How Much Do Your Employees Know About Your Company’s Internet Security Policies?

A software company recently did a survey of 2,000 office workers to find out how much they know about their company’s Internet security policies. They found as many as 74% of employees feel confident that they know and understand the policies. But as they started to dig into the information, it seems that the employees’ confidence is misplaced for a couple of reasons. One third of them have never received any training on IT security since they joined the company and more than two-thirds have been employed with the company for more than five years, which is a technological lifetime.

If your employees do not know anything about IT security or your latest online security policies, it will be very difficult to keep your company secure no matter how safe you feel your network is. Here are some tips on how to get your employees to help you keep your company more secure.

Education
Hold security training classes for existing employees as well as new hires. These classes should just cover the basics including why you are concerned with security; what the ramifications are to the company if they are the victims of cybercrime and their data is stolen. Make the classes relevant to the employee by incorporating elements they can use in their personal life as well, such as keep an eye on your online reputation, how to ensure your online transactions are secure, and give examples of current cybercrime threats to look out for. Keep in mind that some of your employees, based on their duties, may need a more dedicated approach and should have training sessions on a regular basis.

Regular Updates
With the constant changes in technology and online security landscape, your policies may need to change often as well. Make sure that all your employees are updated with the latest policy. You should also let your employees know if there is a new security threat going around so they know to look out for it both at work and at home. It may be a good idea to schedule the security updates on a regular basis, maybe once a quarter or even once a month, so it’s top of mind for your employees.

Computer Safety
In today’s office environment it is difficult to keep your network secure. Some companies have adopted the philosophy of “BYOC” (Bring Your Own Computer) while other companies have company laptops that are shared among several employees and used on the road, both examples that leaves your network vulnerable to viruses or other malware from the portable machine. Even if you only have desktops it is close to impossible to function without some level of Internet access and employees may also bring in CD-Roms or memory sticks that could be infected.

Laptops or other portable devices brought into your network as well as your existing desktops on the network must have the latest anti-virus, spyware, firewall, and anti-malware protection at all times. But as we all know, the anti-malware patches are only created after the malware itself has been discovered, at which point it may be too late.

To ensure complete protection when performing any online transaction that may leave your network vulnerable, install SafeCentral’s WebProtection™ on your desktops and laptops, and make it a requirement that any laptop or similar device that is brought in and hooked up to your network also must have it installed.

SafeCentral’s WebProtection™ operates under the assumption that your network is already infected and ensuring that your endpoint data is secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction. In addition to making your machines safe to operate, WebProtection™ is flexible and offers enterprises multiple configuration options making it the only choice for companies that are employing VDIs, SSL VPNs, or using cloud services such as outsourced accounting systems, customer relationship management (CRM) tools, or enterprise resource planning (ERP).

Cybercrime And Security In 2010

SC Magazine recently published an article compiling lists that highlights this year’s most notable security and cybercrime incidents. Their lists range from Top Notable Breaches to Top Cybercrime Busts and Top Notable Vulnerabilities.

One of the scariest lists they had was the Top 5 Notable Breaches and the number of records that were exposed. This is a list that should really make you think the next time you give any personal information to a company. What scares us the most is the fact that these are not small businesses, these are big companies that should have plenty of security measures on their network to keep their data safe. Here’s the list:

1. AvMed Health Plans: 1.2 million records exposed
2. Lincoln National Financial Securities: 1.2 million records exposed
3. BlueCross BlueShield of Tennessee: 1 million records exposed
4. South Shore Hospital: 800,000 records exposed
5. AT&T (iPad exposure): 114,000 records exposed

Another list that should be read is the Top 5 Threats list. It will show you the range of targets and creativity of cyber criminals, targeting anyone from an individual email account and a small business to major high-profile websites. Here are the top 5:

1. Stuxnet: Numerous SCADA systems reported being hit by the AutoRun-spreading worm, but only two sites – both in Iran – reported damage.
2. Aurora: Google, in a much-heralded act of transparency, disclosed that its corporate systems were infiltrated by savvy cyberspies, believed to be operating out of China. Some 30 other high-profile companies also were targets.
3. Zeus: The repulsive malware extended its masterful ambush on mostly small and midsize businesses to steal banking credentials and dump out hundreds of thousands of dollars from legitimate accounts into those belonging to so-called money mules.
4. Here you have: In a year dominated by threat sophistication, a rapidly spreading email worm, traced back to a cyber-jihad group, did little damage but clog inboxes impacted corporations across the country.
5. Iranian Cyber Army: The hacker group responsible for defacement attacks against Twitter and Baidu appears to be adjusting its modus operandi to amass a mighty botnet. Researchers have traced exploits discovered on legitimate websites back to the gang.

