361 million >> 144 million >> 4 million that’s the total number of records compromised each year from 2008 – 2010 as a result of data breaches, according to a joint Verizon and United States Secret Service report. After years of increasing losses climaxing in 2008 with a record-setting 361 million records compromised, it was not clear if the 2009 drop to 144 million was an aberration or a sign of things to come. The 2010 total of four million compromised records seems to suggest it was a sign. But of what? And is it a lasting change or a temporary deviation?

Unfortunately, a new report from the Privacy Rights Clearinghouse notes 535 data breaches during 2011, involving 30.4 million compromised records. That’s up from 2011, and it’s just a conservative estimate, since not all data breaches see the light of day. “Because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about,” said PRC director Beth Givens in the report.

In 2011 millions of people were affected by serious data breaches at major corporations and organizations like: Epsilon, Alliance Data Systems, Sony PlayStation, WordPress.com, University of South Carolina, and Tripadvisor/Expedia. These breaches of sensitive information reinforce the need for enterprise-class, secure content delivery solutions at organizations of all of sizes, regardless of industry.

Our New Year’s wish for every enterprise organization is a year free of data breaches.  Of course to make this wish come true we encourage everyone to eliminate unsecure file sharing as a source of data breaches. Make implementing Accellion file sharing part of your New Year’s resolution.

Schwartz, M. J. (2011, December 28). 6 worst data breaches of 2011. Retrieved from http://informationweek.com/news/security/attacks/232301079

Verizon. (2011, May 05). 2011 verizon data breach investigations report. Retrieved from http://www.verizonbusiness.com/Products/security/dbir/

In 2010, Oracle surveyed more than 3,000 people from around the globe to discover how people communicate. The overwhelming response was mobile, mobile, mobile. In 2011, Oracle conducted a second survey calling it The Future of Mobile Communications-Take Two. This upgraded report delivered interesting results about mobile phone usage and the perceptions of mobile devices.

I don’t think we have to discuss the “bring your own device” (BYOD) trend or the fact that employees are using mobile devices to share files & access business applications. The lightning fast proliferation of data hungry users is the thing that organizations and IT managers are trying to manage. The respondents of Oracle’s 2011Future of Mobile Communications-Take Two report confirm that these trends are permanent. That’s bad news for our telephone booth frequenting super hero.

How data hungry were the users from the survey? Over the past year alone, mobile data usage increased 47%. Even more remarkable is the fact that 55% of those surveyed reported having downloaded a mobile app, up significantly from 42% in 2010.  The most dangerous threats posed by downloaded mobile apps are well-documented in Veracode’s Mobile app top 10 list. Even more notable was the fact that 25% of mobile web users are mobile only.

When respondents were asked if they think that information stored or transmitted with a mobile device is secure, the results were disproportionate. Thirty-two percent of those asked thought their information was secure. Sixty-eight percent said that they didn’t think the information stored or transmitted with a mobile device was secure.

People can be their own worst enemy when it comes to security.  Ten percent of all iPhone users have 0000 or 1234 as a device password. The fact that there are mobile data security programs available and not being used is indefensible.

For all these reasons, mobile devices are the most popular target for data theft.  In several upcoming blog posts we will discuss some Dos and Don’ts of mobile device security and take a closer look at mobile security compliance.

Nagar, M. (Designer). (2011). Introduction and evolution. [Web Graphic]. Retrieved from http://www.bluegenietech.com/blog/tag/history-of-mobiles/

For most people outside the IT profession, the scariest thing they deal with on Halloween is a spooky costume or the newest episode of AMC’s ghastly drama “The Walking Dead.” For IT professionals, a data breach is far worse. With the frequency and cost of data breaches on the rise, it’s easy to see why the topic worries IT professionals. In its fifth annual TITLE survey the Ponemon Institute showed a significant spike in legal defense spending to address fears of successful class actions resulting from customer, consumer or employee data loss. In fact, the total cost per data breach incident now exceeds six million dollars.

If that’s not enough to chill IT and security professionals, another report commissioned by Websense surveyed 100 IT managers around the world about the latest threats to corporate security. The IT managers surveyed went on to say that data loss incidents put their jobs on the line, and that managing the stress of a company data breach is more taxing than divorce, managing personal debt, or a minor car accident.

There were 561 data breaches in 2010 and 589 data breaches to date this year. To avoid the stress of a data breach, IT professionals are employing robust security strategies to ease their worries.

We do our part to help Accellion’s customers and their business users protect data while sharing files with external and internal users.

As for the haunts of Halloween… there is nothing that can help the chills and thrills.

Most IT organizations have minimal visibility into what’s on an employee’s phone and how it’s being used, and even less control or insight into information being accessed and shared.

MobileIron and Accellion announced a partnership today to provide our customers with secure mobile device and content management. Together, MobileIron and Accellion help an IT organization to regain control over mobile devices and how employees collaborate and share information from them.

As part of the partnership, Accellion will be one of only seven applications chosen to participate in MobileIron’s AppConnect program.  The goal of AppConnect is to secure MobileIron-developed apps as well as third-party apps on the App Store, Android Market and other mobile app services.

