Tag: data security

09 Aug 2016

Fraudsters Hackers & Thieves!

It’s official: Most consumers do not feel like their private data is indeed being kept private.

Looking around at the headlines, where high-profile breach after high-profile breach is documented, the lack of trust in data security is no surprise. Whether it be through a corporate breach, where consumers’ confidential information is revealed as part of thousands of records stolen or inappropriately handled, or an attack that they themselves initiate via inappropriate use of their personal computer or mobile phone, or anything in between, breaches have caused consumer distrust to become rampant when it comes to whether or not their personal information is being kept safe. This is hammered home in a recent Global Survey on Internet Security and Trust report from CIGI-Ipsos, in which only 38 percent of consumers surveyed trusted that their activities on the internet are not being monitored.

Consumer distrust grows

Stop for a moment and think about how much of our lives are now conducted online, or are connected in some way. When you wake up in the morning, you likely check personal and perhaps work email from a tablet or mobile device. You might update Facebook, Instagram or Twitter. You may ask your Amazon Echo what the weather and traffic is like on your way to work. You might place a grocery order online, or order a new supply of toilet paper. On the ride into work, you might use a Bluetooth headset to listen to voice mails or catch up on the day’s headlines. When a large majority of our everyday life is conducted online, how did the industry get to a point where the consumers who have bought into this “connected vision” don’t feel safe being online?

Symantec conducted a survey on privacy within the European Union, and found that 59 percent of respondents have experienced a data protection issue in the past. Reported issues included being notified of a data breach by a company that had access to some of their personal information, having an email or social media account hacked, having bank details stolen, being a victim of online identify theft, getting a computer virus, or responding to an online scam or fake email. Overall, 57 percent of respondents reported being worried that their data is not safe.

The National Telecommunications & Information Administration (NTIA) in May released a report that correlates how connected we are online with a higher risk of data breaches. The report found that while 9 percent of online households that used just one type of computing device (such as a desktop, laptop, tablet, Internet-connected mobile phone, wearable device, or TV-connected device) reported a security breach, 31 percent of those that used at least five different types of devices reported a breach.

Opting Out

Furthermore, there is a potential economic impact to consumers’ distrust. The report also found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities. Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet, and 30 percent refrained from at least two of these activities. In households that experienced a breach, these percentages are even higher.

This fear and distrust is not without good reason. In Symantec’s April 2016 Internet Security Threat Report (ISTR), the security firm estimated that if all breaches that occurred in 2015 reported the number of consumers worldwide impacted, it would total an estimated half-billion people.

exposed

Financial information such as credit card numbers are still coveted information, although their per-card value is going down and their shelf life is short since credit card companies and credit card owners are using technology to shut down fraudulent transactions quickly. Instead, the new sought-after information is information from insurance, government and healthcare organizations that is being targeted. The more details someone has about an individual, the easier it is to commit identity fraud, and targeting these groups provides more complete profiles of individuals to criminals. Real names are still the most common (78 percent) type of information exposed, according to the ISTR, followed by home addresses, birth dates, Government IDs (such as Social Security numbers), medical records, and financial information.

Businesses can and should be doing much more to secure customers’ private and oftentimes sensitive information, reducing the risk for everyone. History has shown that when encryption solutions—including email encryption—are deployed properly, they work well. But communications with customers requires a different set of criteria than internal communications or communications with partners. User experience is key, according to a recent research note from Gartner, consumers are likely to resist the installation of third-party software or apps on their devices to access secured content.

In summary, consumers today have become much more discerning about their online activities, and know controlling their online activity plays a role in helping protect their privacy. However, the organizations they do business with need to take the security of customers’ private data just as seriously, and invest the time, effort and budget into ensuring its safety.

By Greg Aligiannis, Senior Director of Security at Echoworx

Sources:
CIGI-Ipsos Global Survey on Internet Security and Trust
Symantec State of Privacy Report
U.S. Census Bureau NTIA Computer and Internet Use Supplement
Symantec Internet Security Threat Report Vol. 21
Gartner Guide to Email Encryption

09 Aug 2016

Fraudsters Hackers & Thieves!

It’s official: Most consumers do not feel like their private data is indeed being kept private.

Looking around at the headlines, where high-profile breach after high-profile breach is documented, the lack of trust in data security is no surprise. Whether it be through a corporate breach, where consumers’ confidential information is revealed as part of thousands of records stolen or inappropriately handled, or an attack that they themselves initiate via inappropriate use of their personal computer or mobile phone, or anything in between, breaches have caused consumer distrust to become rampant when it comes to whether or not their personal information is being kept safe. This is hammered home in a recent Global Survey on Internet Security and Trust report from CIGI-Ipsos, in which only 38 percent of consumers surveyed trusted that their activities on the internet are not being monitored.

