Tag: compliance

28 Oct 2016

The Encryption Rally Cry

Stronger yet simpler solutions.

Email has been around for decades, and remains the mainstay of enterprise communications. Despite efforts within companies to introduce collaborative solutions that reduce reliance on email, Radicati Group reports that the average number of business emails sent and received per employee will actually grow from today through 2019.

These emails, of course, often contain sensitive text information as well as attached documents, and despite the rise in cloud- and premises-based collaboration software that might account for that drop in sent emails, that practice is likely to continue. It’s simple and easy to attach a document and send it, after all—no logging into a different system to move files, or take other steps to share information.  Users will always take the easiest path.

As security and compliance concerns continue to rise across industries, businesses are not only looking for new ways to keep sensitive data safe, but also to cut costs. As a result, many organizations are migrating some or all of their email users to the cloud, marking a fundamental change in the way that email and email-related services such as archiving and encryption are managed.

As this shift is occurring, there are two other factors also in play:

  • Lines of business are becoming increasingly more influential in determining a company’s encryption strategy, while the influence of IT is dropping, according to a recent report from Ponemon Institute. According to the report, respondents from three countries—the United States, the UK and France—actually chose their organization’s lines of business management as being more influential than its IT group in terms of determining the company’s security posture.
  • Breaches are becoming more public and more costly. Compliance with privacy and data security requirements is a big driver of encryption, not only in expected vertical markets, but across the board in all industries.

Cost and Simplicity
Businesses are migrating email to the cloud for a variety of reasons, according to a recent report from Osterman Research, but the key driver for the use of cloud-based email—cited by more than half of all respondents (52 percent)—is reducing the cost of delivering services. Also on the costs side, gaining certainty over costs was listed as a key driver by 40 percent of respondents.

Businesses are also looking for simplicity in their move to the cloud; 44 percent of respondent said cloud-based email would help streamline IT operations and 35 percent said it would enable agility in a changing user environment. Interestingly, only one-third of respondents (34 percent) listed improving organizational communications as a key factor, and 39 percent sought to drive user productivity by migrating email to the cloud.

Although the majority of respondents 43 percent said they would prefer on-premises virtualized servers as the hardware/delivery platform of choice, nearly one-third indicated a cloud-based system operated by a third party would also be a viable option. To meet the goals of cost reduction and control, many businesses will likely find that a hybrid solution—a customized blend of on-site services and off-site cloud-managed services, with different resources available to different users—will offer the best of both worlds. With many users now working remotely—either permanently as telecommuters or temporarily on mobile devices, on-premises solutions just can’t offer the flexibility of the cloud.

The big concern, of course, is security, and believe it or not, regardless of whether email is hosted in the cloud or on-premises, careless employees are a company’s worst security threat. One out of every four corporate emails contain attachments that include sensitive personal or business data. The majority of emails are openly sent without any form of encryption; 61 percent of employees admit sending confidential information through open email channel. According to the Ponemon study, 52 percent of respondents cited employee error as the most significant threat to sensitive or confidential data. Thirty percent chose system or process malfunction as the biggest threat, and 28 percent selected hackers. The fact that the top two findings on threats relate to mistakes or errors, despite recent headline-grabbing targeted threats, is significant. Ironically, that gaping hole in a company’s security posture can be quite simple to fix with the right encryption solution.

However, many companies are struggling to do just that. According to the Ponemon report, 57 percent of respondents say the biggest challenge to encryption deployment is discovering where sensitive data resides in the organization. Ponemon indicates this isn’t a surprise, and we agree; there’s more data, more endpoint devices and more use of the cloud. In addition, neatly half of all respondents (49 percent) cite initially deploying encryption technology as a significant challenge.

It’s an interesting paradox—the industry is approaching the issue of data leaks caused by employee error by offering solutions that employees will likely ignore because they are too difficult to use. If only there was a better way…

The additional content listed below may be of interest.

  • Download our REPORT  | How Much Do You Trust Email?
  • Watch our DEMO  | OneWorld B2C Encryption Protection
  • View our INFOGRAPH  | 5 Encryption Factors to Consider

By Chris Peel, Vice President Engineering, Echoworx

 

09 Aug 2016

Fraudsters Hackers & Thieves!

It’s official: Most consumers do not feel like their private data is indeed being kept private.

Looking around at the headlines, where high-profile breach after high-profile breach is documented, the lack of trust in data security is no surprise. Whether it be through a corporate breach, where consumers’ confidential information is revealed as part of thousands of records stolen or inappropriately handled, or an attack that they themselves initiate via inappropriate use of their personal computer or mobile phone, or anything in between, breaches have caused consumer distrust to become rampant when it comes to whether or not their personal information is being kept safe. This is hammered home in a recent Global Survey on Internet Security and Trust report from CIGI-Ipsos, in which only 38 percent of consumers surveyed trusted that their activities on the internet are not being monitored.

