Archive for the ‘Data Breach’ Category

« Older Entries
Newer Entries »

Top Ten Reasons You Need Secure Collaboration

Tuesday, April 5th, 2011

10.  Your company has already had a data breach. Don’t make the same mistake twice.  According to a recent survey by McAfee, only half of the companies who have had a data breach or attempted data breach, have taken steps to remediate and protect systems for the future.

9.  People don’t think before they send files. Ideally, they would think twice. But they don’t.  A lawyer accidentally sent a confidential document to a New York Times reporter instead of to a law colleague–both shared the same last name. The result: Nightmare on Email Street.

8.  People get distracted and leave things behind, including that shiny new iPad with the latest sales pricing and quotes.

7.  People write down passwords in obvious places including the same bag their iPad was in when it was left behind.

6.  People turn off security safeguards if they get in the way.

5.  No matter what kind of company you are, you can be a target. The recent data breach at marketing firm, Epsilon, ended up being a colossal 2,500 company data breach, for the price of one.  Epsilon counts brands like BestBuy and Citigroup among its 2,500 customers, or did.

4.  People upload documents to unsecure file-sharing sites even when they know they shouldn’t. Doctors, in blatant violation of HIPAA, have been known to “go outside the system” to send MRIs, including use of free dropbox-type services.

3.  People download files they shouldn’t. If an employee leaves a company, sensitive files often leave, too.  Even worse, files may continue auto-syncing.

2.  Customers get mad when their credit card information is stolen, especially when they get charged for a 3D HDTV that they didn’t order, and that wasn’t delivered to their house.

1.  You like your job and want to keep it.

 

Accellion Secure Collaboration: Share Securely.

 

Posted in Accellion, Collaboration, Data Breach, Data Security | 1 Comment »

“Forget telling execs they can’t use their new shiny iPad”

Thursday, March 31st, 2011

Thanks Mike Rothman, analyst and president at security research firm Securosis, for pointing out in this week’s CSO article by George Hulme, that denying execs the use of their shiny new iPads is not going to make anyone popular. We agree with you Mike, “You have to try to find a way to secure these devices the best you can.”

Judging by the lines outside the Apple stores, more iPads are heading into the enterprise, so this issue is not going away. What’s the big deal with iPads? George Hulme sums it up perfectly “One of the biggest challenges the consumerization of IT creates for the enterprises is the lack of control over where work data is stored and how it’s shared on user devices.”

So if your execs are starting to show their high-tech flair, bringing iPads into the office – here’s our Accellion iPad security tip to keep everyone happy and secure:

Implement Accellion Secure Collaboration so that execs have secure access to sensitive information from their iPads but the information is stored on secure servers not on their iPads.

The result:

i) Your execs get to use their shiny new iPads to easily and securely access and share information with internal and external users.

ii) Confidential information is stored securely on IT managed servers.

iii) You have complete tracking of all file activity including dates and times of all downloads, uploads and recipients.

iv) When your exec leaves their iPad at the client site, on the train, in a conference room, you don’t need to call in a SWAT team, Accellion has you covered and your files are safe.

Here’s a link to more information about Accellion mobile apps. It’s the app every exec with a shiny iPad needs, so they don’t tarnish your company’s security.

 

Posted in Accellion, Collaboration, Data Breach, Data Security, Mobile, Product | 2 Comments »

It’s Not Personal – It’s Business

Monday, March 7th, 2011

Employees at Wells Fargo really shouldn’t take it personally that their CIO, Wayne Mekjian, won’t let them use personal devices to access the corporate network – it’s just business.  In today’s Network World article entitled “Wells Fargo says no to personal smartphones and tablets, period” it’s obvious Wayne is serious about financial data security and responsibility.  And who’s to blame him, after the financial scandals and meltdown of the past few years, CIOs in the financial industry should be on red alert to avoid embarrassing data breaches.  You have to applaud Wayne for taking a stand for information security.

It’s not like Wayne won’t let his folks use smartphones and tablets – he just wants them to be Wells-Fargo issued.  So who’s complaining? Provisioning employees with the necessary tools to be efficient and productive, whether that be devices or software, seems a reasonable responsibility for any organization.  As long as the organization isn’t too restrictive in their provisioning.

We continue to be amazed at how many organizations still fail to provision their users with the ability to securely share information across organizational boundaries. Legal documents, contracts, product designs, software under development, medical records, marketing campaigns, sales data, financial results, board communications are routinely shared with people outside the corporate network and all potentially contain sensitive IP and confidential personal information. Yet many enterprise users are not provisioned with an approved method for sharing files securely.  The use of personal file sharing accounts is an unfortunate but common workaround. If ever there was a security hole to plug, the file sharing hole is one to plug, and fast.

So Wayne Mekjian, thanks for taking a stand for security, you are our Accellion CIO hero of the week.

Posted in Accellion, Data Breach, Data Security, Financial | No Comments »

Enterprise File Sharing – IT Jeopardy

Wednesday, February 16th, 2011

Promoted as the biggest contest of “man vs. machine” since Deep Blue took on Kasparov, this week’s Jeopardy face-off betwen Watson, IBM’s computer creation, and the show’s previous grand champions is great entertainment. Regardless of who, or what ultimately wins, it’s a thought provoking experiment and spectacle.

