Archive for the ‘Data Breach’ Category

« Older Entries
Newer Entries »

Learning from Morgan Stanley’s Data Breach

Wednesday, July 13th, 2011

Morgan Stanley Admits to Loss of Unencrypted CDs” reads the latest data breach headline in SC Magazine. I can’t help but shake my head as this could have been easily avoided.  The lost information contained 34,000 client account and social security numbers, among other confidential data.  The CDs were delivered in tact to the New York State department of taxation and finance’s mail room and disappeared somewhere between there and the intended recipient’s hands.

IT departments worry about data security and do their best to put systems in place to prevent this kind of data breach.  So how does it happen?  Some of the biggest risks come from employees who work around an IT mandated solution.  In this case, it looks like there was a file too large for either Morgan Stanley’s, the recipient’s, or both systems’ email restrictions.  For the employee who opted to mail the unencrypted CD, the magnitude of the potential loss and risk involved may have never crossed their minds or took a backseat to Getting the Job Done.

You, as an IT professional, can easily save the day and provide a way for your users to share information and collaborate securely.

In addition to banning CDs, thumbdrives, free dropbox-type of applications, FTP or USB sticks, implementing secure file sharing technology such as Accellion’s helps enterprises securely share files in a way that can be seamless to employees and their intended recipients.  With Accellion, you can track and manage who has sent and downloaded what file, where, and via what device.

Since Accellion supports any file format and size, I suspect Morgan Stanley’s CDs were used to transfer files an Accellion user would’ve been able to send easily.  With Accellion, shared files are stored securely on a server, so issues with the recipients’ email storage limits are also bypassed.  And the file is encrypted in transit and at rest.

Some of the world’s leading financial services organizations use Accellion to protect their sensitive data including: AEW Capital Management, American Capital, Australian Unity, Bank of Scotland, Bank of Spain-Miami (Banco Santander), Cigna WorldWide Insurance Company, Covenant Bank, Deloitte & Touche CA, Georgia Bank and Trust, Farmers Insurance Group, Federal Credit Union, HeathMarkets, IMA Financial Group, Inc., KPMG, MIB Solutions, PFS Global Ltd., Princeton Financial Systems, United Community Bank, ViewPoint Bank and Xpress Holding to name a few.

Financial services firms need to protect their sensitive data in a way that’s easy-to-use for employees and easy-to-manage for IT staff.  Accellion solutions can help.

Posted in Accellion, Data Breach, Data Security, Email Attachments, Financial, FTP | No Comments »

How many of your employees are taking their iPad or iPhone on vacation?

Monday, June 13th, 2011

Leaving the office behind has always been a challenge for some, but the iPad is now making it even harder. As employees head to the beach, mountains, and island getaways how many husbands and wives are sneaking an iPad into their luggage?

In the past 12 months, with the introduction of the iPad, there has been a surge in the volume of users.  According to information released by Apple for their investor community, close to 25 million iPads have been sold to date.

Many of these iPads are being used for business, and employees are taking advantage of free and low cost cloud-based collaboration solutions to solve their file sharing needs, without adequate security, tracking, or visibility for the organization.

When your employees and their partners are using free, unmanaged cloud-based services to share and sync files, you know your organization is at risk for a data breach, intellectual property theft or non-compliance.  Well, actually, because they’re using these apps and you have no visibility into what they’re doing, maybe you don’t know how exposed your organization is to a data breach.  Consider this instead: how many people in your organization do you think are taking their iPads on vacation with them this summer, and how many plan to access business information on their iPad?  iPads are also attractive targets for thieves and can be accidentally left behind.

Accellion announced today that our native file sharing and collaboration application for the iPad and iPhone have been made available for download off of the App Store in iTunes just in time for school to be out and vacations to begin.  Designed to work with Accellion Secure Collaboration, the Accellion Mobile Apps for iPad and iPhone are now available for download for free from the App Store in iTunes.  Download the app, and know there’s one less thing to worry about before you go on vacation – of course getting caught doing work on vacation might still get you in trouble with your loved ones.  We can’t help you there.