Consumer distrust grows

Stop for a moment and think about how much of our lives are now conducted online, or are connected in some way. When you wake up in the morning, you likely check personal and perhaps work email from a tablet or mobile device. You might update Facebook, Instagram or Twitter. You may ask your Amazon Echo what the weather and traffic is like on your way to work. You might place a grocery order online, or order a new supply of toilet paper. On the ride into work, you might use a Bluetooth headset to listen to voice mails or catch up on the day’s headlines. When a large majority of our everyday life is conducted online, how did the industry get to a point where the consumers who have bought into this “connected vision” don’t feel safe being online?

Symantec conducted a survey on privacy within the European Union, and found that 59 percent of respondents have experienced a data protection issue in the past. Reported issues included being notified of a data breach by a company that had access to some of their personal information, having an email or social media account hacked, having bank details stolen, being a victim of online identify theft, getting a computer virus, or responding to an online scam or fake email. Overall, 57 percent of respondents reported being worried that their data is not safe.

The National Telecommunications & Information Administration (NTIA) in May released a report that correlates how connected we are online with a higher risk of data breaches. The report found that while 9 percent of online households that used just one type of computing device (such as a desktop, laptop, tablet, Internet-connected mobile phone, wearable device, or TV-connected device) reported a security breach, 31 percent of those that used at least five different types of devices reported a breach.

Opting Out

Furthermore, there is a potential economic impact to consumers’ distrust. The report also found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities. Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet, and 30 percent refrained from at least two of these activities. In households that experienced a breach, these percentages are even higher.

This fear and distrust is not without good reason. In Symantec’s April 2016 Internet Security Threat Report (ISTR), the security firm estimated that if all breaches that occurred in 2015 reported the number of consumers worldwide impacted, it would total an estimated half-billion people.

exposed

Financial information such as credit card numbers are still coveted information, although their per-card value is going down and their shelf life is short since credit card companies and credit card owners are using technology to shut down fraudulent transactions quickly. Instead, the new sought-after information is information from insurance, government and healthcare organizations that is being targeted. The more details someone has about an individual, the easier it is to commit identity fraud, and targeting these groups provides more complete profiles of individuals to criminals. Real names are still the most common (78 percent) type of information exposed, according to the ISTR, followed by home addresses, birth dates, Government IDs (such as Social Security numbers), medical records, and financial information.

Businesses can and should be doing much more to secure customers’ private and oftentimes sensitive information, reducing the risk for everyone. History has shown that when encryption solutions—including email encryption—are deployed properly, they work well. But communications with customers requires a different set of criteria than internal communications or communications with partners. User experience is key, according to a recent research note from Gartner, consumers are likely to resist the installation of third-party software or apps on their devices to access secured content.

In summary, consumers today have become much more discerning about their online activities, and know controlling their online activity plays a role in helping protect their privacy. However, the organizations they do business with need to take the security of customers’ private data just as seriously, and invest the time, effort and budget into ensuring its safety.

By Greg Aligiannis, Senior Director of Security at Echoworx

Sources:
CIGI-Ipsos Global Survey on Internet Security and Trust
Symantec State of Privacy Report
U.S. Census Bureau NTIA Computer and Internet Use Supplement
Symantec Internet Security Threat Report Vol. 21
Gartner Guide to Email Encryption

09 Aug 2016

Fraudsters Hackers & Thieves!

It’s official: Most consumers do not feel like their private data is indeed being kept private.

Looking around at the headlines, where high-profile breach after high-profile breach is documented, the lack of trust in data security is no surprise. Whether it be through a corporate breach, where consumers’ confidential information is revealed as part of thousands of records stolen or inappropriately handled, or an attack that they themselves initiate via inappropriate use of their personal computer or mobile phone, or anything in between, breaches have caused consumer distrust to become rampant when it comes to whether or not their personal information is being kept safe. This is hammered home in a recent Global Survey on Internet Security and Trust report from CIGI-Ipsos, in which only 38 percent of consumers surveyed trusted that their activities on the internet are not being monitored.

Consumer distrust grows

Stop for a moment and think about how much of our lives are now conducted online, or are connected in some way. When you wake up in the morning, you likely check personal and perhaps work email from a tablet or mobile device. You might update Facebook, Instagram or Twitter. You may ask your Amazon Echo what the weather and traffic is like on your way to work. You might place a grocery order online, or order a new supply of toilet paper. On the ride into work, you might use a Bluetooth headset to listen to voice mails or catch up on the day’s headlines. When a large majority of our everyday life is conducted online, how did the industry get to a point where the consumers who have bought into this “connected vision” don’t feel safe being online?

Symantec conducted a survey on privacy within the European Union, and found that 59 percent of respondents have experienced a data protection issue in the past. Reported issues included being notified of a data breach by a company that had access to some of their personal information, having an email or social media account hacked, having bank details stolen, being a victim of online identify theft, getting a computer virus, or responding to an online scam or fake email. Overall, 57 percent of respondents reported being worried that their data is not safe.

The National Telecommunications & Information Administration (NTIA) in May released a report that correlates how connected we are online with a higher risk of data breaches. The report found that while 9 percent of online households that used just one type of computing device (such as a desktop, laptop, tablet, Internet-connected mobile phone, wearable device, or TV-connected device) reported a security breach, 31 percent of those that used at least five different types of devices reported a breach.