This is definitely an article worth reading for any individual or enterprise who is concerned about Internet security, or maybe even more so for someone who is not concerned. It will show how many threats are actually out there and how many ways you can unwittingly invite them in.

To read the full article, go to: http://www.scmagazineus.com/it-security-in-2010-the-year-in-lists/article/191807/.

Many of this year’s cybercrimes could have been averted if companies took greater measures to ensure the safety of their customers’ information as well as their own data. One easy way to ensure secure online transactions is by using a secure browser. SafeCentral’s WebProtection™ operates under the assumption that the user’s machine is already infected with malware and makes sure that the endpoint data stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Locking Down the Browser

One of the weakest links in your security defense is your browser; it is one of the most prevalent means for spyware and adware to be installed.

As businesses move from risky paper check payments to a safer means of electronic payments, the online banking systems that financial transactions are made through have become an attractive fraud target. Although businesses are using payment fraud control devices such as ACH Positive Pay and ACH Debit Filter, they only mitigate fraud after it occurs.

For both banks and enterprises the customer is the endpoint. Banks deliver services to business customers through the browser but do not usually have any control of the business's computing environment. Small businesses do not necessarily have the experience or resources to combat fraud, which makes them especially vulnerable to attack, and they are still legally responsible for their banking transaction environment. 

There are numerous reasons why enterprises should increase their security investment but one of the weakest links in any security defense is the browser; it is one of the most prevalent means for spyware and adware to be installed. Trojans and other malware like man-in-the-browser attacks that are difficult to detect, hijack the transaction inside of a browser session, and attack the application and database on the server from there.

Of course you have to make sure your computer is up-to-date with anti-virus and anti-malware software, firewalls, latest security updates, and the latest browser versions to try to block intruders. The only problem is that the latest versions and updates only come out after the latest malware and virus has been detected. Your computer could already be infected by the time the updates come out.

The best way to ensure secure financial transactions is through a secure browser. SafeCentral’s WebProtection™ prevents funds transfer fraud even if the user’s machine is infected with malware. WebProtection™ provides data loss prevention (DLP) that combines impenetrable endpoint protection with secure DNS to ensure that endpoint data cannot be stolen or re-directed. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Many commercial banks and enterprises have already adapted to this software as part of their main fraud security measures, many of them requiring their customers, clients, and employees to use the software for all online transactions.

McAfee Releases Third Quarter 2010 Threats Report

McAfee released their quarterly Threats Report this week and discovered some new trends and threats in malware and cybercrime. The report uncovered that average daily malware growth has reached its highest levels. An average of 60,000 new pieces of malware are identified each day, almost quadrupling since 2007. McAfee identified more than 14 million unique pieces of malware in 2010, one million more than the same quarter last year. On the other hand, spam levels decreased in volume and hit a two year low this quarter, both globally and in local geographies.

Zeus botnet is one of the most sophisticated pieces of malware in Q3. It caused U.S. small businesses to lose $70 million at the hands of Ukrainian cybercriminals. Most recently, cybercriminals unleashed a Zeus botnet intercepting SMS messages to validate transactions. The criminal can then perform all bank transactions and steal funds from their victims. McAfee also saw an increase in email campaigns attempting to deliver the Zeus botnet, under the disguise of the following recognized organization names: eFAX, FedEx, Internal Revenue Service, Social Security Administration, United States Postal Service and Western Union.

Attacks on social media, such as Koobface and AutoRun malware, have leveled off but have not ended cybercriminal manipulation. Twitter, for example, provides an attacker with information on the most popular terms and trends being discussed. Shortened URL services hide website destinations, disguising malicious links targeted at users searching for these popular terms. In Q3, 60 percent of the top Google search terms returned malicious sites within the first 100 results.

Mike Gallagher, senior vice president and chief technology officer at Global Threat Intelligence for McAfee says: “Our Q3 Threat report shows that cybercriminals are not only becoming savvier, but attacks are becoming increasingly more severe. Cybercriminals are doing their homework, and are aware of what’s popular, and what’s insecure. They are attacking mobile devices and social networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance.”

