The 2015 Cost of Data Breach Study: United States released by IBM and Ponemon Institute is the 10th release focusing on cost of data breaches for US companies. Key findings include the total average cost paid by breached organizations has increased from $5.4 million to $6.5 million. The average cost for a stolen record has increased from $201 to $217, of which $74 represents direct costs and $143 indirect costs.
We have already reported that 90% of security incidents are still be tied back to people behavior, reinforcing the need for employee training and awareness to reduce security incidents and data breaches (whether from lost devices or phishing attacks).
Subsequent changes to the employee's computer can easily affect the security of your locked down environment, or worse, your users start to install unauthorized applications like Dropbox on their workstations. Or even worse, they decide to switch off encryption 'just for a while' because it is slowing down the machine.
What is persistence?
Persistence is one of the big attractions to the Absolute Computrace solution. This technology is already embedded in the firmware of most
Recognize that certain employee bad behaviors are one of the major data-loss threats to your business, which are amplified by Bring Your Own Device, data storage location options and cloud computing.
The Millennial: Staying connected is rule number one in this employee’s world. Going without WiFi, apps and Social Media is not an option and all personal and corporate information must be available in one place, at their fingertips. Corrupted or hacked, their device is a potential gateway into the business
Microsoft's cloud business is expecting to be a $4.5 billion business. But a Business Insider article suggests this $4.5 billion number isn't as straightforward as it would seem.
One source says "What Microsoft is doing is claiming a certain percentage of their Enterprise Agreements — these are renewals of their big licensing agreements — as cloud revenue. They bundle the rights to use Azure or Office 365 as part of their overall agreement. The secret is that very few customers are actually taking Microsoft up on using Azure in any meaningful way."
So, when an enterprise signs a new contract to buy software such as Windows, SQL and Microsoft Office, the salesperson may include for free (or almost free) access to Microsoft's cloudRead more
Krebs On security posted an excellent article highlighting the results of socially engineered scams. The blog discusses “CEO fraud,” and the “business email compromise,” that is increasingly common in targeting a specific businesses working with foreign suppliers businesses that do regular wire transfers. The FBI warned in January that cyber thieves stole nearly $215 million from businesses in the previous 14 months through these scams, activated by the hijack of email accounts of business executives.
In one example quoted, the Scoular Company, an employee-owned commodities trader lost $17.2m when they wired money in installments last summer to a bank in China after receiving emails ordering it to do so.Read more
TechTarget have done a nice job of analyzing the next generation of email encryption tools. Email encryption, as the name implies, encrypts email messages and attachments in transit from sender to receiver to protect contents from unauthorized access. The encryption may trigger automatically, encrypting messages based on content, attachment type or it may work manually, requiring the user to choose an encryption option for each email message to be protected.
The second generation of email encryption products, is in wide use compared to the first generation, has no PKI-key exchange requirement. Keys are created dynamically to handle all or virtually all of the key management behind the scenes.
The analysis covers:
When experts talk about social media risk, the conversations focus on how to control how Social Media tools are used.
Clearly, access to Social Media tools place employee communications outside of the organization's control, as a result of it being:
As defined on the JD Supra blog, and Blue Hills' Social Media Risk report, the risk from using Social Media is not in the communication itself, but in deeper worries: sensitive corporate information disclosure, reputational harm, fraud and conflicts of interest. These are not unique to Social Media but manifest themselves veryRead more
Over the last year 94% of organizations encountered one or more cyber-security incidents and 12% experiencing a targeted attack.
Damages from a single successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses, accordong to a survey of worldwide IT professionals by Kaspersky Lab.
Whilst the targeted attacks affects any size of businesse, that large companies specifially see them as an important threat. 38% of organizations with between 1,500 and 5,000 employees, and 39% of businesses with over 50,000 employees highlighted targeted attacks as the number one concern.
Smaller businesses are a little less concerned, 34% citing targeted attacks as a key priority. A big worry forRead more
Healthcare practitioners share sensitive files with remote colleagues, associates and patients. But workers should never use unapproved devices or apps, including USBs and third-party tools, to share confidential documents. This behavior is not only unsecure, but it breaks HIPAA Compliance which could lead to loss of accreditation or substantial fines.
HR Departments send offer letters, tax information and payroll data all the time. And if job-seekers use email platforms like Gmail and Yahoo, they further enhance the risk that of content being viewed by a third-party.
