2011 - The Year In Security So Far

2010 was a year filled with breaking news of big companies that had data breaches and exposed the personal data of millions. Who can forget the stories of companies like McDonald’s, Walgreens, and the AT&T iPad exposure? These are just a couple of the top stories from last year.

To date this year, cybercrime has absolutely outperformed last year. Criminals are breaching even more well-known and trusted companies, and getting away with even more data.

• Sony – Hackers stole over 100 million personal records from the Sony Online Entertainment system.
• RSA – Makers of security tokens, RSA, had their SecurID devices compromised as the results of a security breach. The company provides security tokens to 25,000 organizations and an estimated 40 million people use the tokens.
• Some of the information collected in the breach was used as an element of an attempted attack on Lockheed Martin.
• Epsilon – We wrote a previous blog post about the breach at Epsilon, the company that handles email communications for over 2,500 companies including Best Buy, Capital One, JP Morgan, TiVo, US Bank, and more.
• Other companies or organizations that have been hacked this year so far include:
• NASA’s Goddard Space Flight Center, who lost confidential satellite data
• InfraGard, a FBI affiliate
• European Commission
• WordPress
• Trip Advisor
• The Institute of Electrical and Electronics Engineers (EEE)
• Gawker Media
• Trapster
• The Pentagon’s official credit union

Securitynewsdaily.com reports that the experts are concerned that companies, small and large, aren’t taking security seriously enough. They also foresee the trend only getting worse until companies start making changes. Cyber criminals are choosing companies with weak security and prey on their weakness. Ondrej Krehel, information security officer for Identity Theft 911, says that companies that have switched to less expensive data storage solutions, "such as cloud computing," may have erred on the side of convenience and left themselves vulnerable in the process.

A first step in the right direction for enterprises, commercial banks, and other organizations is to invest in SafeCentral’s WebProtection™ to make sure VDIs and cloud services connections are secure and that the endpoint data is safe.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

SafeCentral Quoted in Processor Magazine

Processor Magazine ran a great feature in their February 25, 2011 issue named “Boost Your Enterprise Security”. The article discussed different threats to today’s enterprise security structures and what steps enterprises can take to prevent breaches and malicious infiltration. Several experts within the security industry including our own, CTO Ray Dickenson, contributed to the article.

The article covers several areas within security including the importance of keeping processes and policies up-to-date and that these processes are continuously updated as elements such as new staff, applications and threats that have an impact on the environment changes. One of the experts interviewed in the article also points out that it is imperative to have action plans in place so that if something does happen, the damage can be minimized and problems can be handled efficiently.

Other preventative measures enterprises can take as recommended in the article include creating a full-time high-level security position that can create or manage a security program for the entire organization; carefully monitor and control the use of portable devices; perform regular penetration testing of external and internal systems, possibly using an outside team rather than the standard IT staff; and using behavior profiling or key metrics such as privileged user activity, after-hours access, network traffic, policy changes, etc. Another great suggestion is that enterprises can use some of their existing solutions and repurpose as security solutions, such as network based anomaly detection.

The top tip discussed in the article is to address mobile devices. SafeCentral’s Chief Technology Officer, Ray Dickenson, stated that mobile devices part of any enterprise’s security realm regardless of their security policies and it’s a good idea not to ignore their presence. He goes on to urge enterprises to update network policies and employee handbooks to include the use of portable devices, explaining how and when employees can connect to, store, and forward corporate data. It is most important that employees know to never leave data behind on a device that is discarded.

To read the full Processor Magazine article and more of Ray’s quote, download and read it here: http://www.processor.com/editorial/article.asp?Article=articles/p3304/20p04/20p04.asp&GUID=.

SafeCentral Named the Leader in Secure Browser

Last month, PCmag.com wrote “PCMag’s Guide to Security Software,” a great article outlining the different types of security software available, what they can all be used for, and highlighting the best in each category. In their article, they named SafeCentral as the leader in the “Secure Browser” category.

Here is the exact quote from PCMag:

“SafeCentral 2.6 is the leader in this less-common product area. When users switch to secure browsing, a secure desktop slides into place visibly and emits an audible clang. The secure browser can't access programs outside the secure desktop, and vice versa. SafeCentral automatically offers secure browsing when you surf to recognized financial sites, and it routes DNS requests through its own secure DNS servers to ensure your surfing can't be diverted to a fake site.”

PCMag is already familiar with SafeCentral having done a review of the product last year, and the year before that as well. To read the review from last year, click here. Feel free to add a review of your own if you have experience with our product as we would love to get your feedback.

If you are a business or enterprise with a virtual data infrastructure, here’s a great chance for you to learn more about SafeCentral and how to secure your VDI and your endpoint data. SafeCentral will hold a free live webinar on June 1st, at 2 pm EST about VDI security. Register here.

Click here to read the full PCMag.com article.

Is Your Business a Cybercrime Target?

NCSA (National Cyber Security Alliance) and VISA did a survey at the end of last year among 1,000 small businesses in the U.S. The results were very surprising and concerning. We wanted to highlight some of the results and show SMBs that security should be a concern; and there are small steps you can take to make your company data more secure.

