Home  //  Blog
ReSoft Blog
Reputation and Risk Management through Data Loss Prevention, ediscovery and Compliance in email, Social Media and mobile

Data Security risks from Millennials vs Baby Boomers Subscribe Email Print

It's 10pm... do you know where your Millennials are?

At that time of night there is a good chance they are at home, working, using a personal device to access corporate data.
 
Millennials (18-35) are the single largest generation in the US workforce; one in three employees is a millennial. By 2025 they will make up 75% of the workforce. This generation is different than the Baby Boomer (55+) generation - life priorities, loyalties, and ways of working, all of which results in Millennials posing the greatest risk to existing corporate data protection practices of any segment of the workforce.
 
The 2015 US Mobile Device Security Report from our partner Absolute Software compares the behavior of Boomers versus Millennials.  
Read more

New report: employee work habits risk data breaches Subscribe Email Print

How the changing work environment is creating new data security challenges

The much anticipated Internet Trend 2015 report has been released by Mary Meeker, General Partner at Kleiner Perkins Caufield & Byers. The reports gives a great window into what is coming in tech.

It reports that that while Internet user growth has slowed, the impact of how Internet is being used continues to change rapidly. Whilst many changes appear to reflect consumer interests  - eg: Social Media, Netflix – these changes also have a major impact on enterprises.
 
Regardless of who owns a device, the need for mobility and use of personal devices impacts enterprise data security. The report says 6 out of 10 of the most used apps in the world are
Read more

The real data-breach cost of your careless users Subscribe Email Print

Data breaches from employee carelessness can be substantial

The 2015 Cost of Data Breach Study: United States released by IBM and Ponemon Institute is the 10th release focusing on cost of data breaches for US companies. Key findings include the total average cost paid by breached organizations has increased from $5.4 million to $6.5 million. The average cost for a stolen record has increased from $201 to $217, of which $74 represents direct costs and $143 indirect costs.

We have already reported that 90% of security incidents are still be tied back to people behavior, reinforcing the need for employee training and awareness to reduce security incidents and data breaches (whether from lost devices or phishing attacks).

As data
Read more

Using persistence to drive down data-loss from your end-points Subscribe Email Print

wordlossGiven that End-User device loss remains one of the largest contributors to data-loss, one of your biggest challenges after you have rolled out a secure laptop and desktop environment is how do you keep that configuration consistently protected from threats?

Subsequent changes to the employee's computer can easily affect the security of your locked down environment, or worse, your users start to install unauthorized applications like Dropbox on their workstations. Or even worse, they decide to switch off encryption 'just for a while' because it is slowing down the machine.

What is persistence?

Persistence is one of the big attractions to the Absolute Computrace solution. This technology is already embedded in the firmware of most

Read more

Rein in Your 5 high-risk data-loss employee types Subscribe Email Print

headofsecurityOver the past year the number of data breaches has grown significantly, the majority due to internal errors, such as data sent to the wrong email recipient or employees losing an unencrypted device.

Recognize that certain employee bad behaviors are one of the major data-loss threats to your business, which are amplified by Bring Your Own Device, data storage location options and cloud computing.

Your 5 high risk employee types

The Millennial:  Staying connected is rule number one in this employee’s world. Going without WiFi, apps and Social Media is not an option and all personal and corporate information must be available in one place, at their fingertips. Corrupted or hacked, their device is a potential gateway into the business

Read more

Behind Microsoft's cloud numbers Subscribe Email Print

Microsoft's cloud business is expecting to be a $4.5 billion business.  But a Business Insider article suggests this $4.5 billion number isn't as straightforward as it would seem.

One source says "What Microsoft is doing is claiming a certain percentage of their Enterprise Agreements — these are renewals of their big licensing agreements — as cloud revenue. They bundle the rights to use Azure or Office 365 as part of their overall agreement. The  secret is that very few customers are actually taking Microsoft up on using Azure in any meaningful way."

So, when an enterprise signs a new contract to buy software such as Windows, SQL and Microsoft Office, the salesperson may include for free (or almost free) access to Microsoft's cloud

Read more

Spoofing the Boss for $315,000.. almost Subscribe Email Print

Krebs On security posted an excellent article highlighting the results of socially engineered scams.  The blog discusses “CEO fraud,” and the “business email compromise,” that is increasingly common in targeting a specific businesses working with foreign suppliers businesses that do regular wire transfers.  The FBI warned in January that cyber thieves stole nearly $215 million from businesses in the previous 14 months through these scams, activated by the hijack of  email accounts of business executives.

In one example quoted, the Scoular Company, an employee-owned commodities trader lost $17.2m when they wired money in installments last summer to a bank in China after receiving emails ordering it to do so.