I checked out the New York Times online link to play a personal, one-on-one game of Jeopardy against Watson. I was reasonably sharp on “Historic Fashion” and “What me Worry?” but Watson had the edge on “Before and Now” and “A Musical Pastiche”. For each question, whether you get it right or wrong, Watson provides details on what it would have answered and the other possible answers it considered. For example:

Question: This 19th-century dress support is a synonym for excited activity; don’t be alarmed if there’s one in your hedgerow
Answer: Bustle
Other Answers Watson considered: Boot, Bodice, Crinoline

It got me thinking about questions that might give Watson or the other contestants an advantage.  Recognizing that Watson is after all a computer, it probably has the edge on any computer, IT-related questions – you would think.  In tribute to this great computer experiment/media stunt, here’s our proposed question category with some sample questions.  Too easy you may say, but try asking these questions within your organization. May the best human/machine win.

Category – Enterprise File Sharing

Question: Information that takes up most of the storage on an email system?
Answer: Files

Question: A small device, named after part of the hand, used to transport files, easy to lose?
Answer: Thumb drive

Question: Healthcare regulation that restricts the sharing of personal health information?
Answer: HIPAA

Question:  An event that typically makes headline news involving the loss of information?
Answer: Data Breach

Posted in Accellion, Data Breach, Data Security | No Comments »

FAX Data Breach Gets Costly

Tuesday, November 30th, 2010

We are getting ready to move offices and the topic of the FAX number came up in our pre-move planning session. The claim was made that no-one uses the FAX machine any more.

I imagine the Hertfordshire County Council in England wishes their employees also hadn’t used the FAX machine. The County Council just got slapped with a £100,000 fine by the Information Commissioners Office (ICO) in the UK after a data breach originating at the FAX machine in June 2010. As reported last week in SC Magazine, employees in the childcare litigation department FAXed information to the wrong recipients on two separate occasions.  The size of the fine was determined in part because the two incidents were 13 days apart and the County Council failed to take sufficient steps to prevent the second breach. Sometimes people over think the solution – unplugging the FAX machine would have done the trick.

We’ve written before about the security hazards of the multi-function copier, scanner, printer in Digital Time Bombs. After hearing about this latest data breach perhaps we should ditch the FAX machine in the move.

Posted in Accellion, Data Breach, Data Security, UK | No Comments »

Cloud Killer – Qu’est-ce Que C’est

Wednesday, November 17th, 2010

What are the 3 surefire ways to kill a cloud project:

  1. Not understanding compliance
  2. Betting on the wrong horse
  3. Not including IT

Thanks to David Linthicum for his recent excellent short article “3 surefire ways to kill a cloud project.”

These 3 cloud killers are particularly relevant to deployment of secure file transfer in the cloud.  I thought it would be worth reviewing how Accellion defends against these cloud killers:

1. Not understanding compliance – It’s all about compliance

From Accellion’s perspective it’s all about compliance.  Ensuring compliance is foremost in any secure file transfer deployment, whether it be on-premise or in-the-cloud.  Since Accellion secure file transfer deployments can span on-premise and in-the-cloud we have implemented comprehensive data protection features to provide the control, tracking and reporting necessary to demonstrate compliance.

• Data in Motion - To protect the data moving through the Accellion secure file transfer system Accellion provides not only business level authentication but also encryption for data in motion.  Data is transferred using the Secure Socket Layer (SSL) protocol including 128 bit encryption, and Accellion includes additional file encryption capabilities before upload using the AES 128 bit encryption scheme.
• Data at Rest - Accellion provides disk encryption using 128 bit encryption to protect stored data. File names are de-referenced when stored by the Accellion secure file transfer system to ensure that files are inaccessible on the server.

2. Betting on the wrong horse – Betting on the right horse

Accellion utilizes the Amazon Web Services AWS Cloud Computing Platform to deliver our hosted Cloud Accellion Secure File Transfer service.  We picked Amazon Cloud because of its SAS70 Type II Certified Data Centers, 99.5% annual uptime service levels and its global distribution of data centers designed to anticipate and tolerate failure while maintaining service levels.  We think we are betting on the right horse, however we also give our customers the option to deploy Accellion secure file transfer in the cloud of their choice, either public or private.

3. Not including IT – Including IT

Accellion believes that ensuring data security and compliance should not be left to business users.  We don’t support adoption of rogue applications, in fact we think they are particularly hazardous for file transfer. Allowing business users to utilize free online file sharing services provides no visibility or control of the flow of enterprise information. At Accellion we work closely with IT organizations to deploy secure file transfer systems and provision business users to keep enterprise data transfer safe.

Thanks again David for the tips on staying away from 3 common cloud killers.

