It's 10pm... do you know where your Millennials are?

How the changing work environment is creating new data security challenges

Over the past year the number of data breaches has grown significantly, the majority due to internal errors, such as data sent to the wrong email recipient or employees losing an unencrypted device.

Recognize that certain employee bad behaviors are one of the major data-loss threats to your business, which are amplified by Bring Your Own Device, data storage location options and cloud computing.

Krebs On security posted an excellent article highlighting the results of socially engineered scams.  The blog discusses “CEO fraud,” and the “business email compromise,” that is increasingly common in targeting a specific businesses working with foreign suppliers businesses that do regular wire transfers.  The FBI warned in January that cyber thieves stole nearly $215 million from businesses in the previous 14 months through these scams, activated by the hijack of  email accounts of business executives.

In one example quoted, the Scoular Company, an employee-owned commodities trader lost $17.2m when they wired money in installments last summer to a bank in China after receiving emails ordering it to do so.

TechTarget have done a nice job of analyzing the next generation of email encryption tools. Email encryption, as the name implies, encrypts email messages and attachments in transit from sender to receiver to protect contents from unauthorized access. The encryption may trigger automatically, encrypting messages based on content, attachment type or it may work manually, requiring the user to choose an encryption option for each email message to be protected.

The second generation of email encryption products, is in wide use compared to the first generation, has no PKI-key exchange requirement. Keys are created dynamically to handle all or virtually all of the key management behind the scenes.

The analysis covers:

• Internal and/or

Over the last year 94% of organizations encountered one or more cyber-security incidents and 12% experiencing a targeted attack.

Damages from a single successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses, accordong to a survey of worldwide IT professionals by Kaspersky Lab.

Whilst the targeted attacks affects any size of businesse, that large companies specifially see them as an important threat. 38% of organizations with between 1,500 and 5,000 employees, and 39% of businesses with over 50,000 employees highlighted targeted attacks as the number one concern.

Smaller businesses are a little less concerned, 34% citing targeted attacks as a key priority. A big worry for

DLP provides an automated system to detect when users send out sensitive information. An appropriate action can then be taken, using a Policy tip to warn the user, journal the message, notify a person/group or block the message. Microsoft DLP includes a template engine to create templates for different policies, with a templates for common policies such as HIPAA and PCI. Exchange 2013 DLP suffers from limitations, mainly it worked only on messages sent through the Exchange server, Policy Tip warnings are only supported in OWA 2013 and Outlook 2013, and the system requires specialist skills to maintain.

Microsoft has extended DLP into SharePoint Online and OneDrive for Business. Office 365 DLP will also be able to recognize and act on tags

security awareness is important, but changing employee behavior to decrease security risk is the end goal of any security education program. 

One of PhishGuru's anti-phishing clients, a Northeastern public university, reduced successful phishing attacks by 90%.

When a cyber-criminal fabricated an email that appeared to originate from the newly appointed dean’s email address, addressing new policies and staffing changes and asking school officials to update their personal information, it triggered an response from administration, according to the school’s information security officer. “We recognized that a significant hole in our security was our people in that they were not very savvy with regards to these issues,” he

The new SECURE Exchange Gateway (SXG) adds data protection and Compliance control to email content being distributed within an internal Microsoft Exchange infrastructure.

In combination with Adaptive Redaction technology, the SXG safeguards against inappropriate or sensitive information being incorrectly distributed internally thereby removing the threat of such data being stored in an unsecure location or accidentally leaked outside the organization.

Microsoft Exchange, as the primary collaboration tool of choice, will grow market share to 68% by 2016 according to the Radicati Group. The SECURE Exchange Gateway detects inappropriate content sharing, imbedded malware, malicious executable file types and content violations in Exchange

Adaptive Redaction is a new technology to prevent sensitive data leaking in or out of your company via email, attachments and web uploads and downloads. This technology, from our partner Clearswift, automatically identifies and removes sensitive data as it passes in and out of a company network with no human intervention.

Why redact?  Adaptive Redaction scans content, automatically identifying and removing both the ‘visible’ and ‘invisible data’ - credit card number, patient id -  which breaks policy, then continues to deliver to the intended recipient without ‘stopping and blocking’. The trigger to redact depends on the policy, which in turn depends on the individuals who are sending or receiving the information - making it