Here are some of the results from the survey:

• Close to 50% of small business owners believe the high cost in time and money to fully secure their business is not justified by the threat.
• 75% of owners said their employees have received less than three hours of network and mobile device security training in the past year, with 47% saying their employees received zero hours of training.
• More than 85% of small business owners believe that they are less of a cybercrime target than large companies.
• 54% believe they are more prepared to secure sensitive customer and corporate data than large businesses.
• 84% agree that they have the policies and procedures in place for keeping data and computer systems secure.

So, while small businesses do not see themselves as cybercrime target and do not put time or money in to security measures, they still feel that they are prepared and secure enough to handle sensitive data and keep their information safe.

In the meantime, the news is full of stories of small businesses that have been victims of cybercrime that have lost both sensitive information and money. It was only some months ago that authorities arrested a group of people that allegedly stole $70 million from U.S. bank accounts, specifically targeting small and medium businesses.

Considering the ramification of a security breach should urge small businesses to take their security measures a little more seriously. A security breach can cost a company a lot of money to clean up and can do irreparable damage to a company’s reputation. Take the first step and invest in SafeCentral’s WebProtection™ to make sure your VDI and cloud services connections are secure and that your endpoint data is safe.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

Virtual Desktop Infrastructure Protection – Free Live Webinar

With a shift to cloud computing and VDI environments, small and midsize businesses are now the main target of cybercriminals. VDIs are becoming more common place as they offer enterprises costs savings however, they also pose new security risks. VDIs may make their users more vulnerable than ever to screen scrapers, key loggers, DNS redirection and malware. Overall making your environment less secure and expose you to critical data theft. Remote endpoints (managed or unmanaged) restrict the level of protection you can guarantee.

As businesses strive to reduce costs associated with application and data access, many organizations are finding the solution resides in leveraging existing resources to centralize applications and services. But what happens when data is accessed on your VDI from a local machine that is possibly infected with malware? That data is now susceptible to malware and theft.

Advanced malware is bypassing the best anti-malware solutions for the endpoint and conducting mass-market crime. Consumers, Commercial Banks, and Enterprise Networks are all at risk, despite all the effort and dollars being spent.

Let us teach you how to protect your VDI environment. View our Free Live Webinar about VDI Security and learn how to ensure the connection is secure and the endpoint data is protected!

Secure Your VDI Your Way
WebProtection™ for VDI provides data loss prevention (DLP) to ensure that the connection is secure and the endpoint data is protected when users access VDI farms. Enterprises can choose to run WebProtection’s SafeBrowser to protect browsing activity within our secure desktop or you can utilize WebProtection’s IE or Firefox browser plugins to automatically redirect certain browsing activity to the SafeBrowser allowing enterprises to ensure users are in a secure environment when accessing their VDI.

To learn more, sign up for SafeCentral’s Free Live Webinar on Virtual Desktop Infrastructure Protection, on Wednesday, May 18, 2011 at 2:00 PM EST. Hosted by SafeCentral’s CTO Ray Dickenson. The webinar will discuss the following:

• New areas of risk for your customers
• How cybercriminals are getting access to retail and wholesale banking customers' accounts
• How you can proactively stop malicious attacks

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

Banking Security Measures

Internet banking is becoming the norm both for personal and commercial banking. It’s convenient and saves time, but it’s not risk free. With the amount of malware to be found online, it’s important to know what your bank’s security measures are and how they will keep your account safe.

Here are some of the security measures all banks should have in place to ensure secure online financial transactions:

• Internet banking should only be made through secure connections. Look for the closed padlock or the https:// (the ‘s’ signifying a secure connection) in your web address bar.
• Encryption – most banks have 128-bit security and/or the Secured Socket Layer encryption.
• Banks always make their Internet connection through firewalls, blocking unwanted access to their server.
• Many internet banking institutions also have idle session protection; if you’re logged in but leave the page idle for a certain time period, the bank logs you out so no one can find the open page and use it without your consent.

These are just some of the very basic security measures in place. Other security measures may include a secondary authentication such as an access number sent to your cell phone or a token that assigns a random number to be used in addition to your regular log-in.

Another way banks can help keep their customers safe is to offer them access to SafeCentral’s WebProtection™. Some banks are already using it and it will greatly reduce the risks of online banking.

WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

Educate Your Employees

You may think you have great security protocols in place and the best security software, but if your employees don’t follow best security practices it may have all been for nothing; and your company data will still be vulnerable to attacks. It’s important to educate your employees about data security and why it’s imperative to follow the security policies within the company so they can help you keep it safe.

In today’s work place where it’s more common to bring in laptops, smartphones, USB memory sticks, and other external devices to the office, it is very difficult to keep the network secure and free from malware. Educating your employees, helping them understand your reasons for the security policies, and explaining the consequences of a security breach will be a huge benefit to your company.

According to the first annual ISACA Risk/Reward Barometer survey, the top three ways employees add risks for IT and the business are:

• Not protecting confidential work data appropriately (50 percent)
• Not fully understanding IT policies (33 percent)
• Using non-approved software or online services for their work (32 percent)

Here is a high-level list with a few of the items you should cover with your employees:

• Malware 101 – Go through some of the most common types of malware, how they can infect your network, and what to look out for.
• Phishing 101 – Make sure employees are aware of how phishing attacks work and what they try to accomplish.
• Security Policies 101 – Explain why you put specific security policies in place and what the purpose is behind each policy.
• Consequences – Show examples of security breaches at other companies, what the outcome was and what impact it had on the company brand and image.

An easy way to help employees stay safer online is to install SafeCentral’s WebProtection ™. WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.