Opting Out

Furthermore, there is a potential economic impact to consumers’ distrust. The report also found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities. Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet, and 30 percent refrained from at least two of these activities. In households that experienced a breach, these percentages are even higher.

This fear and distrust is not without good reason. In Symantec’s April 2016 Internet Security Threat Report (ISTR), the security firm estimated that if all breaches that occurred in 2015 reported the number of consumers worldwide impacted, it would total an estimated half-billion people.

exposed

Financial information such as credit card numbers are still coveted information, although their per-card value is going down and their shelf life is short since credit card companies and credit card owners are using technology to shut down fraudulent transactions quickly. Instead, the new sought-after information is information from insurance, government and healthcare organizations that is being targeted. The more details someone has about an individual, the easier it is to commit identity fraud, and targeting these groups provides more complete profiles of individuals to criminals. Real names are still the most common (78 percent) type of information exposed, according to the ISTR, followed by home addresses, birth dates, Government IDs (such as Social Security numbers), medical records, and financial information.

Businesses can and should be doing much more to secure customers’ private and oftentimes sensitive information, reducing the risk for everyone. History has shown that when encryption solutions—including email encryption—are deployed properly, they work well. But communications with customers requires a different set of criteria than internal communications or communications with partners. User experience is key, according to a recent research note from Gartner, consumers are likely to resist the installation of third-party software or apps on their devices to access secured content.

In summary, consumers today have become much more discerning about their online activities, and know controlling their online activity plays a role in helping protect their privacy. However, the organizations they do business with need to take the security of customers’ private data just as seriously, and invest the time, effort and budget into ensuring its safety.

By Greg Aligiannis, Senior Director of Security at Echoworx

Sources:
CIGI-Ipsos Global Survey on Internet Security and Trust
Symantec State of Privacy Report
U.S. Census Bureau NTIA Computer and Internet Use Supplement
Symantec Internet Security Threat Report Vol. 21
Gartner Guide to Email Encryption

14 Jun 2016

Can You Weather the GDPR Security Storm?

You would think that simple and secure communication with employees and customers would be top of any financial services firm’s checklist, wouldn’t you? That the need for confidentiality and regulatory compliance had never been greater? Especially given that financial data has been among the most commonly exposed and stolen in recent breaches. Think again! Our survey last year found that despite 83 per cent of financial services professionals using email more than any other form of communication, 23 per cent either do not use or are unaware of any email and file sharing encryption technology in place.

23% Dont use encryption

It’s time for businesses to batten down the hatches, because the General Data Protection Regulation (GDPR) is coming and businesses are worried about its impact. The European Commission has passed new pan-region regulations, which will come into force in April 2018. Businesses that don’t comply with the new laws could face fines of €20 million or four per cent of global turnover – whichever is greater. Fines of this level will have a significant impact on any business. You only have to look at the costs incurred by TalkTalk following its high profile data breach last year (£60 million and counting, and a considerable loss of customers) – and you can see fines like this keeping the CFO awake at night.

We hosted a roundtable event for CIOs and CISOs of financial services companies. Most admitted that they knew something needed to be done about GDPR compliance, but they didn’t know where to start. It was clear from talking to these senior financial services industry figures that companies are wholly aware of the threat posed by cyber attackers and hackers. They have already taken action against it. However, the pressure to reduce costs is a struggle felt by all. Research by TheCityUK Cyber Taskforce (p.11) found that 46 per cent of companies have cyber threats as a key concern to their business, compared to just 10 per cent in the same survey a year earlier.

weathering GDPR Storm

It’s not just internal email that needs to be covered by the right level of security. External communication with customers need security measures too. Stories of cybercrime and data breaches continue to hit the headlines daily, while consumers are more technically and security savvy than ever. In fact, a recent survey by the US Dept of Commerce found that, 45 per cent of consumers reported that cybersecurity concerns stopped them from conducting financial transactions online.

Financial services organisations should have strong encryption solutions in place that are both manageable for the business and meet the needs and expectations of customers. Banks have continued to resist because they think it is too complicated. Many argue that customers won’t understand how to use more complex security solutions. This simply isn’t an excuse any more. There are plenty of options on the market that have put user experience at the centre. A valuable email encryption solution makes the process simple for both sender and recipient.

weathering compliance storms

The cost of a data breach to a financial services organisation goes far beyond just financial considerations (although with the prospect of huge fines looming as part of the GDPR – it’s certainly a substantial worry). Reduction in customer confidence and reputation damage are an equally expensive contributing factor. For a long time, FS companies have upped their security precautions at the perimeter of their businesses. Now they need to extend this protection to their customers as well. Issues like TalkTalk breach, along with new government powers to snoop in the form of the Investigatory Powers Bill have left customers more worried than ever before about the security of their data. Banks need to act fast to reassure customers and to avoid churn to a more secure rival. Moreover, all FS companies must ensure they are compliant with the GDPR before it hits in 2018.

By Jacob Ginsberg, Senior Director, Echoworx

This article originally appeared in the Global Banking & Finance Review