Posts from ‘Uncategorized’
Corporate America is finally taking notice of its lax information-sharing practices. As data breaches continue to dominate headlines in 2011 and expose major vulnerabilities in the way organizations share and manage sensitive information, companies worldwide are demanding that their partners improve the way they send and receive files.
According to a new report by Ipswitch File Transfer (FT), nearly two-thirds of individuals surveyed at this year’s Infosecurity Europe Conference said their company is feeling increased pressure from customers and partners to improve the speed and security of file transfers.
“The successes of hacking groups like Anonymous and Lulzsec have opened the doors for boardroom conversations around information managementand security,” said Frank Kenney, VP of Global Strategy for Ipswitch FT and author of the report. “Companies are finally realizing that they may be at risk and are seriously reevaluating the way they exchange business information on a daily basis.”
According to Ipswitch’s new report, the problem for many organizations stems from corporate management not providing employees with suitable tools to send and receive large and confidential attachments. Without a company-mandated file transfer platform that makes it simple and secure to send and receive large files, employees are finding workarounds and throwing security and compliance out the window in the process. For instance, nearly 50 percent of individuals surveyed at Infosecurity Europe have been unable to send business-critical documents because their company’s server couldn’t handle the file’s size. And 78 percent said that, on numerous occasions, their corporate email system’s inability to handle large attachments significantly slowed productivity.
The result: Employees find risky workarounds – including personal email and remote devices to avoid the corporate information-sharing roadblocks:
- Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
- Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
While some organizations are providing employees with file transfer solutions to overcome size constraints, Ipswitch’s new report shows that too many platforms are failing to place enough emphasis on security. Less than 30 percent of companies leverage file expiration and password protection technology and only 15 percent of companies can actually confirm that their files have reached their intended recipients. At least 30 percent of companies don’t have any safeguards in place to secure file transfers.
“Employees will do whatever they need to be productive, and that includes going around corporate systems to send and receive business-critical information,” said Kenney. “It’s not enough to create policies that prohibit such risky behavior; organizations need to provide employees with a simple and secure tool that allows them to send and receive large files successfully.”
To hear the full results of the report, join us on September 8th for a webcast, “How Lessons Learned at Infosecurity Europe Apply to Person-to-Person File Sharing at Your Company.”
As a continuation of Ipswitch’s 20th anniversary celebration, we’ve decided to offer a “20″ themed deal! That means 20% OFF WS_FTP Professional today only – July 20th!
This special offer is available online only for all licenses of WS_FTP Professional (excluding site licenses). You just need to use coupon code: 20ON20.
Why WS_FTP Professional?
- Gain access to the world’s most popular file transfer client.
- Simplify tasks and enhance productivity with capabilities such as email notification, backup, synchronization, compression, post-transfer events, and scheduled transfers.
- Transfer files over FTP, SSL, SSH, and HTTP/S transfer protocols.
- Protect files before, during, and after transfer. Unmatched security is provided through 256-bit AES encryption, FIPS 140-2 validated cryptography, OpenPGP file encryption, and file integrity validation up to SHA-512.
Security researcher Derek Newton and a few Dropbox users have found a significant security hole in Dropbox. They published their results and Dropbox responded.
Dropbox’s response is not adequate. It’s not enough for them to bury their head in the sand and to say that this security gap is not their problem if a hacker has physical access to the computer. The very nature of Dropbox lets its users increase their physical presence onto many more computers. As such, these users are increasing the risk of their information being stolen and their businesses being compromised.
Instead, Dropbox needs to say what steps they are taking to close this security gap. If Dropbox wants to minimize the impact to their business and to increase their presence as a responsible corporate citizen, Dropbox needs to make this security issue theirs to resolve.
Encryption is the best way for Dropbox to proceed right now. Encrypting their configuration files would be the first and best place to start. Second, Dropbox (like Google or my credit card company) should monitor users’ accounts for unusual activity. Whenever they notice a blip or a change in user’s activity, they should send the user an email or SMS.
Third, no application or user should be given implicit access to a user’s files. All access needs to be explicit. An end user needs to specify each application and user that has permission to view, update, copy or remove their files.
As all our transactions become electronic, it’s more important than ever that securing the data, securing access to the data without compromising usability and authorized access is the number one requirement for software vendors.
I just read an interesting article on MarketingWeek written by Richard Lees, chairman of dbg (The Database Group). Richard has spent the better part of 20+ years combining two of my passions: marketing and data. So I’m instantly interested in his opinion on data security.
So why are we so scared of data security? Probably because we see the aftermath of data scandals and know how debilitating to a brand they can be. Bad PR does not even come close.
So true! Not only have data breaches resulted in billions of dollars in damages, they have also single-handedly destroyed brands and killed entire businesses, and big ones at that. And trust me, organizations like TJX will be feeling the ramifications of their data breach for decades.
Richard sheds light on the growing perception of “inevitability” surrounding data breaches: “It’s so easy to get data processes wrong and everyone is always waiting for the real clanger to happen…The number of diverse touchpoints that are relatively loosely controlled means it’s far too probable that this can happen.”
And here’s one more soundbite that that drives home the point that many organizations aren’t yet taking even minimal precautions:
“It amazes me how some people still fail to do the basics such as merely password protecting data they are sending offsite, using secure file transfer protocols (SFTP)…It is remarkable how much customer data still moves around the internet every single day with very little control.”
Oh, and if you want more proof that sensitive files, data and documents aren’t safe, check out the WikiLeaks website that Richard references. Take a look at a few of the anonymous submissions of confidential documents and communications from governments and organizations around the world that we can all get to with just a few mouse clicks.
“Pimpin’ ain’t easy, and neither is recovering from cybercrime.”
Simon McCormack of The Huffington Post
Forget that whole ‘East Coast vs West Coast’ rap hostility. There’s a shared enemy out there that is bringing the two coasts together.
What could be so horrible that it unites East and West? What is it that’s so vile that its banding together the entire rap community?
No, Heidi Montag is not coming out with a rap album, it’s not THAT bad. It’s cybercrime.
In Simon McCormack’s article on Huffingtonpost.com, we learn that The Doggfather has “had to deal with Internet miscreants who have set up fake websites using his name, stolen his music and swiped his credit card information.”
Snoop Dogg is all about fighting cybercrime now, and he says “I don’t tolerate it. I’m not with it.”
It’s more than just lip service, if you check out Geekosystem.com, Robert Quigley’s article takes us deeper inside Uncle Snoop’s plans to fight cybercrime and shows us that Tha Boss Dog is involved in a contest called “Hack Is Wack” to spread awareness on cybercrime. Quigley explains that “Hack Is Wack is a Norton-sponsored, Snoop Dogg-approved competition wherein contestants submit an ‘anti-cybercrime rap video’ two minutes in length or shorter.”
Just last month, Ipswitch’s own Frank Kenney extended his hand to help the rap community with it’s battle against cybercrime, specifically the fight against email hackers with an “open invitation to any of the hip-hop superstars such as Diddy, Dr. Dre, Jay-Z, Eminem, Eve, Lil Kim, 50 Cent, or Lil Wayne” to use Ipswitch’s Sendable. This is where you can send any type of file up to 15 GB in size, and we will guarantee that it gets there, securely, and is fully auditable.
Frank extends his hand even further and says that “if you’re an aspiring rapper, go to Sendable.com and sign up for free account. Let us know how you like it, how we can make it better, and we’ll will work at getting you the features that you want and recommend. We may even have some free accounts for you if your music is all that!”
I’d like to keep Frank’s generous offer alive, and if you’re looking to submit a video to “Hack Is Wack“, then Sendable is the way to go!
