Stuart Littleford, editor of The Government and Public Sector Journal (GPSJ), sought to improve the company’s overall risk posture by optimising its endpoint security. The publishing company UK Media Publishing Ltd, like any, tackles numerous IT threats on a daily basis, but the increased risk posed by staff working remotely meant that traditional network security (as have protected critical applications) were no longer effective.
It was necessary to implement access and encryption controls on staff handling of sensitive data by physical protecting it in hardware accessed via PIN passwords. Whilst managing the security of data, it also had to ensure its employees remained connected and productive, with always on access to required information, whatever their location and to provide devices with sufficient storage capacity to hold the large data volumes they were working with.
Employees previously opted for BYOD, using their own devices to connect to the network, and even more concerning was that a substantial amount of data was still being saved in paper format. “With editorial archives, subscriptions lists and numerous sales and contact details to protect, ill equipped employees and out of date security processes that didn’t meet the new GDPR legislation, were an accident waiting to happen”, according to Littleford.
He said: “Having considered our options, evaluating all the latest available USB storage technologies and having used Apricorn hardware encrypted devices previously, the decision to upgrade our data storage and security was easy.”
Employees were reporting that searching through reams of unnecessary data and transporting paper files out of the office, resulted in increased operational support, whilst impacting productivity and efficiency. Littlefords’ concerns were focused on the security of the data, who was accessing it, from where, and how the publishing house could limit access to avoid a breach.
In late 2018, UK Media Publishing explored a new working model in which it could enhance and secure its existing storage and network access to better support its mobile workforce. Employees required storage and retrieval of working data for sales, features and editorial purposes. The media firm needed devices that offered ease of use, a design to withstand years of use, and the security and encryption with the addition of safeguards to protect against tampering and loss.
It selected a number of devices from the Apricorn range, including the Aegis Padlock DT Secure USBs, pictured; the Aegis Fortress – FIPS validated, hardware encrypted portable SSD drives and Aegis Secure Key 3.0 encrypted memory keys. Adopting the use of Apricorn USB sticks and encrypted hard-drives enabled the publishing house to securely store and move data around, knowing it was completely secure even if the worst should happen.
Stuart Littleford added: “It was crucial for us to find a solution that was easy to manage, quick to deploy and enabled us to provide secure and manageable devices. Ensuring encryption met the highest industry guidelines and was simple enough for all staff to use was of the utmost importance. The Apricorn products allow us to protect our network, and to create and enforce policies without hindering efficiency and productivity. We are now confident that we meet the required compliance regulations and can save ourselves from the potential fines and damaging repercussions should a data breach occur.”
The USB devices enabled employees to work remotely with policies provisioned so they had access only to files and resources that were completely necessary. It enabled the publishing company to provide staff with a device and password known only to them and the data manager, all devices would then be checked and returned to a secure area and logged each day, with the capability to recall the devices and re-provision them if required.
Jon Fielding, Managing Director, EMEA Apricorn said: “Following the success of this rollout, UK Media Publishing can now demonstrate a move towards GDPR compliance and show that all sensitive data is securely encrypted with FIPS validation and accessible by a limited number of staff only. Should a device be lost or stolen, or fall into the wrong hands, they can rest assured that all data will remain safe and inaccessible.”
The publisher saw cost savings through a reduction in the time and resources previously required to address their data security. It has saved an average of £7,500 per year as well as the savings in time and money through mass provisioning which substantially reduced deployment to a matter of hours. Full implementation took two days. UK Media Publishing have deployed the devices across the firm, with plans to continue monitoring the data and privacy landscape as it evolves.
