Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management
    • Small Business
    • Storage

    How to Protect Data During Financial Mergers and Acquisitions

    By
    DAVE MEIZLIK
    -
    December 23, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Today’s financial climate is fueling a wave of mergers and acquisitions, particularly among financial institutions. With an infusion of fresh cash from the federal government, in the next six to 12 months we are likely to see weaker banks snapped up by larger institutions. This “fire sale” economy, where companies are snapped up for cheap with little time for due diligence, makes it difficult for the acquiring companies to take inventory of physical assets such as phones and computers, let alone understand and protect the sensitive data that’s on all of those systems.

      Financial organizations use and retain a massive amount of regulated and sensitive data that can sit on a file server, a laptop or other device. To secure their investment, purchasing organizations must quickly take inventory of the acquired company’s information assets, gain visibility into where these assets are stored, find out who has access to them and make sure they are secure.

      Three steps to protect newly acquired data

      There are three steps financial institutions can take to protect their newly acquired data: monitor business communications for sensitive data, discover information assets and implement policy controls to secure sensitive data.

      In a merger and acquisition scenario, many employees and information owners will leave, move departments or be let go, putting sensitive information at risk of loss, misuse or, in rarer incidents, theft. With employees joining and leaving the company, it’s necessary to find out who has copies of records on their desktops or laptops, whether those people are still with the company and where the IT assets are located. In a time of consolidation, employees with access to confidential data may try to keep their customer lists in personal Web-based e-mail or copy data to an external device.

      Therefore, the very first step the buying institution should take is to immediately begin monitoring business communication channels for sensitive data. To do this quickly and effectively, acquiring companies should be prepared with technology assets such as a DLP (data loss prevention) solution, encryption technology and rights management technology so they can “parachute in” and immediately start to get visibility.

      Steps to Protect Newly Acquired Data

      Let’s explore in more detail the three steps financial institutions can take to protect their newly acquired data:

      Step No. 1: Monitor business communications for sensitive data

      The first step following an acquisition should be to monitor business communication channels for confidential data. One of the easiest ways to do this is with a DLP solution. This technology includes out-of-the-box templates for hundreds of data types and regulations. For example, DLP technology can be used to find regulated information such as information about the Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act, as well as customer data such as Social Security numbers and credit card information.

      In a merger and acquisition situation, a lot of confidential data is exchanged between law firms, auditors, human resources and other departments. During an acquisition, fear and uncertainty can lead good employees to make bad decisions. For example, salespeople may make copies of customer lists, while developers may make copies of proprietary source code. It’s critical to get visibility into both the good and the bad business processes early on.

      This will give organizations the intelligence necessary to better govern and secure the business by monitoring the communication channels to see what data is being sent, where it is going and who is sending it. Most people think that they have to do a deep discovery process for their data before they can monitor it. However, by using built-in policy templates in a DLP solution, they can easily begin to monitor for the data they suspect they have, even before they know for sure.

      Step No. 2: Discover information assets

      Data discovery provides an inventory of the data stored in an organization and can alert managers to data that is “at risk” of being lost. When data is discovered, you gain visibility into the organization’s information assets and can begin to classify them. Through this process, you can improve both storage and security across the enterprise and better plan for provisioning, access and growth (while at the same time mitigate risk).

      Although most organizations can satisfy their discovery requirements by using the policy templates built into a DLP solution, the technology also provides for deep content inspection using digital fingerprinting technology. This capability permits the discovery of virtually any type of data, including proprietary information such as source code, merger and acquisition documents, and patent information.

      Step No. 3: Implement policy controls to secure sensitive data

      After gaining visibility into what data an organization has and what data is being used, a DLP solution can institute controls to protect it. Setting policy controls around data, employees and communication channels allows organizations to send data wherever it needs to go, but safely. Communications during a merger and acquisition are critical, and data transfer should not be blocked under the right parameters.

      For example, the legal teams for each party must be able to send information back and forth, but it’s also important that those communications are secured. That’s where DLP and encryption technology come into play. Setting policy controls can manage who can send what data, where they can send it and how it is sent. For example, in the attorney scenario, policies could be set to automatically encrypt e-mails between lawyers. Other examples of setting policy controls include fingerprinting data so that it can be sent securely in an e-mail. However, if someone tries to post it on a financial chat board, the policy would prevent it. The goal of policy controls is to secure data while at the same time enabling business.

      Understanding What Data Needs Protection

      Understanding what data needs protection

      Perhaps the most critical capability of a DLP solution is its ability to accurately understand the data that needs to be protected. Confidential data comes in many forms: It can be in an Excel file, a presentation, a database, a Word document, an e-mail or an instant message.

      The ability to look beyond the “wrapper,” or format type, and examine the data itself is the core strength of DLP technology. Content-aware DLP technology has data intelligence and can identify critical differences (such as whether a list is a confidential customer list or a grocery list). It can tell if the data is source code or a merger document, or even if it’s just an innocuous e-mail between colleagues.

      With a DLP system that identifies what is confidential and accurately protects that data, an acquiring organization can secure its investment early on, better understand the business it has acquired and reduce risk.

      /images/stories/heads/knowledge_center/meizlik_dave70x70.jpgDave Meizlik is a senior manager for Data Security Solutions at Websense Inc., a security software company. Dave also has a blog covering data loss issues at http://ondlp.com. He can be reached on his blog’s site or at [email protected].

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×