop—puts their organization at risk. This is a significant concern considering that 73 percent of security and IT leaders believe that some company data only exists on endpoints. And this is critical data: Security leaders revealed that losing endpoint-only could be business-destroying.

Data hide-and-seek

Keeping track of company data is not as straightforward as it may initially seem. Today, it goes beyond simply monitoring traditional sanctioned storage—even in the cloud.

While business leaders recognize that saving their data outside official storage causes unnecessary risk for their organization, they aren’t going to change their work habits. More than two-thirds (68 percent) of CEOs think there’s a risk to their company if they store data on devices such as laptops without keeping a copy in centralized storage—but they do it anyway.

Security must include recovery

Businesses need a safety net that will allow them to keep track of data stored on endpoints, regardless of employee behavior or communication breakdowns. To minimize risk to valuable IP, companies should have a security strategy that includes not only data recovery in the event of a breach, but also prevention tools to help prevent breaches from happening.

Coming up in the final post in this four-part series, we will explore why companies must shift their security strategy away from prevention-only to a prevention-and-recoverystrategy that effectively deals with an increasingly unpredictable threat landscape. To read the Code42 Data Exposure Report in its entirety, go to code42.com/2018DataExposureReport.

In case you missed them, get part one and two of Code42’s Data Exposure Report blog series.

Tips From the Trenches: Choosing a Security Orchestration Tool

Like most of our customers, we here at Code42 are constantly looking to enhance our efficiencies when it comes to security. As we use more technology in our environment, that means more log sources, more events and potentially more alerts. It also means we have more opportunities to gather information from disparate sources and put together a more complete picture of the events we do investigate.

Five ways security orchestration tools can help

To help simplify and automate those activities, we are turning towards security orchestration tools. There are many reasons to invest in an orchestration tool. But for us, the following five items are the most important:

  1. Case management: As our team has grown, delegating work and tracking who is working on what becomes increasingly important. An orchestration tool can ideally function as that single workspace for assigning, managing and closing tasks.
  2. Metrics: Closely related to the first item on our list, better management of workload can improve visibility into key metrics like SLAs, as well as make it easier to identify bottlenecks and improve efficiency in analyst workflows.
  3. Integration: We’re constantly testing and adding new security tools, so it’s critically important that an orchestration tool easily integrates with tools we not only are using now but also may add in the future. The less time we have to spend developing integrations, the more time we have for investigating anomalies.
  4. Automation: Of course, automation is the name of the game when it comes to an orchestration tool. Automation allows our team to dream up new ways to streamline data collection and enrichment. Automation also can find connections that we may miss when manually reviewing data.
  5. Value: Analyst time is always in short supply. When a tool does the first four things on this list well, it means our security team can spend less time on low-value work—and more time on important analysis tasks. The more a tool allows us to focus on analysis, the more value it brings to our team.

A page out of the Code42 security orchestration playbook

The right orchestration tool also will allow us to leverage our own Code42 application in exciting new ways. Here’s just one example from the Code42 orchestration playbook:

  • Step 1 – Automatically locate files: To determine the scope of an event and show us how many endpoints have a suspicious attachment, we can search for a specific MD5 hash using Code42 Forensic File Search.
  • Step 2 – Restore deleted files: In situations in which the original file has already been deleted, Code42 Backup + Restore allows us to automatically restore that file.
  • Step 3 – Investigate suspicious files: With all the suspicious files identified (and restored, if necessary), we can now conduct analysis via an orchestration tool—such as running it in a sandbox. Best of all, because we didn’t spend hours or days manually locating and restoring files, we can focus all our time on the critical analysis.

This really is just the tip of the iceberg when it comes to use cases for security orchestration tools—whether it’s leveraging Code42 functionality or any of our many other security tools. As we continue our investigation into security orchestration tools, we’ll share more useful integrations and some automation playbook ideas.

Stay tuned for more updates—and as always, happy threat hunting!

Code42 Data Exposure Report: A must-read for security and business decision-makers

Is Your C-Suite Putting Your Data Security at Risk?

According to the results of our 2018 Data Exposure Report, the answer is likely “Yes.” Some of the most surprising insights revealed by the report, based on surveys of nearly 1,700 security, IT and business leaders, have to do with the impact of human emotions and behavior on data security—particularly across the C-suite.

CISOs and IT leaders probably won’t be surprised to learn that C-suite work habits don’t necessarily adhere to data security policies—and CEOs are among the worst offenders. Our report reveals that their risky behavior is due to old-fashioned work habits, convenience, good intentions and even a sense of ownership over the work.