Tags: ,
Posted in Accellion, Collaboration, Data Breach, Data Security, Mobile | No Comments »

What we can learn from our friends in the Government

Tuesday, May 3rd, 2011

Reports from the team who attended GovSec in Washington DC highlighted that there is a lot to be learned from the government sector.  Based on recent conversations, it seems to me, government IT organizations are among the most risk averse of all industry sectors.  Risk adverse organizations are:
o    Proactive; they don’t wait for a data breach to happen, they secure their communications
o    Most likely to have an organization-wide data risk assessment and profile
o    Understand that a true adversary only has to be right once, but your security measures have to be right in every possible way
o    And understand that the most destructive adversary can easily come, accidentally or intentionally, from within the organization.

We’ve seen plenty of high profile, reputation-destroying data breaches this month, including the recent notable addition of Sony to the list.  We’re still waiting for specifics on how many of these data breaches occurred, and the true price Sony will ultimately pay, not just in lost revenue while the network was down, but also in lost future revenue as gamers switch to the competition.

Most organizations wait till a major problem happens, and then take action.  John Pironti, during a recent Accellion-sponsored Enterprise 2.0 webinar, entitled “5 Security Essentials for Collaboration” put it best.  After a data breach, companies,   “fire people, hire a new outside security team, and throw a lot of money at finding a solution.  For six months.  And then attention wanes.”

Maybe it’s because politics is fickle, maybe it’s driven by regulatory compliance, or maybe it’s because government – federal, state and local agencies have seen the repercussions of data breaches and have digested tough lessons from their peers.  Whatever the reason, we have seen robust growth in this segment, with new Accellion government wins across the globe, from The Bahamas to Western Australia, from governing bodies to law enforcement agencies.  Organizations have to react once a data breach or noncompliance occurs, but it’s great to able to point to some good news and a market segment that’s being proactive.

 

Posted in Accellion, Collaboration, Data Breach, Data Security, Government, UK | No Comments »

If a tree falls in a forest, and no one hears it, does it make a sound?

Friday, April 15th, 2011

If a tree falls in a forest, and no one hears it, does it make a sound?  Or the file sharing equivalent – if an employee uses a free personal file sharing account, and IT doesn’t know about it, does it still present a security risk?  You bet it does.

This week’s CIO UK article entitled CIOs: Break security rules to make them better raises an important point that IT needs to get involved with the applications and devices that employees are bringing into the workplace in order to improve security.

IT experimentation with consumer oriented services lets IT see the type of services that employees are looking for but also gives IT firsthand knowledge and experience of the alarming security implications.

Anyone who has signed up for a free dropbox type of account knows how convenient it is for syncing files.  At the same time anyone with a sense of information security gets this niggling feeling that something isn’t quite right about the ease of moving files out of the organization.

So if employees are using free personal file sharing accounts for enterprise use and IT doesn’t know about it, does it create a data security and compliance risk?  You bet it does.  In fact an informal survey of IT folks indicates that in most organizations IT does know that employees are using a variety of free personal  file sharing apps.

So what’s a good approach for IT to deal with this?  A good first step would be to signup for a free file sharing account and see firsthand not only how easy it is to use but also how easy it is to abuse.  Then make it a priority to deploy an enterprise solution for secure file sharing that makes everyone happy.  Let us suggest Accellion.

Posted in Accellion, Data Breach, Data Security, Product | No Comments »

The Data Breach that Keeps on Giving

Tuesday, April 12th, 2011

The Epsilon data breach of last week keeps on giving, with millions of email notifications being sent out from the companies affected, informing recipients of the incident.  The New York Times has weighed in and made recommendations for Congress to address this type of failure for consumers with an editorial “Who Really Sent That E-Mail?”

The breach at Epsilon underscores the urgent need for a federal standard of data safety that ensures companies follow adequate policies and procedures to protect consumers’ information and determines companies’ legal liability for breaches. As Congress debates new data privacy rules, it should put data security at the forefront.