Read more

Employees to IT Security: we are only human Subscribe Email Print

wrongway
 
 
Data loss continues to be a problem for companies across the world, with few CIOs confident about their ability to recover data – many lack a plan to even try.  EMC's  global data protection study reveals data-loss cost enterprises $1.7 trillion in the last 12 months, up by 400% since 2012. 
 
Your people can be one of your best lines of defense given the proper end-user security awareness. They can spot and report suspicious activity in real-time before any triggers get tripped. But they can be a serious risk, prone to social engineering cyber attacks and actual insider threats.
 

While human error is inevitable, employee education and training is critical to protecting your organization; most of your employees understand
Read more

Next-gen email security analyzed Subscribe Email Print

TechTarget have done a nice job of analyzing the next generation of email encryption tools. Email encryption, as the name implies, encrypts email messages and attachments in transit from sender to receiver to protect contents from unauthorized access. The encryption may trigger automatically, encrypting messages based on content, attachment type or it may work manually, requiring the user to choose an encryption option for each email message to be protected.

The second generation of email encryption products, is in wide use compared to the first generation, has no PKI-key exchange requirement. Keys are created dynamically to handle all or virtually all of the key management behind the scenes.

The analysis covers:

  • Internal and/or
Read more

Defining the Risk from Social Media Subscribe Email Print

yellowtriangleWhen experts talk about social media risk, the conversations focus on how to control how Social Media tools are used.

Clearly, access to Social Media tools place employee communications outside of the organization's control, as a result of it being:

  • a real-time communication,
  • a rapid one-to-many publication through private and public networks and
  • a democratization of access to individuals and audiences.

As defined on the JD Supra blog, and Blue Hills' Social Media Risk report, the risk from using Social Media is not in the communication itself, but in deeper worries: sensitive corporate information disclosure, reputational harm, fraud and conflicts of interest. These are not unique to Social Media but manifest themselves very

Read more

Targeted attacks against businesses are increasing Subscribe Email Print

dollarOver the last year 94% of organizations encountered one or more cyber-security incidents and 12% experiencing a targeted attack.

Damages from a single successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses, accordong to a survey of worldwide IT professionals by Kaspersky Lab.

Whilst the targeted attacks affects any size of businesse, that large companies specifially see them as an important threat. 38% of organizations with between 1,500 and 5,000 employees, and 39% of businesses with over 50,000 employees highlighted targeted attacks as the number one concern.

Smaller businesses are a little less concerned, 34% citing targeted attacks as a key priority. A big worry for

Read more

Key industries need to keep data and email secure Subscribe Email Print

legalEveryday scenarios, highlighted by NetworkWorld magazine, illustrate where sensitive and confidential content and files need to be better managed.

Healthcare practitioners share sensitive files with remote colleagues, associates and patients. But workers should never use unapproved devices or apps, including USBs and third-party tools, to share confidential documents. This behavior is not only unsecure, but it breaks HIPAA Compliance which could lead to loss of accreditation or substantial fines.

HR Departments send offer letters, tax information and payroll data all the time. And if job-seekers use email platforms like Gmail and Yahoo, they further enhance the risk that of content being viewed by a third-party.

Finacial Advisors and

Read more

Adding more DLP to Office365 Subscribe Email Print

DLP provides an automated system to detect when users send out sensitive information. An appropriate action can then be taken, using a Policy tip to warn the user, journal the message, notify a person/group or block the message. Microsoft DLP includes a template engine to create templates for different policies, with a templates for common policies such as HIPAA and PCI. Exchange 2013 DLP suffers from limitations, mainly it worked only on messages sent through the Exchange server, Policy Tip warnings are only supported in OWA 2013 and Outlook 2013, and the system requires specialist skills to maintain.

Microsoft has extended DLP into SharePoint Online and OneDrive for Business. Office 365 DLP will also be able to recognize and act on tags

Read more

Which Office 365 migration tools do you use? Subscribe Email Print

goldfishMicrosoft offers a selection of free Office 365 migration tools to assess readiness and manage deployment. The Exchange Server Deployment Assistant queries deployment objectives and creates guidelines for the migration. The Directory Sync tool assists the migration process by synchronizing users, groups and contact data from local Active Directory to Office 365. Office 365 provides the Exchange Admin Center to help with remote moves, cutovers, staged migrations and third-party email (IMAP) migrations.

Third-party tools can add extra features such as creating user accounts, moving email, contacts, appointments, tasks, folders, archives and settings to Office 365.

Read more

Client Results: 90% Reduction in Successful Phishing Attacks Subscribe Email Print

Reduce employee clicks on phishing attacks by up to 90%security awareness is important, but changing employee behavior to decrease security risk is the end goal of any security education program. 