For a full copy of the Q3 2010 Threats Report, please visit: www.mcafee.com/Q3_Threat_Report

SafeCentral’s WebProtection™ is a tool that can help keep online transactions and endpoint data safe. Even if the computer is already infected with malware, spyware, or viruses; WebProtection™ provides a secure browser and locks down the PC every time the user is trying to conduct an online transaction. This is obviously a very important means of protection for businesses and financial institutions who may stake their reputation on keeping their customers’ and their own data safe from cybercriminals.

WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction. It also establishes a secure DNS that routes the user directly to the website they are trying to access avoiding WiFi security concerns and man-in-the-middle attacks.

The software is a lightweight application that integrates seamlessly with regular security measures such as anti-virus and anti-malware tools. Because it operates independently of signatures and databases, it is always up to date making it easy to maintain and use for individuals and enterprises.

For a demo or more information, call us at 561-472-5200 or email us at sales@safecentral.com.

Safe Online Shopping For The Holidays

Holiday shopping online has been consistently increasing year after year and this season is no exception. More than half of consumers are planning on doing some or all of their holiday shopping online this year. With so many people doing online transactions this is not only the greatest time of the year for online stores, but for cybercriminals as well.

Here are some tips on how you can make sure you stay safe when doing your online shopping:

1. Make sure your computer is up to date with anti-virus and anti-malware software, firewalls, latest security updates, and the latest browser versions to try to block intruders.

2. Whenever possible try to use a secure Internet connection, such as your home connection with an encrypted password, rather than a free wireless connection in a coffee shop or on the street.

3. Check to make sure the websites you are shopping from are secure. Look at the website address or URL in the box at the top of your browser screen. There should be an "s" after "http" or a lock symbol in the lower right-hand corner of the screen. If you have doubts about security, right-click anywhere on the page, and select "Properties" to see the real URL. The dialog box should say whether the site is encrypted. It would be a good idea to stick to sites you know and trust rather than trying new sites that may have a good deal but look unprofessional and that you have never heard of.

4. Beware of confirmation emails. Last year there was a flood of DHL, UPS, and FedEx related emails reporting delays or asking for confirmation. Each of them contained a malicious attachment, usually in the form of a ZIP, Word, or PDF file. This is happening again this year. Shipping carriers will normally not send you attachments. If you are unsure at all, give the carrier a call rather than opening the attachment or using the links in the email.

5. Shop with a credit card. Under federal law you can dispute the charges if you don’t receive the item. You can also dispute any unauthorized charges you may see on your card. Make sure you check your credit card statements on a regular basis so you can catch any fraud as soon as possible. Be careful if you use a debit card that is tied directly to your bank account. Check with your bank to find out what protections they offer with online transactions.

A great way to ensure that your online shopping is secure is SafeCentral’s WebProtection™. It provides end-to-end security against identity theft by locking out desktop malware and establishing trusted web connections, even on already infected PCs. Get WebProtection™ as a gift to yourself before you start shopping for everyone else. Keeping your identity and your financial information secure is possibly the greatest gift you can get this season.

Tags: Secure online shopping, safe online shopping, data protection, identity theft protection, secure online transactions

Risks to the Endpoint When Using Cloud Services

While there has been a lot of talk about creating security standards for cloud services, one area that is completely in the user’s control is endpoint security. It is important that you feel secure in the companies you use for your cloud services but don’t forget about the endpoint.

If your endpoint devices such as notebook, PC’s, or tablets aren’t secure or your employees don’t have proper guidelines or information about keeping their endpoints secure, your company data is at risk for many serious security threats. The most vulnerable activities are when conducting an online transaction or accessing your cloud-based services.

Screen scrapers, key loggers, DNS redirects, viruses, worms, Trojan horses … these are just some of the threats that are facing your business when your employees access the Internet even for work-related purposes. Once your endpoint device is infected, your data is seriously at risk. You may think that you have kept your network free of infections and have very effective malware detection programs in place, but there are new security threats surfacing every day and the industry is always a step behind with the solution.

SafeCentral has a different approach to keeping your data safe. SafeCentral’s WebProtection™, a one-time install, light-weight data loss prevention (DLP) application, operates under the assumption that the user’s machine is already infected with malware ensuring that endpoint data is secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction. An easy and reasonable way to keep your endpoint data safe during regardless of how secure your endpoint device is.