Archive for the ‘Data Breach’ Category

« Older Entries

Trick or Breach: Frightening Spike in Data Security Incidents

Wednesday, October 31st, 2012

Who’s lurking around your valuable data? According to new figures from the Information Commissioner’s Office (ICO) in the U.K., your organization’s risk for a breach has increased by a startling percent.

Here’s the spooktacular data they found:

  • In the past five years, data security breaches have increased more than 1000 percent in the U.K.
  • The industry hit hardest is local government, with breaches increasing by 1609 percent; followed by public sector (1308%); and private sector (1159%)
  • The ICO has issued nearly £2 million of fines from July 2011 to 2012 – more than three times the amount of penalties from the previous year

These numbers were reinforced in the United States in Verizon’s 2012 Data Breach Investigations Report that reported 855 incidents and 174 million compromised records.

Verizon’s annual report includes more incidents, derived from more contributors, and represents a broader and more diverse scope. The number of compromised records across these incidents skyrocketed back up to 174 million after reaching an all-time low in last year’s report .In fact, the 2012 report boasts the second-highest data loss total since Verizon started keeping track in 2004.

Nick Banks, head of EMEA and APAC operations for Imation Mobile Security told Help Net Security, “Organizations must take responsibility for preventing breaches, and with so much available technology there really is no excuse for failing to adequately protect data.”

Nick’s right. Safeguarding corporate data has to be at the top of organizations’ priority lists. With tools like Accellion, comprehensive enterprise security is attainable, affordable, and easier than ever – providing a safe way for users to share information, while ensuring files don’t end up in the wrong hands.

It’s time to turn this trend in the opposite direction. Who’s in?

We do our part to help Accellion’s customers and their business users protect data while sharing files with external and internal users.

As for the haunts of Halloween… there is nothing that can help the chills and thrills.

 

Tags: , , , , , , , ,
Posted in Accellion, Data Breach | No Comments »

Three Lessons Learned from Colossal Government Data Breach

Tuesday, October 23rd, 2012

Does the name Bradley Manning mean anything to you? If you’re a government organization, the name is synonymous with “colossal data breach” – as Manning spearheaded the biggest leak of classified information in our nation’s history.

To briefly recap, Manning, a U.S. Army soldier, single handedly accessed more than 900,000 intelligence documents, including daily war logs from military operations in Afghanistan and Iraq. And he did it by downloading files onto CDs labeled “Lady Gaga”, which he shared with the whistleblower site, WikiLeaks.

According to Manning’s published chat logs, the event was “childishly easy”; “no one expected a thing”; and the “weak servers, weak logging, weak physical security, weak counter-intelligence, and inattentive signal analysis created a perfect storm.”

With Manning’s trial just a few months away, we take a look back to share three important lessons learned from this monumental event:

Lesson #1: DLP is Important: While Manning had access to a classified network used by the Department of Defense and the State Department, having a data loss prevention (DLP) solution in place that scanned information, across all network points before it left the network, would have provided an additional line of defense to prevent the data from being downloaded – to a CD, flash drive, or any other storage mechanism.

Lesson #2: It’s Time to Cast a Wider Security Net: Because most government agencies are large, data security can be focused on the “core” or interior of the network versus the perimeter of the organization. But, big data security challenges arise as employees have new ways to view and share confidential data – via BYOD movements, wireless access points, and consumer-based, third-party file sharing sites. Now that networks have become more decentralized, agencies need to deploy a wider “net” to secure and manage data.

Lesson #3: Security and Large File Size Aren’t Mutually Exclusive: Large data transfers are not only common within the government domain, they are often required. But how are agencies securing and managing that data?  And, can large files be shared simply and on demand? To address these needs, organizations are turning to mobile file sharing solutions that give employees the ability to send and synchronize large, classified and confidential documents with ease, while giving IT the security, authentication, encryption and file tracking and reporting capabilities necessary to support data security best practices.

These are three key lessons to remember as we move into 2013 and strive to keep newsworthy security breaches a part of our past, fully protecting government data exchanges of the future.

Tags: , , , , , , , , ,
Posted in Accellion, Data Breach, Data Security | No Comments »

Losing ZZZ’s Over BYOC

Thursday, October 4th, 2012

The high-tech world has no shortage of acronyms. DLP, NAC, TCP, WAN, Wifi– the list goes on and on, making it tough to keep track of the latest buzzwords. Perhaps one of the most widely used acronyms currently is BYOD- the much talked about trend of employees bringing their own devices into the enterprise and the security challenges created as a result.