One of PhishGuru's anti-phishing clients, a Northeastern public university, reduced successful phishing attacks by 90%.

When a cyber-criminal fabricated an email that appeared to originate from the newly appointed dean’s email address, addressing new policies and staffing changes and asking school officials to update their personal information, it triggered an response from administration, according to the school’s information security officer. “We recognized that a significant hole in our security was our people in that they were not very savvy with regards to these issues,” he

Read more

What Moves You To Open An Internal Email? Subscribe Email Print

mailoverloadManagement’s objective is to use email to optimize communications with employees. So what does it take to motivate employees to open internal mail when they are already overloaded with email from clients and business partners?

NCR (via Forbes) came up with some interesting findings on organizational behavior based on big data with regards to emails sent by internal sources…and the factors that motivate click-through vs. the decision not to open an email.

Here are some of the learnings (some may surprise you):

  • Contrary to what it previously thought, NCR found that the day of the week the email is sent doesn’t impact open and click-through rates. Fridays are as good as any other day.
  • The time of day a message is sent does matter.
Read more

The 7 dangers of PST files Subscribe Email Print

#PST files continue to be a thorn in the side of the messaging group, IT security, Compliance and Records Management. Here is an analysis of why you need to get control over your PST files.


PerilsofPSTs

Read more

Add internal compliance to your email Data Loss Prevention strategy Subscribe Email Print

exchange-secure-gatewayThe new SECURE Exchange Gateway (SXG) adds data protection and Compliance control to email content being distributed within an internal Microsoft Exchange infrastructure.

In combination with Adaptive Redaction technology, the SXG safeguards against inappropriate or sensitive information being incorrectly distributed internally thereby removing the threat of such data being stored in an unsecure location or accidentally leaked outside the organization.

Microsoft Exchange, as the primary collaboration tool of choice, will grow market share to 68% by 2016 according to the Radicati Group. The SECURE Exchange Gateway detects inappropriate content sharing, imbedded malware, malicious executable file types and content violations in Exchange

Read more

Adaptive Redaction protects against critical or sensitive data loss Subscribe Email Print

Adaptive Redaction is a new technology to prevent sensitive data leaking in or out of your company via email, attachments and web uploads and downloads. This technology, from our partner Clearswift, automatically identifies and removes sensitive data as it passes in and out of a company network with no human intervention.

Why redact?  Adaptive Redaction scans content, automatically identifying and removing both the ‘visible’ and ‘invisible data’ - credit card number, patient id -  which breaks policy, then continues to deliver to the intended recipient without ‘stopping and blocking’. The trigger to redact depends on the policy, which in turn depends on the individuals who are sending or receiving the information - making it

Read more

Where are you housing your ediscovery data - admins weigh in Subscribe Email Print

A new infographic shows the current situation and plans for ediscovery related data- mailbox data, network file data, hosted or on-premise - from an admins perspective. With 104 respondents,our friends at Sherpaasked IT admins questions pertaining to their ESI (electronically stored information). Here’s what they had to say!

whereareyouhousingyourdatainfographic

 

Read more

Flaws in Sharepoint Library Security Permissions and how to fix them Subscribe Email Print

Most of our Exchange and Domino customers are seeing expanding SharePoint environments. But the management of who-has-access-to-what within a SharePoint Library becomes a huge issue as the SharePoint infrastructure gets larger and more complex. Titus metadata security for SharePoint addresses this issue: 

SharePoint native security issues:SharePoint's Inherited security model is insufficient for controlling access to sensitive information. Permissions for each document within a library must be set one-at-a time, which is very time consuming. It is hard to keep track of all documents that need special permissions. This usually forces organizations to move documents into separate libraries.Users Need Filtered Views - Different users

Read more

Get your electronic discovery together for social media governance and ediscovery Subscribe Email Print

There was a time when the production of information in civil litigation primarily consisted of the exchange of hard-copy, paper records. Those days are long gone.

Now we live in an age that features all kinds of electronic data. It is critical to get it correct when it comes to Electronic Discovery -  as the downside consequences for getting it wrong can be severe.

Duane Morris reports that as soon as litigation happens or is reasonably believed to be on the horizon, it is imperative to implement a "legal hold" to preserve potentially relevant data. In this way, relevant data will not be destroyed. The failure to preserve relevant data can lead to charges of spoliation of evidence. Actual spoliation can lead to court orders excluding

Read more

Contact Re-Soft today to get help!

helpdeskimage

To order products or request more information, click here or email This email address is being protected from spambots. You need JavaScript enabled to view it. detailing your requirements or call us at (203) 972-8462 to discuss your needs.
Scroll Up