We agree with the The New York Times about the importance of protecting consumer information and hope Congress and more companies take data security seriously.  Trusting third party marketers with your data is a risk, but there are ways to mitigate the risks and share securely.  A big part of why corporations and government agencies deploy Accellion is to be able to keep track of who is using what data when, internally and across organizational boundaries.

Posted in Accellion, Collaboration, Data Breach, Data Security | No Comments »

Top Ten Reasons You Need Secure Collaboration

Tuesday, April 5th, 2011

10.  Your company has already had a data breach. Don’t make the same mistake twice.  According to a recent survey by McAfee, only half of the companies who have had a data breach or attempted data breach, have taken steps to remediate and protect systems for the future.

9.  People don’t think before they send files. Ideally, they would think twice. But they don’t.  A lawyer accidentally sent a confidential document to a New York Times reporter instead of to a law colleague–both shared the same last name. The result: Nightmare on Email Street.

8.  People get distracted and leave things behind, including that shiny new iPad with the latest sales pricing and quotes.

7.  People write down passwords in obvious places including the same bag their iPad was in when it was left behind.

6.  People turn off security safeguards if they get in the way.

5.  No matter what kind of company you are, you can be a target. The recent data breach at marketing firm, Epsilon, ended up being a colossal 2,500 company data breach, for the price of one.  Epsilon counts brands like BestBuy and Citigroup among its 2,500 customers, or did.

4.  People upload documents to unsecure file-sharing sites even when they know they shouldn’t. Doctors, in blatant violation of HIPAA, have been known to “go outside the system” to send MRIs, including use of free dropbox-type services.

3.  People download files they shouldn’t. If an employee leaves a company, sensitive files often leave, too.  Even worse, files may continue auto-syncing.

2.  Customers get mad when their credit card information is stolen, especially when they get charged for a 3D HDTV that they didn’t order, and that wasn’t delivered to their house.

1.  You like your job and want to keep it.

 

Accellion Secure Collaboration: Share Securely.

 

Posted in Accellion, Collaboration, Data Breach, Data Security | No Comments »

“Forget telling execs they can’t use their new shiny iPad”

Thursday, March 31st, 2011

Thanks Mike Rothman, analyst and president at security research firm Securosis, for pointing out in this week’s CSO article by George Hulme, that denying execs the use of their shiny new iPads is not going to make anyone popular. We agree with you Mike, “You have to try to find a way to secure these devices the best you can.”

Judging by the lines outside the Apple stores, more iPads are heading into the enterprise, so this issue is not going away. What’s the big deal with iPads? George Hulme sums it up perfectly “One of the biggest challenges the consumerization of IT creates for the enterprises is the lack of control over where work data is stored and how it’s shared on user devices.”

So if your execs are starting to show their high-tech flair, bringing iPads into the office – here’s our Accellion iPad security tip to keep everyone happy and secure:

Implement Accellion Secure Collaboration so that execs have secure access to sensitive information from their iPads but the information is stored on secure servers not on their iPads.

The result:

i) Your execs get to use their shiny new iPads to easily and securely access and share information with internal and external users.

ii) Confidential information is stored securely on IT managed servers.

iii) You have complete tracking of all file activity including dates and times of all downloads, uploads and recipients.

iv) When your exec leaves their iPad at the client site, on the train, in a conference room, you don’t need to call in a SWAT team, Accellion has you covered and your files are safe.

Here’s a link to more information about Accellion mobile apps. It’s the app every exec with a shiny iPad needs, so they don’t tarnish your company’s security.

 

Posted in Accellion, Collaboration, Data Breach, Data Security, Mobile, Product | No Comments »

It’s Not Personal – It’s Business

Monday, March 7th, 2011

Employees at Wells Fargo really shouldn’t take it personally that their CIO, Wayne Mekjian, won’t let them use personal devices to access the corporate network – it’s just business.  In today’s Network World article entitled “Wells Fargo says no to personal smartphones and tablets, period” it’s obvious Wayne is serious about financial data security and responsibility.  And who’s to blame him, after the financial scandals and meltdown of the past few years, CIOs in the financial industry should be on red alert to avoid embarrassing data breaches.  You have to applaud Wayne for taking a stand for information security.