Well, get ready, because there’s a new acronym that’s entered the fold: BYOC. Bring Your Own Collaboration.

While research conducted this summer by Varonis Systems found that 80 percent of companies do not allow their employees to use collaboration services due to data leakage concerns. Guess what? Your employees are using these solutions anyway.

A survey by Computacenter of IT decision makers found that 84 percent of employees secretly access consumer cloud collaboration solutions in the workplace because their own organizations don’t provide effective alternatives. Translation: if you don’t provide a corporate file sharing and collaboration option, employees will make a point to find one on their own, creating a BYOC ripple effect before you know it.

This BYOC movement is yet another reason for IT administrators to lose sleep. Point in case, Dan Raywood with SC Magazine recently attended a CISO roundtable and the question, “what keeps you awake at night” was answered by a panelist with a single word: “Dropbox.” So, there you have it.

Employees clearly need a way to collaborate and share information. So, you can either provide them with a solution that’s secure and built for enterprise use, or they’ll bring one of their own, which probably will not be secure or appropriate for enterprise user. What’s it going to be?

Tags: , , , ,
Posted in Accellion, Collaboration, Data Breach | No Comments »

Missing: My Phone; Sizeable Reward for Ignoring Corporate Data

Tuesday, August 14th, 2012

If it hasn’t happened to you, consider yourself lucky: misplacing your phone is never a great feeling. While you might immediately think of lost contacts, to-do lists, and calendar items, IT administrators have much more serious concerns on their minds, including the possibility of corporate data getting into the wrong hands.

A new survey by Credant Technologies shows that more than 8,000 devices were left at the largest U.S. airports last year alone – with the majority forgotten at security checkpoints and in restrooms. Add to that startling number, the fact that Javelin Strategy & Research found that 62% of smartphone users do not use password protection on their home screens, leaving content wide open to anyone in possession of the phone – a very scary thought.

Hence, all of the current discussions around the need for organizations to deploy solutions, processes, and policies to secure users’ mobile devices, dubbed mobile device management (MDM). In a well-timed move, the National Institute of Standards and Technology (NIST) recently released draft Guidelines for Managing and Securing Mobile Devices in the Enterprise which outlines recommended steps to boost the confidentiality, integrity, and availability of data on smartphones and tablets.

NIST stresses the importance of:

1) providing secure access to enterprise computing resources;

2) supporting strongly encrypted data communications;

3) requiring user and device authentication before accessing enterprise resources; and

4) restricting which mobile applications may be installed.

That’s great advice for any organization, large or small, across any industry and Accellion secure file sharing can help meet all of these recommendations. Because, while no one wants to imagine leaving behind their trusted phone, we all know that anyone can make a mistake.

Tags: , , , ,
Posted in Accellion, Cloud, Data Breach, Data Security, Mobile | No Comments »

Cloud Security and Storage Snafus Cause Alarm

Wednesday, August 1st, 2012

Service outages, application access errors, and security hiccups – that’s exactly what we’ve seen happen in recent months with cloud storage providers Dropbox, YouSendIt, and Box. All were reported to have experienced unexpected issues:

Perhaps Eric Chiu, founder of HyTrust, Inc., a virtualized infrastructure security and management vendor said it best to TechTarget, calling Dropbox “the poster child” for an application that’s infiltrated the enterprise with huge security implications.

Osterman Research, in a recent research report “The Need for Enterprise-Grade File Sharing and Synchronization” found that 49% of organizations believe the problems created by these tools are about as serious as they were 12 months ago, but 42% reported they are more serious.

Before putting your data on the line and exposing it to a potential security glitch or exposing your users to unnecessary usage issues, you must weigh the risks and benefits of a particular provider. And, don’t overlook the hefty regulatory implications if a security snafu hinders your compliance with HIPAA, SOX, and other data privacy mandates.

Many organizations are turning to enterprise-class solutions such as Accellion. While we offer the flexibility of public, private, and hybrid cloud deployments, 80 percent of our enterprise customers go the private cloud route – benefitting from around-the-clock availability, security, and confidentiality of company information.

