The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.
An astounding half a million credit cards have been stolen from an unidentified Australian company. The hackers responsible for the theft are said to be an Eastern European group who are also suspected to be the same one’s that threatened the business continuity of Subway restaurants in 2011. A total number of 150 Subway restaurants in the US were victims of similar hacking.
- “You can look it up.” Do you use a password that can be found in a dictionary? If you do, then a hacker can simply bang on your log-on with a simple dictionary program until he has access to your account. Fix: Consider one of two options most professionals in IT security recommend. Either create a password that contains odd characters interspersed with random letters and numbers or use a pass phrase instead of a password.
- “Be a snowflake.” You need to use a different password for each different site. You do this, right? Oh... Even if you do come up with a strong password, IT security professionals report most people use only one or two passwords for all their log-ons and, of course, that means someone only needs to crack your single password to access all your sites.
- “Don't leave a paper trail.” You'd be amazed how many people write down their passwords on a Post-It and stick it onto their monitor or, if they're really cagey, underneath their keyboard or lap drawer. IT security best practices recommend you never, ever do this.
- “Cover your tracks.” IT security professionals also recommend that, whenever possible, you use a secure connection when you log on. What's a secure connection and how to you make it? Take a look at your address bar. If the address starts off “http://...etc.” then the connection is not secure and an evil doer might be snooping on your session. Try a very simple, single change by using an “s” so that the address looks like this: “https://...etc.” And this encrypts the connection between your browser and the website and thereby making it more difficult for evil doers to do evil.
- “Loose lips sink ships.” One of the most notorious hackers in modern history, Kevin Mitnick preferred “social engineering” to technology techniques. In other words, what he did most of the time was call people up, pose as a system administrator and simply ask users for their passwords. One famous study in England discovered most people would give up their password for a candy bar.
- “We have the technology...” There is a new generation of software utilities that help you manage passwords. For example, a utility called LastPass is a browser extension that connects a heavily encrypted password vault to your browser. Once installed you only have to remember one, highly-secure password and then LastPass can automatically fill in all the others. Even better, LastPass can generate super random, secure passwords whenever you open up a new account on a website or change your password on a site where you already have an account. And finally, perhaps best of all, you can install LastPass on the browser you use at work and the browser you use at home and any other browser you use. This way, you will enjoy convenient security wherever you are.
Telling someone to BYOD is literally a four-letter word in many IT departments. Also known as “bring your own device,” BYOD is a cloud-based concept which allows mobile devices to access a private or corporate network. Employees can access the network using their tablets, cell phones, laptops and other mobile devices.
Lack of well-implemented email encryption remains one of the weakest links businesses face today. Companies who fail to take necessary precautions can be fined due to failure to comply to applicable legal acts, lose customer loyalty and their market competitiveness. Don't make the mistake of implementing it based on bad advice though. Let's look at some of the worst email encryption advice that could leave you vulnerable.
IT security news sometimes seems like an ongoing list of companies that have found themselves the victim of hacking groups or hacktivists, hackers that operate not out of a desire for fame or ill-gotten gains but in order to send a political or social message. All too often, the intrusions suffered by these businesses lead to the public release of information best kept private. The latest such company to find itself the victim of such tactics is none other than internet giant Yahoo!, which was attacked by hacking group D33Ds.
Sending your data into the cloud has implicit security risks. Attackers could potentially intercept the data during transmission or the data can be compromised on the cloud server itself. Ensuring encryption exists at all points of transmission and storage will help to ensure your data remains secure. Let's look at several aspects of security when selecting your cloud-based service provider.
Even though federal officials have recently taken down a large international credit card fraud ring, IT security experts are warning small and medium-sized businesses that the long-term prospects for this type of criminal activity are still alarmingly strong. All legitimate organizations that deal with sensitive financial information such as credit card numbers and expiration dates need to understand how to protect their customers' privacy better. This involves understanding how the criminals in the recent card fraud ring operated.
Businesses that maintain any sort of online accounts for their customers or other interested parties must eventually confront the issue of password encryption. In recent months, major breaches at several high-profile online sites have caused many to wonder over the effectiveness of using hashed passwords. LinkedIn was perhaps the most well-known site to have its password hashing compromised, but other major online businesses such as eHarmony and Last.fm have experienced similar problems.
The most common way for websites to protect information from those who may maliciously intercept it in transit is encryption. This strategy changes, for example, the cardholder name and credit card number submitted on an e-commerce site into a string of characters that is meaningless unless it can be decrypted. One type of encryption used in computers is known as symmetric key encryption.
Payment processor First Data has revealed that over the course of the past year, there has been a surge of hacker incidences seeking unauthorized access to systems that use a point-of-sale approach for credit cards. Unfortunately, for small and medium sized businesses, the merchants that are being targeted most heavily by tech criminals are those that are classified as Level 4 by Visa. Such businesses, which process relatively low numbers of transactions each year, are responsible for slightly less than one-third of all credit card transactions that take place in the United States.
The new era of cloud computing brings with it tremendous advantages in terms of scalability, cost savings, and employee efficiency, but it is not without its challenges. One of the greatest challenges is the need for robust security. In order for businesses and other organization to operate at their full capacity, the cloud solutions they employ must be appropriate for the threat environment as it currently exists, as it is likely to evolve in the near future.
The giant anti-virus company Symantec has released a new version of their Internet Security Threat Report. The study, which is published on a yearly basis, outlines the current threat environment in detail. Among the findings were some facts likely to startle employees of small and medium businesses, even those who regard themselves experienced with today's online environment threats.
Tags: IT Consulting, IT Solutions, IT Support, Security, IT Services, Managed Programs, Risk Management, Cyber Security, Outsourced IT Support, IT Security, Encryption, IT company, Outsourced IT, firewalls, Malware
As more and more businesses decide to migrate some of their workflow onto the cloud, issues of content management can become paramount. The tools and software that can serve to provide effective content management on the local network level may not be transferable to a cloud context. This means that managers and employees may need to learn to work with new systems that can help them to keep cloud resources well organized so that employees can find the documents and data they need in a timely manner. Cloud content management systems are also invaluable when it comes to making sure that encryption is consistently applied according to the policies and procedures established by the business.
The issue of authentication has been a challenge for businesses for at least as long as computers have been an integral part of the workplace. Newer technologies, however, are beginning to provide much more secure means of authentication than the typical user name/password combination or the use of a dongle or special card. Text input, after all, can always be compromised and physical objects that a user must supply can be misappropriated or misused.
It has come to the attention of information security analysts that the state of Texas had a major security breach earlier this month. Fortunately, the state's consistent use of encryption technology meant that the worst consequences of such a breach were avoided.
Businesses involved in any phase of the delivery of health care to Americans need to keep a close eye on their methods, procedures, and practices designed to implement and enforce IT security. The need for this was made all the more apparent this week as word emerged from the federal government that the total tally of health care breaches will soon pass the 20-million mark. The government has kept running statistics since September of 2009 and it has calculated that in less than three full years, more than 400 separate breaches have affected more than 19 million individuals.
Even the best physical security measures for data can fail, as evidenced by a California mishap this week. Personal data about more than half a million individuals involved in the state's child support system have been compromised. The personal information in question includes not just names and addresses of children and adults involved in the system, but also Social Security numbers, California identification or driver's license numbers, and even information that relates to health insurance policies held by the individuals.