The benefit of the Accellion and MobileIron partnership was summed up by Jason Otani, Director, IT Infrastructure, Curtiss-Wright Corporation, a mutual customer:

Using Accellion Secure Collaboration’s native mobile apps, our teams really appreciate being able to securely collaborate on contracts and engineering plans with internal and external business partners.  MobileIron’s ability to wipe the device clean remotely any time a device is lost or stolen adds another level of security protection against a possible data breach.

For the most up-to-date news and information about this partnership, follow us on Twitter, Facebook, and LinkedIn.

What’s next?  I was inspired to consider this question today after reading John D. Halamka’s blog entry on Life as a Heathcare CIO.

If you’re not familiar with his work, John Halamka is, an MD, MS, and is Chief Information Officer of Beth Israel Deaconess Medical Center, Chief Information Officer at Harvard Medical School, Chairman of the New England Healthcare Exchange Network (NEHEN), Co-Chair of the HIT Standards Committee, a full Professor at Harvard Medical School, and a practicing Emergency Physician.  He is also a long time Accellion customer and has implemented Accellion’s secure file sharing at both BIDMC and Harvard Medical School.  You can read more about his implementation of Accellion in this eWeek article.

Given the scope of his career, it seems like he must ask himself the “What’s Next?” question a lot.  On his blog he answers it.  What’s next?  Constant Reinvention.  He recently announced he is going to step down as CIO of Harvard Medical School, help them find a fulltime replacement for the role and embrace the next reinvention of his career.  About the next phase of his career he states:

It’s July of 2011… and I feel powerful forces are aligning to create a quantum leap forward in electronic health records and health information exchange technology.

We think he’s right.  Healthcare organizations are struggling with the growing use of mobile devices and unmanaged Dropbox-type of solutions in their enterprise and need to secure, manage and audit the mobile sharing of electronic health records, research and other Protected Health Information (PHI).  They know this problem puts the organization at risk for non-compliance with HIPAA and Hitech. The organization could also run the risk of a serious data breach, making news headlines, and incurring hefty regulatory fines.

Accellion’s healthcare customers tend to be more savvy than most and care about offering their staff easy to use file sharing and collaboration applications while still securing and managing sensitive patient and research data.

Accellion is constantly introducing new products and features, and the market continues to have new problems to solve – unmanaged Dropbox-type of solutions in the enterprise, proliferation of new mobile devices.  Asking “What’s Next?” helps us all to thrive and innovate.

So, thanks John for providing today’s inspiration and we wish you luck for your next reinvention.

“Morgan Stanley Admits to Loss of Unencrypted CDs” reads the latest data breach headline in SC Magazine. I can’t help but shake my head as this could have been easily avoided.  The lost information contained 34,000 client account and social security numbers, among other confidential data.  The CDs were delivered in tact to the New York State department of taxation and finance’s mail room and disappeared somewhere between there and the intended recipient’s hands.

IT departments worry about data security and do their best to put systems in place to prevent this kind of data breach.  So how does it happen?  Some of the biggest risks come from employees who work around an IT mandated solution.  In this case, it looks like there was a file too large for either Morgan Stanley’s, the recipient’s, or both systems’ email restrictions.  For the employee who opted to mail the unencrypted CD, the magnitude of the potential loss and risk involved may have never crossed their minds or took a backseat to Getting the Job Done.

You, as an IT professional, can easily save the day and provide a way for your users to share information and collaborate securely.

In addition to banning CDs, thumbdrives, free dropbox-type of applications, FTP or USB sticks, implementing secure file sharing technology such as Accellion’s helps enterprises securely share files in a way that can be seamless to employees and their intended recipients.  With Accellion, you can track and manage who has sent and downloaded what file, where, and via what device.

Since Accellion supports any file format and size, I suspect Morgan Stanley’s CDs were used to transfer files an Accellion user would’ve been able to send easily.  With Accellion, shared files are stored securely on a server, so issues with the recipients’ email storage limits are also bypassed.  And the file is encrypted in transit and at rest.

Some of the world’s leading financial services organizations use Accellion to protect their sensitive data including: AEW Capital Management, American Capital, Australian Unity, Bank of Scotland, Bank of Spain-Miami (Banco Santander), Cigna WorldWide Insurance Company, Covenant Bank, Deloitte & Touche CA, Georgia Bank and Trust, Farmers Insurance Group, Federal Credit Union, HeathMarkets, IMA Financial Group, Inc., KPMG, MIB Solutions, PFS Global Ltd., Princeton Financial Systems, United Community Bank, ViewPoint Bank and Xpress Holding to name a few.

Financial services firms need to protect their sensitive data in a way that’s easy-to-use for employees and easy-to-manage for IT staff.  Accellion solutions can help.

Leaving the office behind has always been a challenge for some, but the iPad is now making it even harder. As employees head to the beach, mountains, and island getaways how many husbands and wives are sneaking an iPad into their luggage?