Understanding the motivations behind problematic behavior is a good start toward adopting more effective data security strategies. But the real takeaway is this: strong policies are no match for human behavior. True data protection allows for the reality of human behavior by providing backup and restore capabilities as well as breach prevention.

“ 93 percent of CEOs admit to keeping a copy of their work on a personal device, outside of officially sanctioned company storage. ”

Not practicing what they preach

The report reveals that 78 percent of CEOs believe that ideas, in the form of intellectual property (IP), are one of the most precious assets within their organizations. However, 93 percent of CEOs admit to keeping a copy of their work on a personal device, outside of officially sanctioned company storage. And the majority of security and IT leaders (86 percent) believe the extent to which employees save files outside of corporate storage poses a serious risk to the organization.

Despite knowing that it’s risky, and being charged with enforcing their own company’s policies, C-suiters continue to put precious company data at risk. What gives? According to the survey, an emotional connection to their work is one of the culprits.

The ownership dilemma

The survey finds that 65 percent of business leaders have a strong sense of ownership of their work. More than half (53 percent) say this is because they impart a bit of themselves into what they create.

This should be good, right? Not necessarily. Counterintuitive as it seems, the very employees who feel a sense of personal ownership over their work often engage in risky behavior patterns at the expense of corporate policy.

Nearly three-quarters of CEOs (72 percent) and 49 percent of business leaders admit to bringing IP with them from a previous employer—highlighting that the very people who should be the most responsible for protecting an organization’s most precious data are not playing by the rules.

Working methods and personal preference

Just over half of CEOs (59 percent) admit to downloading software knowing it may not be approved by IT. Seventy-seven percent of business leaders believe the IT team would consider this a risk, yet they do it anyway.

The risks from the C-Suite don’t stop at losing data. Most of us have experienced that “uh-oh” moment when we’ve inadvertently clicked on an email link we shouldn’t have. Almost two-third of CEOs (63 percent) and exactly half of all business leaders have admitted to doing the same—either by accident or oversight.

No wonder 78 percent of CISOs believe that the biggest risk to organizations is people trying to do their jobs the way they want—in a way that is most effective for them—with a disregard for rules.

Recovery must be part of the solution

The results make clear that strong data policies are no match for the reality of human behavior. After all, if your senior leaders aren’t following the rules, how you can expect the broader employee base to follow your policies?

Data security strategies must therefore include recovery solutions in addition to breach prevention tactics. That’s because no matter how strong your security perimeter is, an employee can easily open the gate to data risk and cyber threats.

It’s better to have the ability to quickly and easily recover when that happens rather than hope everyone follows the rules—because the reality is that they aren’t.

Watch for the next blog post in our Data Exposure series. It will delve into the disconnect between business leaders and security/IT staff over how IT goes about its job protecting data. To read the Code42 Data Exposure Report in its entirety, go to code42.com/2018DataExposureReport.

In case you missed part one —Data Exposure Report: A Must-Read for Security Decision-Makers.



Code42 Data Exposure Report: A must-read for security and business decision-makers

Data Exposure Report: A Must-Read for Security Decision-Makers

We’re thrilled to announce the release of our Data Exposure Report. It reveals some startling truths about how human behavior drives data security vulnerabilities, despite the billions companies spend on data loss prevention.

IT leaders and CISOs will find some of their suspicions validated by the findings, particularly that CEOs are among the worst offenders at violating data security policy. But many of the disconnects we found between current data security strategies and the reality of the threat landscape will be surprising and sobering:

  • Almost three-quarters (72 percent) of CEOs admit they’ve taken valuable intellectual property from a former employer. Yet 78 percent of CEOs agree that ideas, in the form of IP, are still the most precious asset in the enterprise.
  • As many as 80 percent of CISOs agree that “you cannot protect what you cannot see.” Business leaders, however, have a different perspective. Among business leaders, 82 percent believe that IT can somehow protect data they cannot see.
  • Among CISOs, 64 percent believe their company will have a breach in the next 12 months that will go public, which has led nearly 73 percent of CISOs to stockpile cryptocurrency to pay cybercriminals.

The report, based on surveys of nearly 1,700 security, IT and business leaders from the U.S., U.K. and Germany, provides a comprehensive view of attitudes toward data security in this age of rapidly evolving cyber threats. This is the first in a series of four blog posts. Each post will delve into one of these key areas:

  • Emotional drivers of employee behavior that can put a company’s data at risk.
  • The importance of data visibility for security to do its job of safeguarding company data.
  • How to recover from a data breach while maintaining continuity.