It’s not like Wayne won’t let his folks use smartphones and tablets – he just wants them to be Wells-Fargo issued.  So who’s complaining? Provisioning employees with the necessary tools to be efficient and productive, whether that be devices or software, seems a reasonable responsibility for any organization.  As long as the organization isn’t too restrictive in their provisioning.

We continue to be amazed at how many organizations still fail to provision their users with the ability to securely share information across organizational boundaries. Legal documents, contracts, product designs, software under development, medical records, marketing campaigns, sales data, financial results, board communications are routinely shared with people outside the corporate network and all potentially contain sensitive IP and confidential personal information. Yet many enterprise users are not provisioned with an approved method for sharing files securely.  The use of personal file sharing accounts is an unfortunate but common workaround. If ever there was a security hole to plug, the file sharing hole is one to plug, and fast.

So Wayne Mekjian, thanks for taking a stand for security, you are our Accellion CIO hero of the week.

Posted in Accellion, Data Breach, Data Security, Financial | No Comments »

Enterprise File Sharing – IT Jeopardy

Wednesday, February 16th, 2011

Promoted as the biggest contest of “man vs. machine” since Deep Blue took on Kasparov, this week’s Jeopardy face-off betwen Watson, IBM’s computer creation, and the show’s previous grand champions is great entertainment. Regardless of who, or what ultimately wins, it’s a thought provoking experiment and spectacle.

I checked out the New York Times online link to play a personal, one-on-one game of Jeopardy against Watson. I was reasonably sharp on “Historic Fashion” and “What me Worry?” but Watson had the edge on “Before and Now” and “A Musical Pastiche”. For each question, whether you get it right or wrong, Watson provides details on what it would have answered and the other possible answers it considered. For example:

Question: This 19th-century dress support is a synonym for excited activity; don’t be alarmed if there’s one in your hedgerow
Answer: Bustle
Other Answers Watson considered: Boot, Bodice, Crinoline

It got me thinking about questions that might give Watson or the other contestants an advantage.  Recognizing that Watson is after all a computer, it probably has the edge on any computer, IT-related questions – you would think.  In tribute to this great computer experiment/media stunt, here’s our proposed question category with some sample questions.  Too easy you may say, but try asking these questions within your organization. May the best human/machine win.

Category – Enterprise File Sharing

Question: Information that takes up most of the storage on an email system?
Answer: Files

Question: A small device, named after part of the hand, used to transport files, easy to lose?
Answer: Thumb drive

Question: Healthcare regulation that restricts the sharing of personal health information?
Answer: HIPAA

Question:  An event that typically makes headline news involving the loss of information?
Answer: Data Breach

Posted in Accellion, Data Breach, Data Security | No Comments »

FAX Data Breach Gets Costly

Tuesday, November 30th, 2010

We are getting ready to move offices and the topic of the FAX number came up in our pre-move planning session. The claim was made that no-one uses the FAX machine any more.

I imagine the Hertfordshire County Council in England wishes their employees also hadn’t used the FAX machine. The County Council just got slapped with a £100,000 fine by the Information Commissioners Office (ICO) in the UK after a data breach originating at the FAX machine in June 2010. As reported last week in SC Magazine, employees in the childcare litigation department FAXed information to the wrong recipients on two separate occasions.  The size of the fine was determined in part because the two incidents were 13 days apart and the County Council failed to take sufficient steps to prevent the second breach. Sometimes people over think the solution – unplugging the FAX machine would have done the trick.

We’ve written before about the security hazards of the multi-function copier, scanner, printer in Digital Time Bombs. After hearing about this latest data breach perhaps we should ditch the FAX machine in the move.

Posted in Accellion, Data Breach, Data Security, UK | No Comments »

« Older Entries
Newer Entries »