Archive for the ‘Data Security’ Category

« Older Entries
Newer Entries »

Big File Transfer Myth – BUSTED

Tuesday, May 25th, 2010

Mythbusters has to be one of my favorite programs. Since 2003 they have tested more than 700 myths related to technology, science, animals, humans, food – you name it they’ve tried it.  And if they haven’t tried it you can submit a myth for them to test.  Last week’s episode investigated the validity of the Giant Water Slide Jump that has been a recent YouTube hit.  Awesome fun!

Stephanie Jordan of Messaging News did her own myth busting this week in her recent article entitled Managed File Transfer Myth:-MFT is just for Big Corporations with Big Files.

Stephanie tackled the Big File Transfer myth head-on by exploring the relationship between the size of a file, the size of an organization and the associated security risk.  Its an important topic to cover and thanks Stephanie for raising awareness that no matter the size of the file or the size of the organization you can get yourself in a heap of trouble if you are not securing the transfer of intellectual property and confidential information.

Just like the Giant Water Slide Jump, the Myth that Managed File transfer is just for Big Corporations with Big files is officially  - BUSTED.

Posted in Accellion, Data Security, Product | No Comments »

Signs of the Times

Tuesday, May 18th, 2010

The game of baseball requires more than bats and balls, gloves and uniforms. Communication is essential. Every pitch hinges on the ongoing conversation between the catcher and the pitcher about what to throw to the batter. Fastball?  Slider?  Curve?

For a very long time in the world of baseball, this conversation between catcher and pitcher has occurred in the clear. The catcher and pitcher are sixty feet apart, and the use of messaging technology is against the rules, so the catcher uses hand signals to indicate the suggested pitch. Traditionally, “one” (a flash of the index finder) communicated “fastball,” and “two” (”the deuce”) indicated a curveball.  But with the myriad of pitches thrown today, signals are complex, including indications of pitch location.

The signaling of pitches led to another baseball tradition:  opponents trying to steal those signs. When an opposing team successfully steals signs, it is not easy to detect.  A team may lose a game, with their pitcher giving up ten runs, and simply conclude that their man on the mound just didn’t have his best “stuff” that day.

It is rare when a team is caught stealing signs, but this past week it may have happened. The Colorado Rockies were playing host to the Philadelphia Phillies on Monday May 10th when the local TV crew spotted the Phillies’ bullpen coach, Mick Billmeyer, with a pair of binoculars. The Phillies claim that he was simply watching their own catcher when they were on the field. Were the signs stolen?  Hard to tell.  All we know for sure is that the Phillies won the game, 9-5.

As in baseball, communication is essential in business, and much of this communication still occurs in the clear. The key difference is that the use of technology to improve privacy and security in business is not only legal, it’s recommended.

For more on the most recent sign stealing episode, and one from baseball’s storied past.

David Cain
Vice President, Worldwide Channel Sales
Accellion, Inc.

Posted in Accellion, Data Security | No Comments »

Federal Agency File Transfer Security Study

Wednesday, May 12th, 2010

A recent report by MeriTalk entitled “Why Encrypt? Federal File Transfer Report” offers interesting data and recommendations regarding securing the transfer of federal data.  Perhaps most alarming was the significant use by those surveyed of unsafe methods for transferring files:

•  66% use physical media (e.g. tapes, CDs, DVDs, USB drives)

•  60% use FTP

•  52% use personal e-mail accounts

and also the disappointing data that “currently just 58% say employees are aware of secure file transfer policies.”  The study was commissioned by Axway and illustrates the gaps between what should be happening to secure the transfer of data and what is actually happening.

Use of Accellion secure file transfer within the federal government has been steadily growing with recent Accellion government deployments at:

•  US Securities and Exchange Commission

•  NASA

•  State of Florida, Department of Transportation

•  Government of Newfoundland and Labrador

•  Government of Saskatchewan, Information Technology Office

It seems from the recent study there is still more work to be done in securing file transfers by Federal Agencies.  We are here to help.

Posted in Accellion, Data Breach, Data Security, FTP | No Comments »

Health Records on USB Stick found in UK Car Park

Wednesday, May 5th, 2010

Another day, another data breach.  The BBC reported today that a memory stick containing health records from a nearby secure hospital facility was found by a 12-year old boy in a supermarket car park in the UK.  The information contained records of violent patients from the Tryst Park severe mental health unit at Bellsdyke Hospital, along with information about staff.