Potentially most valuable for IT and security leaders, this report provides insights on ways to build business continuity and resilience in the face of an increasingly complex threat landscape. The upshot: resilience comes from companies evolving their data security strategies to include recovery from data breaches as well as prevention of those breaches in the first place.

“ To protect an enterprise today, security teams need to have visibility to where data lives and moves, and who has access to it. Visibility is key in protecting an organization against both internal and external threats. ”

“The time has come for the enterprise to make itself resilient. IT, security and business leaders need to arm themselves with facts about how the emotional forces that drive employee work styles impact data security policy,” said Rob Westervelt, research director for the security products group at IDC. “To protect an enterprise today, security teams need to have visibility to where data lives and moves, and who has access to it. Visibility is key in protecting an organization against both internal and external threats.”

Data is precious, but talk is cheap

The report reveals that, while most CEOs say their IP is one of their most valuable assets, they are the very people who put IP at risk through data practices they admittedly know are unsafe. Some key findings:

  • Among CEOs, 59 percent admit to downloading software without knowing whether it is approved by corporate security. The majority of business leaders (77 percent) believe their IT department would view this behavior as a security risk, but disregard the warning.
  • The majority of CEOs (93 percent) admit to keeping a copy of their work on a personal device, outside of officially sanctioned company storage. More than 68 percent of CEOs think there’s risk in keeping data solely outside of company storage, but they do so anyway.

So even though they know it’s risky—and they may have even lost work as a result of it —C-suiters continue to put their companies at risk by defying company policies and data security best practices.

The risks of playing data hide-and-seek

In this digital age, more flexible workplaces result in employees saving data on their endpoints, making it increasingly difficult for security departments to see data to protect it during a breach. Some key findings from the report:

  • Nearly three-quarters (73 percent) of security and IT leaders believe that some company data only exists on endpoints, such as desktops or laptops.
  • As many as 71 percent of security and IT leaders and 70 percent of business leaders believe that losing all corporate data held on the endpoint devices would be business-destroying or seriously disruptive.
  • In addition, 86 percent of security and IT leaders believe employees saving files outside of corporate storage poses a serious risk to the organization.

While clear and strong company policy about data security is critical, clearly it’s no match for the reality of human behavior. Companies must resign themselves to employees working and saving precious IP on their endpoints—not to mention engaging in other risky behavior that could result in a data loss incident.

Playing defense in an unpredictable threat landscape

In the evolving threat landscape, companies that experience a ransomware attack are increasingly faced with the untenable choice of paying off cybercriminals or losing precious data. Some key findings from the report:

  • Among CISOs, 61 percent say their company has been breached in the past 18 months.
  • The threat of cyberattack has led 73 percent to stockpile cryptocurrency to pay cybercriminals; of those, 79 percent have paid a ransom.

The most sobering part about these particular findings is the unnecessary use of resources to react to cyberthreats in this way. If a data loss event strikes, a comprehensive data security strategy that includes visibility provides companies with the ability to understand what happened and when. As a result, they are positioned to recover much faster.

An ounce of prevention no longer worth a pound of cure

“ Three-quarters of CISOs (75 percent) and 74 percent of CEOs believe their security strategies need to change from prevention-only to prevention-and recovery-driven security. ”

Despite the disconnect between what they practice and what they preach, the report indicates that business leaders understand the need for a multi-pronged security approach in today’s complex threat landscape.

  • Three-quarters of CISOs (75 percent) and 74 percent of CEOs believe their security strategies need to change from prevention-only to prevention-and recovery-driven security.

To read the Code42 Data Exposure Report in its entirety, go to code42.com/2018DataExposureReport.

Read Part Two of our blog series on the Code42 Data Exposure Report, “Is Your C-Suite Putting Your Data Security at Risk,” to learn how emotional drivers contribute to poor data security habits among employees.

Zinpro Redefines Data Security for its Remote Workforce

Due to the evolving nature of cyber threats—including ransomware, cryptomining, inside actors and more—the definition of “data security” is shifting. Traditional data recovery, including backup and restore, is merging with security functionality to create more comprehensive data protection—the kind of protection companies need in a threat landscape where breaches happen even with the strongest security perimeters.

Luckily for organizations, there are strategies and tools out there to allow the kind of collaboration within IT and security that will reduce risk and save time and money.  Nowhere is this more important than in managing the IT needs of a remote workforce. A great example of best practices around this is Zinpro Corp., which uses Code42’s Backup + Restore and Security Center solutions to protect the data of its global employee base.

