Tag: email security

23 Nov 2016

Encryption, the best way to protect data from hackers

It’s no secret that today’s cyber criminals are heavily funded and technically astute – creating more methods to hack into organizations than individuals and businesses can keep up with. Because of their ever changing, advanced and growing capabilities, private organizations and governments must protect all possible gateways to information in our digital-driven society. To keep the data sent via email safe, email encryption remains the best protection in today’s cybersecurity landscape.

Smarter devices mean new vulnerabilities
The evolving technology landscape has created challenges for businesses trying to stay ahead of the curve. As the workforce becomes increasingly mobile and digital, organizations are opening new digital communication and commerce channels to meet employee and business needs. But as new devices are connected to the network, and thus become connected to confidential information, risks to data privacy will appear. These new devices and potential vulnerabilities create opportunities for hackers to infiltrate personal and professional networks at vulnerable entry points.

Companies must have a solution that is focused solely on encryption if they are to tackle today’s rapidly changing technology landscape. Encryption can be tailored to meet a company’s specific IT policies, compliance requirements and user needs to ensure that critical communication touch points are protected whether on mobile or desktop, keeping organizations’ information safe. Encryption allows businesses to innovate while leveraging new technologies, ensuring that sensitive data remains secure.

Securing confidential information – in transit and at rest
Vast volumes of confidential company, customer and employee data passes through business networks every day. Companies in regulated industries represent a treasure trove for cyber criminals as they hold mounds of confidential information including biometrics, health records, financial transactions, inventory tracking, climate controls, and even digital keys. For example, to properly track medical records for HIPAA compliance, there is often personal information attached to communications that can be exploited by hackers.

To ensure that this confidential information is protected, email security solutions are often overlooked in favor of network firewalls or file server security. As a result, message interception has become more frequent – putting information at risk. Email encryption solutions that are content aware are critical to combating hackers targeting corporate email data. Content aware encryption solutions can be configured to automatically scan email content and attachments based on a company’s security policies – providing a user-friendly experience for employees and peace of mind for IT management. Encryption is crucial to ensuring that this confidential information remains private and secure – while emails are in transit and at rest.

Key to citizen privacy and security
Beyond the business benefits, encryption is also key to citizen privacy and security. But, as governments adapt to crime in the digital age, we have seen them continue to push for ways to weaken one of our best protections, encryption, with master keys or back doors to encrypted information. Encrypting sensitive information is just as important as locking your home when you leave. But would you hide a master key for your home right on its perimeter? Encryption back doors are essentially leaving a key for hackers to discover for easy entry.

Encrypted data is only as secure as the keys used by the system that locked them. If the keys are compromised by hackers, negligence or other means, or entry ways are made available via backdoors, then any data that’s encrypted can be decrypted. Ultimately, an entrance into encrypted information, whether meant for the government or an IT executive, is an entrance for everyone, including cyber criminals. Encryption is critical to the security of data and ensuring that citizens maintain their privacy, and management of keys is an essential piece of the puzzle.

As adversary tactics continue to grow and evolve, citizens and companies must feel confident that their data – from private information to intellectual property – is secure. Encryption is critical for protecting confidential data from today’s growing, fast-moving, and ever-changing cyber threats. And to remove pathways for hackers to exploit, we must maintain that back doors are not created, and all keys are properly managed. By applying encryption to email and other data, organizations can ensure that hackers have no way to access data that they discover or intercept.

If you would like to find out more ways to ensure your critical communication touch points are protected, the additional content listed below may be of interest.

  • Download our REPORT    Do You Trust Email?
  • Watch our DEMO     B2C Encryption Protection
  • Read our REPORT    Fraudsters, Hackers, and Thieves

By Kai Cheung, VP Architecture at Echoworx

08 Nov 2016

Combating Insider Threats

When Edward Snowden leaked NSA’s classified documents of their surveillance program, it sent a message out and loud to companies; if an employee can steal sensitive documents from the NSA, an employee can do that with anyone.  The authorized access of employees to a company’s confidential data poses a self-evident risk to its cyber & financial security because such data can be used to exploit the company.

The motivation behind such treasons? It could range from a fraudulent opportunity dangled in front of an employee to resentment harbored by them which foments into action. It may be because of deeply held morals or beliefs of an employee or in fact, the financial gain. Access to the company’s best kept secrets and inside knowledge of its security weaknesses, always gives the culprits an upper-hand.