This is really getting silly.  As a spokesperson from the health authority NHS Forth Valley said “We have clear policies in place on the safe use of portable data devices.”  It seems that these clear policies either:

  1. weren’t clear
  2. didn’t cover the Asda Car Park
  3. were ignored

As mentioned before in the Accellion Blog the best idea with portable flash devices and USB sticks is DON’T USE THEM to transfer sensitive information - file transfer via USB stick is not a good idea.  Abstinence in this case really does seem the best idea.  Accellion secure file transfer technologies make it possible to quickly, securely and efficiently transfer sensitive information thus avoiding creating headline news such as today’s.

Another side benefit of using secure file transfer, other than securing the transfer of files, is it makes staff more conscious of the handling of confidential information. Did the person who dropped the USB stick in the car park really mean to take the records to Asda, or did they just forget the USB stick was in their pocket, which just happened to have a hole in it? In the case of information security humans are often the weakest link.

Sometimes safeguards are just that, they guard people from their own mistakes.  So next time you visit the local supermarket check your pockets beforehand.

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | 2 Comments »

Police responsible for first UK data loss subject to new fines

Wednesday, April 21st, 2010

Last Friday was not a good day for the Gwent Police in the UK.  The personal information of 10,000 people was accidentally emailed by the Gwent Police to a journalist at The Register, resulting in the first major UK data loss since new fines were introduced by the UK Information Commissioner.

It was bad enough that a Microsoft Excel spreadsheet containing birth dates and criminal record checks was sent unencrypted and without password protection.  To accidentally include in the CC: field, the email address of a journalist at The Register turned this into a high profile data breach.  The Register email address was in the system because it had been used earlier for two unrelated Freedom of Information requests.

IT staff were immediately called in to tighten security measures to avoid similar incidents occurring in the future.  As a minimum that should include a secure file transfer system, content monitoring and filtering and data encryption.

While The Register has cooperated with Gwent Police in deleting the file they did not feel compelled to comply with requests not to mention this story.

Posted in Accellion, Data Breach, Data Security, Email Attachments, UK | No Comments »

Digital Copiers and Scanners – Digital Time Bombs

Tuesday, April 20th, 2010

CBS News chief investigative correspondent Armen Keteyian wins the Accellion Top Sleuth award this week, with his story on Digital Photocopiers Loaded with Secrets. Holey Moley, what were people thinking when they discarded their digital photocopiers?  Digital copiers contain hard drives that store images of documents, scanned, copied and emailed from the machine.  Extracting this info from discarded photocopiers is not much of a challenge, especially when the disk is not encrypted. Apparently one photocopier even had a sensitive document still under the copier glass. While major manufacturers of digital copiers and scanners offer security and encryption packages, there is mounting evidence that organizations aren’t generally aware of the security risks inherent with these devices.

So why the interest by Accellion in digital copiers and scanners?  We’ve had our eye on these little beasties for quite some time as potential sources of data leakage. Today’s digital copiers and scanners provide the ability to scan a document and then email the resulting digital file as an email attachment. Without security controls, digital copiers and scanners pose a serious threat to protection of intellectual property and non-compliance with regulations such as HIPAA. In addition, scanned documents create huge email attachments that wreak havoc on email performance.  A couple of years ago we introduced the SMTP Satellite to plug this security hole and improve email performance.

With the Accellion SMTP Satellite organizations can secure and track the transfer of scanned documents and offload delivery from email.  And we’ve written earlier on our view that disk and data encryption is always a good idea.

Posted in Accellion, Data Breach, Data Security, Email Attachments, Product | No Comments »

Are Humans The Weakest Link in Data Security?

Tuesday, March 16th, 2010

With increased scrutiny on data security – it’s interesting to read this week’s Network World article “Humans continue to be the weak link in data security”. The article highlights some of the human weaknesses of business users related to the use of encryption and handling of passwords, and provides a sharp reminder that humans can easily undermine even the most sophisticated security systems.

On the topic of human weaknesses.  Yes, I admit I am guilty as charged.  I have been known to write passwords on post-it notes – there are a couple in front of me on my desk right now. Apparently I’m not alone – the Network World article cited results from a recent Pomenon study where 35% of business managers surveyed admitted to using the post-it note approach to remembering passwords. 31% of respondents admitted to sharing passwords.  Interestingly, none of the IT managers who responded to the survey admitted to using post-it notes – confirming that IT is definitely a more evolved type of a human.