Zinpro secures and recovers their data with Code42.

Remote backup for global workforce

For nearly half a century, Zinpro has pioneered research and development of organic trace minerals that improve animal wellness and performance. With a tight focus on trace mineral nutrition, the private, family-owned company attributes its steady growth to the high caliber of its products and its workforce.

It now operates in 11 countries and markets its products in more than 70 countries. Continuous growth of a largely remote workforce brought IT challenges, such as providing reliable backup and monitoring of the company’s employee base. That’s where Code42 comes in.

Zinpro started using Backup + Restore five years ago to protect and mitigate data loss across its global workforce. The Backup + Restore solution has saved the day for Zinpro’s IT department many times.

In one example, an employee working in Belgium took her laptop to the Apple store to diagnose an issue. In order to reinstall the operating system, an Apple employee wiped her hard drive, deleting all of her files.

The employee, who hadn’t backed up her files locally, asked Zinpro’s IT department if anything could be done. Because Zinpro had been using Code42, they were able to restore everything to her computer.

“Without the Code42 backup, she would have lost everything,” said Andrew Williams, Zinpro’s systems engineer and client device specialist. “We were able to use Code42 to restore everything.” Andrew was a finalist in Code42’s 2018 Evolutionary Awards in the Catalyst category.

“ Zinpro is also expanding its use of Code42 Security Center, merging the success of its Backup + Restore practices with the solution’s data monitoring capabilities. The new approach is already reaping benefits. ”

Data visibility

Zinpro is also expanding its use of Code42 Security Center, merging the success of its Backup + Restore practices with the solution’s data monitoring capabilities. The new approach is already reaping benefits. Recently, when an employee left the company, Zinpro was unsure whether she had taken files with her.

Using Code42, Zinpro’s IT department was able to quickly check her computer to see if any files had been moved or transferred. “There was nothing to be worried about, everything was good to go,” said Williams. “Code42 helped put our minds at ease.”

As Zinpro has grown, it continues to add Code42 licenses for each employee. Williams, who is in charge of purchasing for the IT department, has had no trouble making the case for each employee to have a Code42 seat.

“Code42 has saved me many different times and it’s made my job 10 times easier,” said Williams.

Continuing its legacy of steady global growth, Zinpro has a bright future improving trace mineral nutrition for animals. And through its use of Code42 solutions, Zinpro’s IT department will be able to do its part in supporting the company’s employees and mission.

“Code42 is great,” says Williams. “Everyone at Code42 is easy to talk to. You can ask them anything. If they don’t know, they’ll find someone to get the answer for you.”

Code42 security industry awards

Gosh, Well, What Can We Say Except “Thank You?”

Wherever their data lives or moves, whether on endpoints or in the cloud, our customers trust us to protect their ideas, and we take that trust seriously. Ensuring their success is our number one mission here at Code42.

That’s why it is especially gratifying when we are recognized among industry innovators for finding new ways to make our customers’ data safer and workflows easier. We are thrilled to announce that in the first half of 2018 Code42 has received a number of industry honors:

  • Winner: Cyber Defense Magazine 2018 InfoSec Award
    Hot Company: Insider Threat Detection
  • Winner: Cyber Defense Magazine 2018 InfoSec Award
    Cutting Edge: Endpoint Security
  • Winner: 2018 SC Awards Europe
    Best Data Leakage Prevention Solution
  • Winner: Info Security PG’s Global Excellence Awards
    Security Products and Solutions for the Enterprise, Gold
  • Winner: Info Security PG’s Global Excellence Awards
    Endpoint Security, Silver
  • Winner: 2018 Fortress Cyber Security Awards
    Threat Detection
  • Finalist: 2018 SC Awards                                                          
    Best Data Leakage Prevention Solution

While we’re proud to make a difference in the lives of our customers, we also take pride in making Code42 a great place to work for employees. Code42 was recently named one of the Top Workplaces in Minnesota by the Star Tribune, our local newspaper. As a Top Workplace, Code42 joins the ranks of the most progressive companies in Minnesota, based on employee opinions measuring engagement, organizational health and satisfaction.

It’s the dedication and hard work of our employees that enable us to continue to fulfill our customer-first mission. With that said, we want to extend special thanks to our employees and customers whose passion for what they do has driven us for the last 17 years to become an industry leader in data security.

Facebook Twitter Google LinkedIn YouTube