Are Your Employees Following Security Policies?

22 06 2010

In the Ponemon Institute’s study, “Trends in Insider Compliance with Data Security Policies,” a majority of respondents admit to serious non-compliant workplace behaviors that place their companies at risk. Such behaviors include the insecure use of USB memory sticks, Web-based email, social media, mobile devices and more. What’s more, the problem seems to be getting worse. The report sites lost or missing USB memory sticks and other portable data-bearing devices that often not reported to the company or are reported when it is too late.

Two key findings?

  • Employee attitudes about their employees affect the level of compliant vs. non-compliant behavior.
  • Employees do not believe their organizations provide ample training or adequate policies to inform them about data protection and security practices.

So, how does your company stack up against the percentages? 61 percent of end users transfer confidential data onto a USB stick and 71 percent says that others do it. What if there was a way to easily transfer sensitive, proprietary and confidential company and client information without using the number 1 cause of lost data? A secure, ad hoc Managed File Transfer solution can let your employees send up to 2GB of confidential information of files without even leaving their email client. No training, no ramp-up time and the ability to track messages and files. Sound too good to be true? Learn more.





Securing Your Customers’ Data

15 06 2010

Can you guarantee the security of customer and company information with today’s available communication tools?

As a business professional, there are a number of tools from which to choose for communication and collaboration. It would be impossible to conduct business everyday without email. Additionally, you use solutions such as FTP to send large files to colleagues, business partners and clients. In a hurry, you may use expensive, expedited shipping services or a courier for your confidential and proprietary documents.

While there are many forms of communication, do you have 100 percent confidence that the content of the message or file being exchanged is secure? While these services, “get the job done” in most cases, they ineffective, costly and provide no guarantee that your documents will arrive securely or on time. So how can you transfer messages and files securely, instantly and a reasonable price?

A secure business communications solution can be used to exchange information or files quickly and securely inside and outside of your organization. As easy-to-use as email, a secure business communications solution, enables you to send important, confidential or proprietary information instantly. Just type a message or attach a file and click to send.

Learn more.





Protecting Your Data and Your Partnerships

24 05 2010

In an Information Week Analytics report, “Inside Out: Protecting Your Partnerships and Your Data,” Curtis Franklin, Jr. of Dark Reading writes, “Partners are a critical element (to enterprise security) – in fact, their importance is matched only by the potential threat they pose to the security of corporate data and the network infrastructure. For IT professionals, the vital question is how to balance trust versus risk in enabling communication between the organization and partners.”

Secure all points of contact with partners.

The report adds, “there have been instances in which partner connections were used to steal data or sabotage computer systems. These breaches show us that enterprises must stay vigilant about security, even in dealing with their closest and most trusted suppliers.” Other findings? “The difference between employee and partner risk varies by industry – in food service, partners accounted for as many as 70 percent of breaches; in the technology arena, partners accounted for only 18 percent.”

Organizations must be wary of:

  • the introduction of malware
  • confidential software theft
  • the data at risk – proprietary, intellectual property to private customer information

While concrete corporate security policies, firewalls and other security measures, help alleviate the threat, how do you ensure B2B partner and trading partner security is achieved while still optimizing those partnerships, making it easier for your partners to do business with you?

B2B Managed File Transfer – From secure ad-hoc file transfer to EDI to enterprise-wide Managed File Transfer a complete B2B communications solution can prevent these breaches from happening to you. Because whether the breach is accidental or intentional, the damage has still been done.





Data Breaches: Stop the Insanity!

10 05 2010

In a recent article by the Identity Theft Resource Center (ITRC), entitled, “Data Breaches: The Insanity Continues,” the ITRC discusses the highlights of 2009 data breaches:

  • Paper breaches account for nearly 26 percent of known breaches (an increase of 46 percent over 2008)
  • Business sector climbed from 21 percent to 41 percent between 2006 to 2009, the worst sector performance by far
  • Malicious attacks have surpassed human error for the first time in three years
  • Out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data

What will the stats be for 2010? Take Preventative Measures.

The article goes on, stating, “Insanity might well be defined as repeating the same action again and again, and expecting a different outcome.” So, the ITRC compiled a list related to how businesses are addressing data breaches and security:

  • Insanity 1 – Electronic Breaches: After all the articles about hacking and the ever-growing cost of a breach, why isn’t encryption being used to protect personal identifying information? Proprietary information almost always seems to be well protected. Why not our customer/consumer personal identifying information (PII)?
  • Insanity 2 – Paper breaches: Why aren’t more state legislators passing laws about rendering paper documents unreadable prior to disposal if they contain PII? Do we dare ask that those laws be actually enforceable? Perhaps we are waiting for paper breaches to reach 35% of the total.
  • Insanity 3 – Breaches happen: Deal with it! You will get notification letters. Breach notification does not equal identity theft. Let’s stop the “blame game” and instead require breached entities to report breach incidents via a single public website. This would allow analysts (and law enforcement) to look for trends and link crimes to a single ring or hacker faster.
  • Insanity 4 – A Breach is a Breach: Let’s not kid ourselves. “Risk of harm” is not a useful standard for determining if the public and consumers should be notified about a breach, especially if the company involved gets to define “risk of harm.” If it is your #$@%2 SSN that is out on the Internet, do YOU think there is “risk of harm?” Some companies might say “no.”
  • Insanity 5 – Data on the Move: You will notice that statistically this is a bright spot, with a decreasing incidence in the past 3 years. But, really! This is 100% avoidable, either through use of encryption, or other safety measures. Laptops, portable storage devices and briefcases full of files, outside of the workplace, are still “breaches waiting to happen.” With tiered permissions, truncation, redaction and other recording tools, PII can be left where it belongs – behind encrypted walls at the workplace.

So how are you protecting your data internally and externally?