Intentional theft isn’t the only insider threat.

Imagine your company, now imagine an employee in your company sending a confidential document to a customer. Maybe he is in a rush, or he is groggy or he is sending the email before his caffeine kicks in and he sends the confidential document without encrypting it. The hacker is waiting at the end-point to find a vulnerability, and guess what, your employee of the month just handed your company’s security to him on a silver platter. In 2015 over 116 billion business messages were sent a day. That’s 116 billion chances for sensitive information to be intercepted – either with malicious intent or accidentally.

The amount of data which circulates within business networks everyday can be staggering and much of it is deemed to be confidential. Companies in highly regulated industries hold large amounts of confidential data- information which includes biometrics, health records, financial transactions & inventory tracking. Simply the chance of getting hands on a wealth of highly confidential info in a single hit, makes highly regulated industries a top target.

Since many companies are favoring firewalls and server security, and shying away from email encryption- they are leaving a huge loophole for message interception and are putting information at risk. Policy-based email encryption is a key to combating cybercriminals who are dedicating even more effort to breaching corporate email data.

Email encryption solutions, which can be configured to recognize and encrypt specified email based on a company’s preset policies, provides a user-friendly experience for employees and peace of mind for IT management. But will your workforce reliably use it? Case after case has shown us that companies and even entire industries have neglected to ask the question.

If email security solutions – or any other technologies for that matter – are too complicated, employees will almost certainly find easier means to complete a task. In this scenario, security is the ball that is dropped. Insider threats continue to keep senior business leaders awake at night. A recent PwC report in the US found that 32 per cent of respondents consider insider threats to be costlier and more damaging than external incidents.

Encryption is crucial to ensuring that this confidential information remains private and secure – while emails are in transit and at rest. If you would like to find out more about how email encryption can help your business and your employees protect sensitive data, the additional content listed below may be of interest.

  • Download our REPORT  | How Much Do You Trust Email?
  • Watch our DEMO  | OneWorld B2C Encryption Protection
  • View our INFOGRAPH  | 5 Encryption Factors to Consider

By Ali Kiassat, Echoworx

28 Oct 2016

The Encryption Rally Cry

Stronger yet simpler solutions.

Email has been around for decades, and remains the mainstay of enterprise communications. Despite efforts within companies to introduce collaborative solutions that reduce reliance on email, Radicati Group reports that the average number of business emails sent and received per employee will actually grow from today through 2019.

These emails, of course, often contain sensitive text information as well as attached documents, and despite the rise in cloud- and premises-based collaboration software that might account for that drop in sent emails, that practice is likely to continue. It’s simple and easy to attach a document and send it, after all—no logging into a different system to move files, or take other steps to share information.  Users will always take the easiest path.

As security and compliance concerns continue to rise across industries, businesses are not only looking for new ways to keep sensitive data safe, but also to cut costs. As a result, many organizations are migrating some or all of their email users to the cloud, marking a fundamental change in the way that email and email-related services such as archiving and encryption are managed.

As this shift is occurring, there are two other factors also in play:

  • Lines of business are becoming increasingly more influential in determining a company’s encryption strategy, while the influence of IT is dropping, according to a recent report from Ponemon Institute. According to the report, respondents from three countries—the United States, the UK and France—actually chose their organization’s lines of business management as being more influential than its IT group in terms of determining the company’s security posture.
  • Breaches are becoming more public and more costly. Compliance with privacy and data security requirements is a big driver of encryption, not only in expected vertical markets, but across the board in all industries.

Cost and Simplicity
Businesses are migrating email to the cloud for a variety of reasons, according to a recent report from Osterman Research, but the key driver for the use of cloud-based email—cited by more than half of all respondents (52 percent)—is reducing the cost of delivering services. Also on the costs side, gaining certainty over costs was listed as a key driver by 40 percent of respondents.

Businesses are also looking for simplicity in their move to the cloud; 44 percent of respondent said cloud-based email would help streamline IT operations and 35 percent said it would enable agility in a changing user environment. Interestingly, only one-third of respondents (34 percent) listed improving organizational communications as a key factor, and 39 percent sought to drive user productivity by migrating email to the cloud.