Finacial Advisors andRead more
DLP provides an automated system to detect when users send out sensitive information. An appropriate action can then be taken, using a Policy tip to warn the user, journal the message, notify a person/group or block the message. Microsoft DLP includes a template engine to create templates for different policies, with a templates for common policies such as HIPAA and PCI. Exchange 2013 DLP suffers from limitations, mainly it worked only on messages sent through the Exchange server, Policy Tip warnings are only supported in OWA 2013 and Outlook 2013, and the system requires specialist skills to maintain.
Microsoft has extended DLP into SharePoint Online and OneDrive for Business. Office 365 DLP will also be able to recognize and act on tagsRead more
Microsoft offers a selection of free Office 365 migration tools to assess readiness and manage deployment. The Exchange Server Deployment Assistant queries deployment objectives and creates guidelines for the migration. The Directory Sync tool assists the migration process by synchronizing users, groups and contact data from local Active Directory to Office 365. Office 365 provides the Exchange Admin Center to help with remote moves, cutovers, staged migrations and third-party email (IMAP) migrations.
Third-party tools can add extra features such as creating user accounts, moving email, contacts, appointments, tasks, folders, archives and settings to Office 365.Read more
One of PhishGuru's anti-phishing clients, a Northeastern public university, reduced successful phishing attacks by 90%.
When a cyber-criminal fabricated an email that appeared to originate from the newly appointed dean’s email address, addressing new policies and staffing changes and asking school officials to update their personal information, it triggered an response from administration, according to the school’s information security officer. “We recognized that a significant hole in our security was our people in that they were not very savvy with regards to these issues,” heRead more
Management’s objective is to use email to optimize communications with employees. So what does it take to motivate employees to open internal mail when they are already overloaded with email from clients and business partners?
NCR (via Forbes) came up with some interesting findings on organizational behavior based on big data with regards to emails sent by internal sources…and the factors that motivate click-through vs. the decision not to open an email.
Here are some of the learnings (some may surprise you):
#PST files continue to be a thorn in the side of the messaging group, IT security, Compliance and Records Management. Here is an analysis of why you need to get control over your PST files.Read more
The new SECURE Exchange Gateway (SXG) adds data protection and Compliance control to email content being distributed within an internal Microsoft Exchange infrastructure.
In combination with Adaptive Redaction technology, the SXG safeguards against inappropriate or sensitive information being incorrectly distributed internally thereby removing the threat of such data being stored in an unsecure location or accidentally leaked outside the organization.
Microsoft Exchange, as the primary collaboration tool of choice, will grow market share to 68% by 2016 according to the Radicati Group. The SECURE Exchange Gateway detects inappropriate content sharing, imbedded malware, malicious executable file types and content violations in ExchangeRead more
Adaptive Redaction is a new technology to prevent sensitive data leaking in or out of your company via email, attachments and web uploads and downloads. This technology, from our partner Clearswift, automatically identifies and removes sensitive data as it passes in and out of a company network with no human intervention.
Why redact? Adaptive Redaction scans content, automatically identifying and removing both the ‘visible’ and ‘invisible data’ - credit card number, patient id - which breaks policy, then continues to deliver to the intended recipient without ‘stopping and blocking’. The trigger to redact depends on the policy, which in turn depends on the individuals who are sending or receiving the information - making itRead more
A new infographic shows the current situation and plans for ediscovery related data- mailbox data, network file data, hosted or on-premise - from an admins perspective. With 104 respondents,our friends at Sherpa, asked IT admins questions pertaining to their ESI (electronically stored information). Here’s what they had to say!
Most of our Exchange and Domino customers are seeing expanding SharePoint environments. But the management of who-has-access-to-what within a SharePoint Library becomes a huge issue as the SharePoint infrastructure gets larger and more complex. Titus metadata security for SharePoint addresses this issue:
|SharePoint native security issues:SharePoint's Inherited security model is insufficient for controlling access to sensitive information. Permissions for each document within a library must be set one-at-a time, which is very time consuming. It is hard to keep track of all documents that need special permissions. This usually forces organizations to move documents into separate libraries.Users Need Filtered Views - Different users|
There was a time when the production of information in civil litigation primarily consisted of the exchange of hard-copy, paper records. Those days are long gone.
Now we live in an age that features all kinds of electronic data. It is critical to get it correct when it comes to Electronic Discovery - as the downside consequences for getting it wrong can be severe.
Duane Morris reports that as soon as litigation happens or is reasonably believed to be on the horizon, it is imperative to implement a "legal hold" to preserve potentially relevant data. In this way, relevant data will not be destroyed. The failure to preserve relevant data can lead to charges of spoliation of evidence. Actual spoliation can lead to court orders excludingRead more