Tag Archives: Axway Inc.

About 1094 days ago Data Security

Does File-Sharing Threaten Your Sensitive Data?

When debit cards first came out, says Internet encryption pioneer Taher Elgamal, people simply scrawled their pin numbers on the back of their cards. He sees many businesses taking the same sort of naïve approach to security these days when it comes to file-sharing and peer-to-peer networks. Too often, businesses haven’t thought through the risks involved in file-sharing. And like those early debit card users, employees often are thinking simply of convenience and ease of usage. Yorgen Edholm, president and CEO of Accellion, a company that provides secure file transfer solutions, agrees that businesses have been slow to react, despite continued news reports about data breaches. “One of the things that surprises me is it’s still such an under-discussed topic,” says Edholm. “Two years from now, it’s going to be, ‘How did we do that?’” How P2P threatens your data In February, the Federal Trade Commission notified nearly 100 organizations and businesses that had released sensitive information about customers, students, or employees through file-sharing or P2P networks. The government agency also announced it was conducting investigations of other businesses which had exposed data through file-sharing. In conjunction with the announcement, the FTC published new educational materials for businesses. The risk to your data from P2P technology is a two-pronged threat. Employees are placing critical data at risk by using P2P technology to transfer and to share work-related materials. However, as people become accustomed to moving much of their lives online, they often blur the distinction between work and home activities. Employees downloading the latest movies and music from file-sharing sites also create risk for their employers. Among the dangers: Inadvertently sharing files. Users may accidentally save a confidential file to a folder that is shared on a P2P network or malware could change the designation of  a folder or drive where sensitive information is stored. Opening your network to attacks. Malware in P2P programs can lead to attacks on other computers on your network, not just the computer sharing files. Losing track of data. Once files are placed on a P2P network, they may be shared among other computers even after deletion on the original computer. So, retrieving and securing data you’ve unintentionally exposed is virtually impossible. Remote storage of illegal material. Malicious programs could open one of your computers to storage of stolen documents or even child pornography, cautions Randy Abrams, director of technical education for anti-malware vendor ESET. The threat is so significant Abrams thinks P2P programs should be avoided. “Peer-to-peer file-sharing programs have virtually no place in a business environment,” he says. “The security of the programs varies widely. However, in many cases, the default settings are not the most secure. The risks of P2P file-sharing are too great to be ignored.” While every organization is vulnerable, Sanjay Mehta, senior vice president for security solution company Breach Security, advises that your company may be particularly susceptible to P2P threats. “In many ways, small to mid-sized businesses are great targets,” he says. Mehta notes that smaller businesses often aren’t equipped with the IT assets or the staffing to evaluate P2P risks or combat data breaches that occur through file-sharing. How you can protect your data Like most technology-related security issues, the first steps you should take involve people rather than machines or software, say the experts. Smart business practices will go a long way toward avoiding file-sharing data losses. Make sure your organization follows this checklist: Establish and enforce a file-sharing policy. Awareness is critical. Your policy should spell out in non-tech speak whether you’ll allow the use of P2P networks. If you allow file-sharing, you should  explain the circumstances under which it is permitted and whom you authorize to do so. Once you’ve created a policy, revisit it frequently since technology evolves quickly. Educate your users. Offer file-sharing solutions. “Ninety percent of employees just want to get their work done,” says Elgamal, chief information security officer for Axway, which secures and manages business transactions. “Generally speaking, people like the path of least resistance. We need to tell people how the company is enabling them to do business. You can’t sit down and say ‘no, no, no.’ Then what?”  Your employees will find ways to share documents and files when they need to get the job done, so anticipate their needs and find secure solutions. Classify documents. Establish a system for classifying information based on how it can be shared or the sensitivity of the data, advises Mehta. Then, arrange information in locations based on whether it can or can’t be shared. Consider a separate server or network for secure information. Classify users. Evaluate access and who should or shouldn’t be sharing information. Consider whether you’ll allow home computers on your network, an option Abrams advises against. “The cost/risk ratio of allowing personal computers on a corporate network, even for small companies, cannot be justified,” he says. Purchase help. Look for a vendor solution that helps you safely secure file transfers, log transfer activity, archive files that have been transferred and filter what goes into and out of your network. Accellion charges a couple of thousand dollars a year for a subscription covering 25 to 50 users, Edholm says. Most important, says Mehta, is taking action now.  If you visited the problem of file-sharing a year ago, it’s time to look again. “The threat factor moves a heck of a lot faster than every so often,” Mehta says.  

About 1298 days ago Computer Security

Tech Talk: Publisher Puts Kibosh on Spam

Hay House, a book publisher based in Carlsbad, Calif., was founded 24 years ago and has grown to become one of the largest self-help publishers in the world with 125 employees in the U.S. and locations in four different continents. The publishing house relies on e-mail for internal communication and for communicating with writers, often sending manuscripts back and forth. But employees were being deluged with spam – the company receives up to 10,000 spam messages per day – until information technology director Mike Fishell and his staff installed an e-mail security appliance. Elizabeth Wasserman: What are the plusses and minuses of using e-mail in your business? Mike Fishell: It’s much faster for moving information around. Whether it’s information for a book, fact-checking, public relations, or passing on quotes to be inserted into our books, we rely on our e-mail. We also have offices located in time zones that don’t match up. We have offices in the U.K., Australia, South Africa, and India, in addition to the U.S. So if it’s noon in London and someone e-mails us with something that has to be addressed that day, we can get back to them before they go home that night. We also may receive manuscripts via e-mail from our authors. Instead of sending a manuscript via FedEx, they can e-mail it to us directly. Wasserman: What are the security risks to a business posed by relying on e-mail? Do you get a lot of spam? Fishell: We get in the neighborhood of 10,000 spam messages a day. Wasserman: What did you do about that? Fishell: We were using software-based spam solutions in the past, but the spam problem was growing faster than our application could deal with it. I looked at appliances and Axway’s Mailgate was the first one I brought in-house for a trial. It worked so well that we couldn’t even think of taking it out of production. The trial unit we were sent was kept in production for three years. Wasserman: What does it do? How does it help you? Fishell: It helps us with spam by using a context-based algorithm. Some of our books may deal with health and we may have the word Viagra show up in a book, maybe with someone giving medical advice related to it. It’s not in the context of someone trying to sell it, because that wouldn’t be delivered to the mailbox. Our users receive an e-mail every day at 5 p.m. showing everything that was quarantined by the filter. They have an option to release it to themselves or ignore it. Wasserman: What have the results been? Fishell: On the inbound side, the time savings is money savings. I do a report once a year for the directors explaining the cost savings associated with it. I have calculated out in the thousands and thousands of dollars in terms of man hours for our people not having to delete spam. The cost savings worked out to about $54,000 a year in terms of man-hours we would have spent deleting spam. There are a lot of these e-mails being sent around maybe directing people to a website and it’s not enough of an e-mail to be caught as spam or a virus. But it directs them to a website that may have malicious intentions. We’re able to plug keywords into our filter and have it blocked in a matter of minutes instead of waiting for the virus companies to have something out there to block one. I don’t have to worry about anyone clicking on the link. It also allows me to set policies to prevent certain types of sensitive data from being e-mailed outside the office accidentally. Not only viruses, but personal information or confidential information, certain contracts we don’t want leaving the building, or proprietary material we don’t want leaving the building. In terms of time management, it’s nice having something in the business that doesn’t require babysitting. I take a look at the reports once a day. If I skip looking at the reports once a day, I’m not worried. The box gets restarted once or twice a year.  That and software updates a couple times a year and you can pretty much set it and forget it.