Consumer distrust grows

Stop for a moment and think about how much of our lives are now conducted online, or are connected in some way. When you wake up in the morning, you likely check personal and perhaps work email from a tablet or mobile device. You might update Facebook, Instagram or Twitter. You may ask your Amazon Echo what the weather and traffic is like on your way to work. You might place a grocery order online, or order a new supply of toilet paper. On the ride into work, you might use a Bluetooth headset to listen to voice mails or catch up on the day’s headlines. When a large majority of our everyday life is conducted online, how did the industry get to a point where the consumers who have bought into this “connected vision” don’t feel safe being online?

Symantec conducted a survey on privacy within the European Union, and found that 59 percent of respondents have experienced a data protection issue in the past. Reported issues included being notified of a data breach by a company that had access to some of their personal information, having an email or social media account hacked, having bank details stolen, being a victim of online identify theft, getting a computer virus, or responding to an online scam or fake email. Overall, 57 percent of respondents reported being worried that their data is not safe.

The National Telecommunications & Information Administration (NTIA) in May released a report that correlates how connected we are online with a higher risk of data breaches. The report found that while 9 percent of online households that used just one type of computing device (such as a desktop, laptop, tablet, Internet-connected mobile phone, wearable device, or TV-connected device) reported a security breach, 31 percent of those that used at least five different types of devices reported a breach.

Opting Out

Furthermore, there is a potential economic impact to consumers’ distrust. The report also found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities. Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet, and 30 percent refrained from at least two of these activities. In households that experienced a breach, these percentages are even higher.

This fear and distrust is not without good reason. In Symantec’s April 2016 Internet Security Threat Report (ISTR), the security firm estimated that if all breaches that occurred in 2015 reported the number of consumers worldwide impacted, it would total an estimated half-billion people.

exposed

Financial information such as credit card numbers are still coveted information, although their per-card value is going down and their shelf life is short since credit card companies and credit card owners are using technology to shut down fraudulent transactions quickly. Instead, the new sought-after information is information from insurance, government and healthcare organizations that is being targeted. The more details someone has about an individual, the easier it is to commit identity fraud, and targeting these groups provides more complete profiles of individuals to criminals. Real names are still the most common (78 percent) type of information exposed, according to the ISTR, followed by home addresses, birth dates, Government IDs (such as Social Security numbers), medical records, and financial information.

Businesses can and should be doing much more to secure customers’ private and oftentimes sensitive information, reducing the risk for everyone. History has shown that when encryption solutions—including email encryption—are deployed properly, they work well. But communications with customers requires a different set of criteria than internal communications or communications with partners. User experience is key, according to a recent research note from Gartner, consumers are likely to resist the installation of third-party software or apps on their devices to access secured content.

In summary, consumers today have become much more discerning about their online activities, and know controlling their online activity plays a role in helping protect their privacy. However, the organizations they do business with need to take the security of customers’ private data just as seriously, and invest the time, effort and budget into ensuring its safety.

By Greg Aligiannis, Senior Director of Security at Echoworx

Sources:
CIGI-Ipsos Global Survey on Internet Security and Trust
Symantec State of Privacy Report
U.S. Census Bureau NTIA Computer and Internet Use Supplement
Symantec Internet Security Threat Report Vol. 21
Gartner Guide to Email Encryption

21 Oct 2015

Adaptive Encryption for Evolving Risk & Compliance

More exposed than ever before.

An ever-growing landscape of costly data breaches and increasing security threats are constant reminders of our need to improve the protection of corporate and personal information. They also remind us to pay closer attention to the litany of evolving compliance and regulatory requirements.

The nature of personal information and data has changed. Beyond names, email addresses and phones numbers, individuals regularly disclose their birth dates, interests, and a range of relationships. Public pressure to respect and protect this information has led both local and federal governments to transform data regulations and hammer down enforcement. In short, protect private, sensitive information or pay the price.

Enforce or take the hit.

The message is loud and the message is clear. Comply with evolving regulatory mandates or you will get punished severely. Global regulatory agencies are enforcing protection of data security like never before. Today we find entire agencies, such as the Occupational Safety and Health Administration (OSHA) in the US, being chiefly funded via collected fines and penalties. In light of these enforcement efforts, even companies with established data security compliance programs are re-evaluating their activities and security methods; this includes their existing encryption methods.

“Trust takes years to build and only seconds to break.”