Tags: , , , , , , , , , , , ,
Posted in Cloud, Data Breach, Data Security | 3 Comments »

2011 Data Breach Rewind

Thursday, December 29th, 2011

Accellion

361 million >> 144 million >> 4 million that’s the total number of records compromised each year from 2008 – 2010 as a result of data breaches, according to a joint Verizon and United States Secret Service report. After years of increasing losses climaxing in 2008 with a record-setting 361 million records compromised, it was not clear if the 2009 drop to 144 million was an aberration or a sign of things to come. The 2010 total of four million compromised records seems to suggest it was a sign. But of what? And is it a lasting change or a temporary deviation?

Unfortunately, a new report from the Privacy Rights Clearinghouse notes 535 data breaches during 2011, involving 30.4 million compromised records. That’s up from 2011, and it’s just a conservative estimate, since not all data breaches see the light of day. “Because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about,” said PRC director Beth Givens in the report.

In 2011 millions of people were affected by serious data breaches at major corporations and organizations like: Epsilon, Alliance Data Systems, Sony PlayStation, WordPress.com, University of South Carolina, and Tripadvisor/Expedia. These breaches of sensitive information reinforce the need for enterprise-class, secure content delivery solutions at organizations of all of sizes, regardless of industry.

Our New Year’s wish for every enterprise organization is a year free of data breaches.  Of course to make this wish come true we encourage everyone to eliminate unsecure file sharing as a source of data breaches. Make implementing Accellion file sharing part of your New Year’s resolution.

Schwartz, M. J. (2011, December 28). 6 worst data breaches of 2011. Retrieved from http://informationweek.com/news/security/attacks/232301079

Verizon. (2011, May 05). 2011 verizon data breach investigations report. Retrieved from http://www.verizonbusiness.com/Products/security/dbir/

Tags: , , , , , , , , , , , ,
Posted in Accellion, Data Breach, Data Security, Mobile | No Comments »

Evolving Mobile Data Security Risk

Thursday, December 1st, 2011

Mobile Data Security Risk

In 2010, Oracle surveyed more than 3,000 people from around the globe to discover how people communicate. The overwhelming response was mobile, mobile, mobile. In 2011, Oracle conducted a second survey calling it The Future of Mobile Communications-Take Two. This upgraded report delivered interesting results about mobile phone usage and the perceptions of mobile devices.

I don’t think we have to discuss the “bring your own device” (BYOD) trend or the fact that employees are using mobile devices to share files & access business applications. The lightning fast proliferation of data hungry users is the thing that organizations and IT managers are trying to manage. The respondents of Oracle’s 2011Future of Mobile Communications-Take Two report confirm that these trends are permanent. That’s bad news for our telephone booth frequenting super hero.

How data hungry were the users from the survey? Over the past year alone, mobile data usage increased 47%. Even more remarkable is the fact that 55% of those surveyed reported having downloaded a mobile app, up significantly from 42% in 2010.  The most dangerous threats posed by downloaded mobile apps are well-documented in Veracode’s Mobile app top 10 list. Even more notable was the fact that 25% of mobile web users are mobile only.

When respondents were asked if they think that information stored or transmitted with a mobile device is secure, the results were disproportionate. Thirty-two percent of those asked thought their information was secure. Sixty-eight percent said that they didn’t think the information stored or transmitted with a mobile device was secure.

People can be their own worst enemy when it comes to security.  Ten percent of all iPhone users have 0000 or 1234 as a device password. The fact that there are mobile data security programs available and not being used is indefensible.

For all these reasons, mobile devices are the most popular target for data theft.  In several upcoming blog posts we will discuss some Dos and Don’ts of mobile device security and take a closer look at mobile security compliance.

Nagar, M. (Designer). (2011). Introduction and evolution. [Web Graphic]. Retrieved from http://www.bluegenietech.com/blog/tag/history-of-mobiles/

Tags: , , ,
Posted in Accellion, Cloud, Data Breach, Data Security, Mobile | No Comments »

Data breaches put the scare back in Halloween!

Monday, October 31st, 2011

For most people outside the IT profession, the scariest thing they deal with on Halloween is a spooky costume or the newest episode of AMC’s ghastly drama “The Walking Dead.” For IT professionals, a data breach is far worse. With the frequency and cost of data breaches on the rise, it’s easy to see why the topic worries IT professionals. In its fifth annual TITLE survey the Ponemon Institute showed a significant spike in legal defense spending to address fears of successful class actions resulting from customer, consumer or employee data loss. In fact, the total cost per data breach incident now exceeds six million dollars.

