Posts from ‘Ipswitch’
The Boston Business Journal recently honored the 75 best places to work in Boston.
We’re a company of approximately 300 extremely talented, motivated and productive employees who really care about our solutions, our customers and our success in the marketplace.
Oh, and for those wondering, the rankings are the result of an employee survey, with submissions from over 300 Boston-area companies whose employees filled out an anonymous survey (one survey of which was submitted by yours truly).
Google revealed yesterday a targeted phishing attack from China against hundreds of GMail users, including government officials and military personnel. The FBI, Department of Homeland Security, and the White House National Security Council are all participating in an investigation of the cyber attack.
My hope is that this breach will serve as the wake up call that public and private businesses need to start enforcing policies around personal email. According to an Ipswitch survey at the InfoSec Europe conference, employee use of personal email is still a major problem. Nearly 70% of respondents send classified information (including payroll and customer info) via standard email every month… And 40% admitted to sending confidential information through personal email accounts specifically to eliminate the trail of what was being sent to whom.
Have you provided your employees with a simple tool to send large and confidential files? Do you have visibility into what is being sent and to whom?? Do you have a documented AND enforced policy around using personal webmail accounts from work computers???
Employees have proven over and over that they will ‘do what they need to do’ in order to be productive. It’s critical that organizations provide simple, safe and auditable tools that enable employees to collaborate and share files. It’s equally important that they govern employee activities to mitigate data risk by increasing visibility, control, compliance and security.
“Google has asked for U.S. government support against censorship, but the government’s response has been to ask companies to take responsibility. If Google does have an ulterior motive, it’s likely to be to pressure the U.S. government to take a more active role in defending U.S. companies in markets like China that present obstacles to fair competition.
Google is urging Gmail users to review their account settings to make sure they’re secure, but Kenney suggested Google could do more to alert users when their accounts are accessed from an unfamiliar IP address or when their accounts have been configured to forward messages.”
We’ve got some fresh stats and trends to share from data that we collected at the recent RSA Security Conference. Many thanks to the “statistically significant” number of people that took the time to fill out our survey questionnaire.
Our survey results highlight some major security and compliance concerns for businesses – information security, visibility and policy enforcement remain a major problem in 2011. Here are a few key data points:
- 65% have no visibility into files and data leaving their organization
- >80% use easily lost or stolen portable devices like USB drives and smartphones to move and backup confidential work files
- >75% send classified documents as email attachments – including payroll, customer data and financial information
- >25% percent have purposely used a personal email account (like yahoo or hotmail or gmail) instead of their work accounts as a way to hide their file transfer activity
- 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information
The fact that so many companies admittedly lack visibility into the files and documents that are moving around and leaving their organization is pretty scary. How can an organization protect information that they don’t know even exists? Clearly, increased focus is needed to first identifying sensitive data and then protecting it – These critical information security components should be carefully baked into an organizations security, governance and compliance initiatives.
Lastly, I’d like to vent on the last data point for a minute. Policy creation simply isn’t enough…. the enforcement of that policy is the critical step. Writing down a policy but not enforcing it is just as risky as not having documented the policy in the first place. Creating the policy is a good start, but please please please don’t stop there.
We’re excited to announce the launch of our Managed File Transfer Maturity Model.
The maturity model is a free resource that helps IT and security professionals quickly, easily, and accurately cut through the clutter to determine their organization’s MFT technology needs.
There are a growing number of file transfer solutions available today…but which one should you select? Well, the MFT Maturity Model will help you understand your buying criteria and determine the right technology solution to match your project’s maturity level and meet your business requirements.
So what are you waiting for? Go check out the MFT Maturity Model whitepapers and videos…and feel free to submit a question also!