Posted in Accellion, Cloud, Data Breach, Data Security | No Comments »

Facebook e-mail – a new security loophole

Tuesday, November 16th, 2010

Yesterday’s announcement by Facebook that they are introducing email capabilities should provide organizations with yet one more reason for banning the use of Facebook at work.  In the hope that it will raise additional awareness of the security and compliance risk with unmanaged data transfer I posted the following comments at cio.com:

In case you missed it, today Facebook announced the addition of e-mail capabilities for its users. The initial rollout (US only) starts today and will continue over the next few months. One of the most alarming things to note, Facebook says it doesn’t have a set limit on the size of files that can be sent/received via its e-mail. So, if you don’t have a secure, easy way for employees to share large files… watch out, Facebook e-mail can easily become the next insecure IT workaround.

Let’s face it, smart people will find a way to get the job done, and unfortunately, security is often of secondary concern when evaluating IT workarounds. To keep your employees away from the temptation of using insecure IT workarounds – like Facebook – to share confidential corporate files too large to be sent over the e-mail network, deploying an enterprise solution for managing file transfer solution is essential.

Posted in Accellion, Data Breach, Data Security, Email Attachments | 2 Comments »

Accidentally-sent email could end up costing UBS $10 million

Monday, November 15th, 2010

Ouch.  That headline is just not good, anyway you look at it.  As reported in an SC Magazine article today “An email sent in error that contained details of General Motors’ upcoming flotation could have cost Swiss Bank UBS an estimated $10 million.”

This data security lapse appears to have resulted in UBS being dropped as an underwriter for the plan by GM’s owners to sell $10bn in common stock on November 18, to partially payback some of the $50bn US Government bail-out the company received during the financial crisis.

This mistake should never have been allowed to happen.  While humans do make mistakes, there are any number of IT security systems that could have prevented or reduced the risk of this mistake.  Let’s review some obvious ones:

•  Any communications on such a large financial deal should have been sent securely, requiring user authentication.
•  Content monitoring and filtering software could have flagged the email for sensitive information and quarantined the email until it had been approved for sending.
•  Sending sensitive financial information via secure file transfer would have allowed the download link to be deactivated once the error was detected.
•  Sending sensitive information via secure file transfer would also have resulted in a return receipt from any unintended recipients allowing earlier detection and reduction of further downloads.

It’s very hard to understand why at least one of these data security systems was not in place to mitigate the risk. With the size of financial transactions that are at stake, it seems a wise and prudent investment for financial institutions to put in place IT safeguards against human error.  While email is wonderfully accessible and easy to use for business users, it is far too easy to make an inadvertent mistake that unfortunately can have significant financial implications.

At Accellion we help a large number of financial institutions, including the Bank of Scotland, Houlihan Lokey Howard & Zukin and Deloitte & Touche, protect their confidential information with secure file transfer solutions that reduce the financial risk of business user mistakes.  We understand that to err is human.

Posted in Accellion, Data Breach, Data Security | No Comments »

Data Breach Disease Strikes NHS – Again

Tuesday, August 24th, 2010

Yet again, an NHS trust is hit by a data breach, as reported in SC magazine today.  This time a CD of patient data was found at a bus stop. This is not to be confused with the data breach from the USB stick containing medical records that was found in a UK car park.

It is barely a month since we blogged on this topic, NHS Trusts Failing to Protect Information, and the Information Commissioner’s Office (ICO) issued a press release with the ominous title Poor Data Security in the NHS.  Earlier in June, Mick Gorrill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information. We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so.”

Looks like Mike and the ICO have their work cut out for them. Here is a checklist of to-don’ts that the ICO might find helpful in their data protection enforcement efforts with the NHS trusts.

• Don’t use USB sticks for transferring confidential patient data
• Don’t use CDs for transferring confidential patient data
• Don’t post confidential patient data on unsecure FTP sites
• Don’t allow use of P2P file sharing on NHS computers

Also our earlier blog posting Top 3 File Transfer Security Mistakes should be required reading for all NHS trusts.

Posted in Accellion, Data Breach, Data Security, FTP, Healthcare, P2P, UK | No Comments »

Healthcare CIO Puts USB Ports on the Disabled List

Thursday, July 29th, 2010

Finally a story about a CIO who takes on the data security threat from USB sticks and thumb drives. Earlier this week, in Health Data Management News, appeared a short article entitled “Data Security is The CIO’s Constant Challenge”.  This is the story of Chuck Christian, CIO at Good Samaritan Hospital, Vincennes, Indiana and his IT department, and their efforts to protect private healthcare information and ensure HIPAA compliance.

Chuck explained “Earlier this year, Good Samaritan went well beyond its laptop policies, disabling USB ports across the computers connecting to its network.  It was a pre-emptive move to preclude inappropriate data transfers to easily lost devices.”

Chuck Christian explained that disabling the USB ports definitely resulted in changes in behavior.  Not least being the purchasing manager from the hospital who wanted to purchase thumb drives in bulk.  Chuck’s response – “I said no.” To the credit of Chuck and his IT department they implemented a number of secure alternatives to enable staff at the hospital to get their jobs done.

It’s as simple as that.  If you are in charge of data security “Just say no” when someone even suggests using a USB stick or bringing it into the workplace, and give them a secure alternative, such as Accellion secure file transfer.

Chuck Christian you are our Accellion Hero of the week.

Posted in Accellion, Data Breach, Healthcare, HIPAA | No Comments »

« Older Entries
Newer Entries »