If that’s not enough to chill IT and security professionals, another report commissioned by Websense surveyed 100 IT managers around the world about the latest threats to corporate security. The IT managers surveyed went on to say that data loss incidents put their jobs on the line, and that managing the stress of a company data breach is more taxing than divorce, managing personal debt, or a minor car accident.

There were 561 data breaches in 2010 and 589 data breaches to date this year. To avoid the stress of a data breach, IT professionals are employing robust security strategies to ease their worries.

We do our part to help Accellion’s customers and their business users protect data while sharing files with external and internal users.

As for the haunts of Halloween… there is nothing that can help the chills and thrills.

Tags: , ,
Posted in Accellion, Data Breach, Data Security | No Comments »

Accellion and MobileIron Announce Partnership

Wednesday, September 28th, 2011

Most IT organizations have minimal visibility into what’s on an employee’s phone and how it’s being used, and even less control or insight into information being accessed and shared.

MobileIronand Accellion announced a partnership today to provide our customers with secure mobile device and content management. Together, MobileIron and Accellion help an IT organization to regain control over mobile devices and how employees collaborate and share information from them.

As part of the partnership, Accellion will be one of only seven applications chosen to participate in MobileIron’s AppConnect program.  The goal of AppConnect is to secure MobileIron-developed apps as well as third-party apps on the App Store, Android Market and other mobile app services.

The benefit of the Accellion and MobileIron partnership was summed up by Jason Otani, Director, IT Infrastructure, Curtiss-Wright Corporation, a mutual customer:

Using Accellion Secure Collaboration’s native mobile apps, our teams really appreciate being able to securely collaborate on contracts and engineering plans with internal and external business partners.  MobileIron’s ability to wipe the device clean remotely any time a device is lost or stolen adds another level of security protection against a possible data breach.

For the most up-to-date news and information about this partnership, follow us on Twitter, Facebook, and LinkedIn.

Tags: , , , ,
Posted in Accellion, Collaboration, Data Breach, Data Security, Government, Healthcare, Mobile, Product, Virtualization | No Comments »

What’s next? Constant Reinvention.

Thursday, July 28th, 2011

What’s next?  I was inspired to consider this question today after reading John D. Halamka’s blog entry on Life as a Heathcare CIO.

If you’re not familiar with his work, John Halamka is, an MD, MS, and is Chief Information Officer of Beth Israel Deaconess Medical Center, Chief Information Officer at Harvard Medical School, Chairman of the New England Healthcare Exchange Network (NEHEN), Co-Chair of the HIT Standards Committee, a full Professor at Harvard Medical School, and a practicing Emergency Physician.  He is also a long time Accellion customer and has implemented Accellion’s secure file sharing at both BIDMC and Harvard Medical School.  You can read more about his implementation of Accellion in this eWeek article.

Given the scope of his career, it seems like he must ask himself the “What’s Next?” question a lot.  On his blog he answers it.  What’s next?  Constant Reinvention.  He recently announced he is going to step down as CIO of Harvard Medical School, help them find a fulltime replacement for the role and embrace the next reinvention of his career.  About the next phase of his career he states:

It’s July of 2011… and I feel powerful forces are aligning to create a quantum leap forward in electronic health records and health information exchange technology.

We think he’s right.  Healthcare organizations are struggling with the growing use of mobile devices and unmanaged Dropbox-type of solutions in their enterprise and need to secure, manage and audit the mobile sharing of electronic health records, research and other Protected Health Information (PHI).  They know this problem puts the organization at risk for non-compliance with HIPAA and Hitech. The organization could also run the risk of a serious data breach, making news headlines, and incurring hefty regulatory fines.

Accellion’s healthcare customers tend to be more savvy than most and care about offering their staff easy to use file sharing and collaboration applications while still securing and managing sensitive patient and research data.

Accellion is constantly introducing new products and features, and the market continues to have new problems to solve – unmanaged Dropbox-type of solutions in the enterprise, proliferation of new mobile devices.  Asking “What’s Next?” helps us all to thrive and innovate.

So, thanks John for providing today’s inspiration and we wish you luck for your next reinvention.

Posted in Accellion, Collaboration, Data Breach, Data Security, Healthcare, HIPAA, Mobile | No Comments »

« Older Entries