Although the majority of respondents 43 percent said they would prefer on-premises virtualized servers as the hardware/delivery platform of choice, nearly one-third indicated a cloud-based system operated by a third party would also be a viable option. To meet the goals of cost reduction and control, many businesses will likely find that a hybrid solution—a customized blend of on-site services and off-site cloud-managed services, with different resources available to different users—will offer the best of both worlds. With many users now working remotely—either permanently as telecommuters or temporarily on mobile devices, on-premises solutions just can’t offer the flexibility of the cloud.

The big concern, of course, is security, and believe it or not, regardless of whether email is hosted in the cloud or on-premises, careless employees are a company’s worst security threat. One out of every four corporate emails contain attachments that include sensitive personal or business data. The majority of emails are openly sent without any form of encryption; 61 percent of employees admit sending confidential information through open email channel. According to the Ponemon study, 52 percent of respondents cited employee error as the most significant threat to sensitive or confidential data. Thirty percent chose system or process malfunction as the biggest threat, and 28 percent selected hackers. The fact that the top two findings on threats relate to mistakes or errors, despite recent headline-grabbing targeted threats, is significant. Ironically, that gaping hole in a company’s security posture can be quite simple to fix with the right encryption solution.

However, many companies are struggling to do just that. According to the Ponemon report, 57 percent of respondents say the biggest challenge to encryption deployment is discovering where sensitive data resides in the organization. Ponemon indicates this isn’t a surprise, and we agree; there’s more data, more endpoint devices and more use of the cloud. In addition, neatly half of all respondents (49 percent) cite initially deploying encryption technology as a significant challenge.

It’s an interesting paradox—the industry is approaching the issue of data leaks caused by employee error by offering solutions that employees will likely ignore because they are too difficult to use. If only there was a better way…

The additional content listed below may be of interest.

  • Download our REPORT  | How Much Do You Trust Email?
  • Watch our DEMO  | OneWorld B2C Encryption Protection
  • View our INFOGRAPH  | 5 Encryption Factors to Consider

By Chris Peel, Vice President Engineering, Echoworx

 

07 Sep 2016

A Single Vulnerability is all a Cyber Criminal Needs

We have been in a war against cyber criminals and data breaches since the 1900s when magician and inventor Nevil Maskelyne disrupted a public demonstration of Guglielmo Marconi’s purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium’s projector. The situation has only gotten worse today.

Millions of online transactions are done every day; billions of emails are sent every year. With the massive use of the internet, there is a significant amount of breach risk too. Looking around at the headlines, where high- profile breach is reported every now and then, the lack of trust in data security is no surprise. 62% of consumers do not believe that their internet activity is private. A report released in May by The National Telecommunications & Information Administration (NTIA) found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities.

Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet. Moreover, highly regulated industries have become prime targets for email security threats now.

highriskindustries

Read the full report

Given the status quo, the responsibility to protect clients, as well as their firms, falls on the shoulders of corporations. There is a need for robust and impeccable encryption to protect privacy rights of the people. Echoworx has a solution that will make sure that all emails leaving an organization are scanned for sensitive information, and just what is sensitive information is left up to the firms to decide. We have to fight for cyber security collectively.

SecTor 2016 will bring together experts from around the world to share their latest research and techniques involving underground threats and corporate defenses. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors. The conference will feature keynote speakers including Edward Snowden- the famous NSA whistleblower, Christopher E. Pogue- Chief Information Security Officer of Nuix, Laura Payne and Mikko Hypponen- a cyber war veteran who has been reverse engineering malware since 1991.

Get ready to experience IT security training at its best from October 17-19. Echoworx has discounted tickets for you! Get them here

The need to fight cyber criminals is now. Just like Chris Pogue says, “If not now, when?  If not you, then who?  You’re already in the fight. It’s time to start fighting the right battle and take back surrendered ground!”

Experience Echoworx’s OneWorld encryption software that can give you security- on your terms at booth 205 and I will be there to demonstrate to you how you can protect your firm from spillovers. Things can get really busy during the conference. With that in mind, I’ve created an option for you to book a personal meeting where I can address your questions one-on-one.

Click here to book a personal meeting or see a custom demo of our solution.

By Will Nathan, Enterprise Account Executive, Echoworx