So what is the solution – remove business users from the equation?  Hardly, given that the technology is there to serve business users.  So how does an organization protect its business users from themselves?

In the world of file transfer – we have our share of human-related weak links including:

• Shared FTP accounts and passwords
• Files left indefinitely on FTP sites
• Files sent via IM
• Disks lost in the mail
• Files carried on unencrypted thumb drives
• Confidential files sent unsecured via email

We tend to think that business users want to do the right thing.  However, faced with the day to day challenges of needing to get their jobs done, even the most conscientious business users will be tempted to take short cuts.  Why would someone share a password?  Because it’s too much hassle to get a new account or password. Why would someone send files via mail? Because they don’t have an easy way to send it electronically. Why would someone send confidential information via unsecured email? Because they don’t have an easy to use secure way of sending files.

Most of the reasons for seeking short cuts for file transfer center around ease of use, reducing hassle, getting things done quickly. Given that files take up more than 70% of email volume, file transfer warrants attention within the enterprise. Otherwise it might just be the weakest link in your enterprise data security system – along with humans.

Posted in Accellion, Data Security | 2 Comments »

DLP and Archiving coming back to life?

Tuesday, March 16th, 2010


I sit in on a lot of Sales calls at Accellion and have noticed a new trend in the past few months. It used to be when we brought up the need for Archiving or DLP integration with Accellion, that organizations would say they do have this requirement but aren’t doing anything about it right now. Suddenly it seems to be the new hot topic…must have DLP, must Archive. Now this isn’t every company I talk to, but I am surprised at the types of companies who say they need this. Especially the retail sector. I also hear it from Law offices, which makes sense. I think last year lawyers were holding back on any new systems, but now suddenly have a pent up need for this.

Is this upsurge in demand for Archiving and DLP a result of the economy getting better or because organizations have been going without protection for so long that they are getting nervous about getting caught? Anyone have an opinion?

Mary Nicknish, Accellion Product Manager

Posted in Accellion, Data Breach, Data Security | No Comments »

Top 3 File Transfer Security Mistakes

Tuesday, March 9th, 2010

Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them.  After all, staying out of trouble is half the battle.

Mistake #1  - Using P2P file sharing software at work.

Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks.  Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing.  The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.

Mistake #2 – Sending confidential information via an email attachment, USB stick or CD

Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA.  Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.

Mistake #3 – Forgetting to cleanup files on un-secure FTP servers

Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs.  In the hands of business users, FTP servers become a security breach waiting to happen.  Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers.  Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.

The good news is that managed file transfer can keep you out of trouble in all these areas.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, P2P, UK | 2 Comments »

Email Attachments – Misconceptions Compromise Security

Wednesday, March 3rd, 2010

Are organizations aware of the security risks from email attachments? Generally not.

With email attachments typically accounting for more than 70% of e-mail volume, the bulk of data on email systems resides in the email attachments not email messages. Unfortunately in many organizations the management of email attachments is an afterthought leading to security vulnerabilities.

The disturbing reality is that users will try to force as much information through email as they can get away.  Without adequate security controls in place users commonly send confidential information unprotected through email attachments.  In cases where users hit email attachment size limits, they rapidly seek out unsecure IT workarounds such as thumb drives, CDs, P2P file sharing, just to get their job done.

So why the apparent lack of concern regarding the security of email attachments?  Here are just 3 of the common misconceptions:

•  Misconception #1: E-mail attachments are limited to 10MB; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #2: FTP is available; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #3: We haven’t experienced a security breach from unsecure file transfer, so the risk of a data breach from file transfer is minimal.

To learn how these common misconceptions compromise security read the full article published in Enterprise Systems this week.

Given the increased profile of data breaches and updated and extended compliance regulations such as HIPAA, now is not the time to ignore security vulnerabilities. Organizations, large and small, are waking up to the hazards of email attachments and are deploying managed file transfer solutions to protect confidential information and ensure compliance.

Give us a call if you would like to review the security of email attachments and investigate deployment of a managed file transfer solution to protect your organization.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, HIPAA, P2P | No Comments »

« Older Entries
Newer Entries »