Tweet this quote

Updated security assessments are strongly recommended in order to mitigate your organizational risk and ensure the privacy of data. Trust takes years to build and only seconds to break. Help your clients understand what data you collect, why you collect it, what you do with it, and what your policy is for keeping it private.

Go public with privacy.

When you hear the term privacy policy, top of mind you see an image of a long legally formatted text file typically used by e-commerce vendors somewhere on their websites. However, a privacy policy, written with the intent to ensure users they can trust you with their information, can actually be a business strategy. Once created, privacy policies should be shared in all publicly accessed areas within your corporation and a regular review of data protection best practices should be encouraged by your data officer.

Often leakage of sensitive data occurs due to human error not malintent. Ensure all levels of employees understand your privacy policies and are trained in data protection best practices, methods, and processes.

Include a diagram of data flow in your privacy policy:

  • Where is data going once it leaves the network?
  • Is it being stored offsite?
  • Is it traveling over email?
  • Is it processed by a third-party service provider?
  • Are their cloud-based services being used to manage or maintain the data?

Thinking smarter.

Given the evolving nature of local and federal data security regulations, your approach to communicating and sharing sensitive data must also evolve. All too often, I hear people loosely throw about the word email encryption. They assume sensitive information contained in emails they send and receive is both secure and encrypted but frequently this is not the case.  Your approach to securing email communication must continuously meet industry wide  regulations.

Organizations need to look close at the type of encryption that cloud-based service providers are using. Find out if they are utilizing the right encryption strength! Do the encryption methods adapt to user requirements, both the sender and recipient?

The list of compliance and regulatory requirements due to data breaches and security threats are not getting any shorter. Evolving risk & compliance requires adaptive encryption solutions.

By Robby Gulri, Channel Manager, Echoworx

21 Oct 2015

Adaptive Encryption for Evolving Risk & Compliance

More exposed than ever before.

An ever-growing landscape of costly data breaches and increasing security threats are constant reminders of our need to improve the protection of corporate and personal information. They also remind us to pay closer attention to the litany of evolving compliance and regulatory requirements.

The nature of personal information and data has changed. Beyond names, email addresses and phones numbers, individuals regularly disclose their birth dates, interests, and a range of relationships. Public pressure to respect and protect this information has led both local and federal governments to transform data regulations and hammer down enforcement. In short, protect private, sensitive information or pay the price.

Enforce or take the hit.

The message is loud and the message is clear. Comply with evolving regulatory mandates or you will get punished severely. Global regulatory agencies are enforcing protection of data security like never before. Today we find entire agencies, such as the Occupational Safety and Health Administration (OSHA) in the US, being chiefly funded via collected fines and penalties. In light of these enforcement efforts, even companies with established data security compliance programs are re-evaluating their activities and security methods; this includes their existing encryption methods.

“Trust takes years to build and only seconds to break.”

Tweet this quote

Updated security assessments are strongly recommended in order to mitigate your organizational risk and ensure the privacy of data. Trust takes years to build and only seconds to break. Help your clients understand what data you collect, why you collect it, what you do with it, and what your policy is for keeping it private.

Go public with privacy.

When you hear the term privacy policy, top of mind you see an image of a long legally formatted text file typically used by e-commerce vendors somewhere on their websites. However, a privacy policy, written with the intent to ensure users they can trust you with their information, can actually be a business strategy. Once created, privacy policies should be shared in all publicly accessed areas within your corporation and a regular review of data protection best practices should be encouraged by your data officer.

Often leakage of sensitive data occurs due to human error not malintent. Ensure all levels of employees understand your privacy policies and are trained in data protection best practices, methods, and processes.

Include a diagram of data flow in your privacy policy:

  • Where is data going once it leaves the network?
  • Is it being stored offsite?
  • Is it traveling over email?
  • Is it processed by a third-party service provider?
  • Are their cloud-based services being used to manage or maintain the data?

Thinking smarter.

Given the evolving nature of local and federal data security regulations, your approach to communicating and sharing sensitive data must also evolve. All too often, I hear people loosely throw about the word email encryption. They assume sensitive information contained in emails they send and receive is both secure and encrypted but frequently this is not the case.  Your approach to securing email communication must continuously meet industry wide  regulations.

Organizations need to look close at the type of encryption that cloud-based service providers are using. Find out if they are utilizing the right encryption strength! Do the encryption methods adapt to user requirements, both the sender and recipient?

The list of compliance and regulatory requirements due to data breaches and security threats are not getting any shorter. Evolving risk & compliance requires adaptive encryption solutions.

By Robby Gulri, Channel Manager, Echoworx