In the past 12 months, with the introduction of the iPad, there has been a surge in the volume of users.  According to information released by Apple for their investor community, close to 25 million iPads have been sold to date.

Many of these iPads are being used for business, and employees are taking advantage of free and low cost cloud-based collaboration solutions to solve their file sharing needs, without adequate security, tracking, or visibility for the organization.

When your employees and their partners are using free, unmanaged cloud-based services to share and sync files, you know your organization is at risk for a data breach, intellectual property theft or non-compliance.  Well, actually, because they’re using these apps and you have no visibility into what they’re doing, maybe you don’t know how exposed your organization is to a data breach.  Consider this instead: how many people in your organization do you think are taking their iPads on vacation with them this summer, and how many plan to access business information on their iPad?  iPads are also attractive targets for thieves and can be accidentally left behind.

Accellion announced today that our native file sharing and collaboration application for the iPad and iPhone have been made available for download off of the App Store in iTunes just in time for school to be out and vacations to begin.  Designed to work with Accellion Secure Collaboration, the Accellion Mobile Apps for iPad and iPhone are now available for download for free from the App Store in iTunes.  Download the app, and know there’s one less thing to worry about before you go on vacation – of course getting caught doing work on vacation might still get you in trouble with your loved ones.  We can’t help you there.

Reports from the team who attended GovSec in Washington DC highlighted that there is a lot to be learned from the government sector.  Based on recent conversations, it seems to me, government IT organizations are among the most risk averse of all industry sectors.  Risk adverse organizations are:
o    Proactive; they don’t wait for a data breach to happen, they secure their communications
o    Most likely to have an organization-wide data risk assessment and profile
o    Understand that a true adversary only has to be right once, but your security measures have to be right in every possible way
o    And understand that the most destructive adversary can easily come, accidentally or intentionally, from within the organization.

We’ve seen plenty of high profile, reputation-destroying data breaches this month, including the recent notable addition of Sony to the list.  We’re still waiting for specifics on how many of these data breaches occurred, and the true price Sony will ultimately pay, not just in lost revenue while the network was down, but also in lost future revenue as gamers switch to the competition.

Most organizations wait till a major problem happens, and then take action.  John Pironti, during a recent Accellion-sponsored Enterprise 2.0 webinar, entitled “5 Security Essentials for Collaboration” put it best.  After a data breach, companies,   “fire people, hire a new outside security team, and throw a lot of money at finding a solution.  For six months.  And then attention wanes.”

Maybe it’s because politics is fickle, maybe it’s driven by regulatory compliance, or maybe it’s because government – federal, state and local agencies have seen the repercussions of data breaches and have digested tough lessons from their peers.  Whatever the reason, we have seen robust growth in this segment, with new Accellion government wins across the globe, from The Bahamas to Western Australia, from governing bodies to law enforcement agencies.  Organizations have to react once a data breach or noncompliance occurs, but it’s great to able to point to some good news and a market segment that’s being proactive.

If a tree falls in a forest, and no one hears it, does it make a sound?  Or the file sharing equivalent – if an employee uses a free personal file sharing account, and IT doesn’t know about it, does it still present a security risk?  You bet it does.

This week’s CIO UK article entitled CIOs: Break security rules to make them better raises an important point that IT needs to get involved with the applications and devices that employees are bringing into the workplace in order to improve security.

IT experimentation with consumer oriented services lets IT see the type of services that employees are looking for but also gives IT firsthand knowledge and experience of the alarming security implications.

Anyone who has signed up for a free dropbox type of account knows how convenient it is for syncing files.  At the same time anyone with a sense of information security gets this niggling feeling that something isn’t quite right about the ease of moving files out of the organization.

So if employees are using free personal file sharing accounts for enterprise use and IT doesn’t know about it, does it create a data security and compliance risk?  You bet it does.  In fact an informal survey of IT folks indicates that in most organizations IT does know that employees are using a variety of free personal  file sharing apps.

So what’s a good approach for IT to deal with this?  A good first step would be to signup for a free file sharing account and see firsthand not only how easy it is to use but also how easy it is to abuse.  Then make it a priority to deploy an enterprise solution for secure file sharing that makes everyone happy.  Let us suggest Accellion.

The Epsilon data breach of last week keeps on giving, with millions of email notifications being sent out from the companies affected, informing recipients of the incident.  The New York Times has weighed in and made recommendations for Congress to address this type of failure for consumers with an editorial “Who Really Sent That E-Mail?”

The breach at Epsilon underscores the urgent need for a federal standard of data safety that ensures companies follow adequate policies and procedures to protect consumers’ information and determines companies’ legal liability for breaches. As Congress debates new data privacy rules, it should put data security at the forefront.

We agree with the The New York Times about the importance of protecting consumer information and hope Congress and more companies take data security seriously.  Trusting third party marketers with your data is a risk, but there are ways to mitigate the risks and share securely.  A big part of why corporations and government agencies deploy Accellion is to be able to keep track of who is using what data when, internally and across organizational boundaries.