Tag: cybercrime

13 Sep 2015

Email Encryption and Mobile, Like Oil and Water

Destined never to mix?

Lack of standardisation, clunky integration and poor user experience have all stood in the way of tackling the security risks of email use on mobile devices. While the use of instant messaging services and social media is increasing, email remains the staple of business-to-business communication.

As businesses and employees become more mobile the challenge of securing sensitive data within email messages heightens. Almost half of employees, access business email on a device they own. Are mobile and email security like oil and water: destined never to mix?

Encryption technology has often existed as a bolt-on capability, for both traditional and mobile email clients, hindering the user experience by disconnecting them from the simplicity of built-in device applications.

Mobile technology has become universal because it is slick and intuitive. Its primary focus is the user experience. If that experience doesn’t exist, then we’ll naturally find ourselves looking for a way around the issue. When that issue is email security, the requirements of the business are at odds with the user’s actions. It becomes a serious problem.

“Too many companies haven’t properly integrated email services with email security. Secure messaging must be an integral part of your workflow.”

Tweet this quote

So, it’s not actually the case that mobile and secure email don’t mix. It is that too many companies haven’t properly integrated email services with email security. Secure messaging must be an integral part of your workflow.

The opportunities that mobile working presents to any business are significant and not going away any time soon. This opens up doors to countless vulnerabilities, especially as the value of data continues to rise, making it a rich target for cyber criminals.

New devices and applications arrive on the market on an almost daily basis, so to keep track of every device is clearly a fool’s errand for anyone developing security software.

Third party providers trying to bolt on security simply add additional steps for the mobile user. That means if there is a workaround, users will find it.

Email Encryption and Mobile, Like Oil and Water

Delivering a seamless experience is fundamental to user adoption and user adoption is a key to compliance with any message security strategy. The user experience can be enhanced by building security into the mobile experience. It should be functional, yet seamless to the user. Users should have controls, but it should also work without them having to do anything.

“What business needs is a smart platform for email encryption that makes the decisions for the user.”

Tweet this quote

What business needs is a smart platform for message encryption that makes the decisions for the user. When this platform is device independent, it does not matter if the user is on Android, Apple, Windows or any other platform…they can send email securely. The pace of technology and user device preference change so quickly, security solutions need to remain flexible enough to adapt along with them.

By Jacob Ginsberg, Senior Director of Products, Echoworx

19 Mar 2015

Small Businesses, Shift in Cybercrime

Smaller organizations less vulnerable?

Smaller organizations often assume that because of their size, they are less vulnerable to security threats than larger organizations. The truth: they are targeted more and more because they handle sensitive information, but often lack the security measures of a larger company. This week, in support of Fraud Prevention month, Echoworx takes a look at some of the factors influencing the increasing trend in Cybercrime towards small companies.

A few reasons for the shift:

SMB’s can be viewed as a gateway into larger organizations.
In the case of the notorious Target data breach, hackers were able to attain Target’s data via a small company’s access to their vendor portal.

SMB’s are often oblivious to the rapidly growing pace of advanced persistent threats (APT) and malware.
In most cases, smaller organizations do not have proper security measures in place and are in no position to prevent APT’s or hacks.

Small organizations often do not properly enforce data security policies within their company.
In order to ensure the security of information entering and leaving an organization, management needs to ensure that data protection policies are put in place, communicated to employees and strictly enforced. A Trend Micro report states that “65% of SMB’s said that in general, their organization’s sensitive or confidential business information is not encrypted or safeguarded by DLP technologies.”

Security threats and attacks have become a reality for businesses of all sizes and across all verticals. The implementation of proper security measures is a necessity and must be considered for every organization’s business plan. With corporate reputation on the line and growing consumer awareness, the need for proactive IT security has never been more important.

05 Mar 2015

March is Fraud Prevention Month

March is Fraud Prevention, in Canada

Over the next four weeks Echoworx is going to look at various trends within the information security space. 2014 brought a ‘Hail Mary’ of data breaches including eBay, Sony, and Home Depot; all a consistent reminder that our personal data is being targeted.

According to the Identity Theft Resource Center, the number of data breaches in 2014 rose by 25% compared to 2013. If past results are an indication of future performance, 2015 will bring about a barrage of cybercrime and with it your confidential information is at risk.

Whether it is spam email claiming something outrageous (e.g. “your long lost relative has left you a fortune for you to collect”), or hackers attacking corporate servers, Echoworx is going to look at information security trends in 2015. Information security and privacy policies will be front-of-mind for organizations this year and compliance drivers are influencing every business size and every business vertical to take protective action.

Large Healthcare, Insurance and Financial Institutions have all been primary targets in the past, but it no longer matters how large an organization is. That’s because Cybercriminals are targeting small businesses more and more, motivating those businesses to implement data security measures that simultaneously drive new and impactful compliance standards.

Stay tuned to the Echoworx blog for the month of March to learn more and join our discussion on Fraud Prevention.

11 Dec 2014

2014, Record Year in History of Data Breaches

Not a dull moment for cybersecurity industry

With millions of credit cards, email addresses, medical and personal information records compromised, 2014 has brought some of the largest data breaches in history and no industry sector has been immune.

As we discussed in a previous blog, the healthcare industry is very vulnerable, but so are others: from government to financial services. In fact, The Wall Street Journal reports that because of the “string of breaches at financial firms and big retailers” financial institutions are planning “to increase their spending by $2 Billion over the next 2 years.”

Data Breaches by Sector, 2014
Data from Identity Theft Resource Center

2014 was not only a record year in the history of cyber security, but also as a turning point.  Organizations are now fully aware that they have to be proactive and assess their vulnerabilities to cyber risks on an ongoing basis. They have to adapt to the reality of sophisticated cyber-attacks and be prepared.

It’s only by reaching an advanced stage of cybersecurity readiness that an organization can start to reap the real benefits of its cybersecurity investments. By putting the building blocks in place and ensuring that the program is able to adapt to change, companies can start to get ahead of cybercrime, adding capabilities before they are needed and preparing for threats before they arise,says Ken Allan, global information security leader at Ernst & Young.

The last twelve months have certainly brought not only an increased awareness, but most importantly, a sense of urgency to rethink security and to adhere to its best practices.