How Much Do Your Employees Know About Your Company’s Internet Security Policies?

A software company recently did a survey of 2,000 office workers to find out how much they know about their company’s Internet security policies. They found as many as 74% of employees feel confident that they know and understand the policies. But as they started to dig into the information, it seems that the employees’ confidence is misplaced for a couple of reasons. One third of them have never received any training on IT security since they joined the company and more than two-thirds have been employed with the company for more than five years, which is a technological lifetime.

If your employees do not know anything about IT security or your latest online security policies, it will be very difficult to keep your company secure no matter how safe you feel your network is. Here are some tips on how to get your employees to help you keep your company more secure.

Education
Hold security training classes for existing employees as well as new hires. These classes should just cover the basics including why you are concerned with security; what the ramifications are to the company if they are the victims of cybercrime and their data is stolen. Make the classes relevant to the employee by incorporating elements they can use in their personal life as well, such as keep an eye on your online reputation, how to ensure your online transactions are secure, and give examples of current cybercrime threats to look out for. Keep in mind that some of your employees, based on their duties, may need a more dedicated approach and should have training sessions on a regular basis.

Regular Updates
With the constant changes in technology and online security landscape, your policies may need to change often as well. Make sure that all your employees are updated with the latest policy. You should also let your employees know if there is a new security threat going around so they know to look out for it both at work and at home. It may be a good idea to schedule the security updates on a regular basis, maybe once a quarter or even once a month, so it’s top of mind for your employees.

Computer Safety
In today’s office environment it is difficult to keep your network secure. Some companies have adopted the philosophy of “BYOC” (Bring Your Own Computer) while other companies have company laptops that are shared among several employees and used on the road, both examples that leaves your network vulnerable to viruses or other malware from the portable machine. Even if you only have desktops it is close to impossible to function without some level of Internet access and employees may also bring in CD-Roms or memory sticks that could be infected.

Laptops or other portable devices brought into your network as well as your existing desktops on the network must have the latest anti-virus, spyware, firewall, and anti-malware protection at all times. But as we all know, the anti-malware patches are only created after the malware itself has been discovered, at which point it may be too late.

To ensure complete protection when performing any online transaction that may leave your network vulnerable, install SafeCentral’s WebProtection™ on your desktops and laptops, and make it a requirement that any laptop or similar device that is brought in and hooked up to your network also must have it installed.

SafeCentral’s WebProtection™ operates under the assumption that your network is already infected and ensuring that your endpoint data is secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction. In addition to making your machines safe to operate, WebProtection™ is flexible and offers enterprises multiple configuration options making it the only choice for companies that are employing VDIs, SSL VPNs, or using cloud services such as outsourced accounting systems, customer relationship management (CRM) tools, or enterprise resource planning (ERP).

Cybercrime And Security In 2010

SC Magazine recently published an article compiling lists that highlights this year’s most notable security and cybercrime incidents. Their lists range from Top Notable Breaches to Top Cybercrime Busts and Top Notable Vulnerabilities.

One of the scariest lists they had was the Top 5 Notable Breaches and the number of records that were exposed. This is a list that should really make you think the next time you give any personal information to a company. What scares us the most is the fact that these are not small businesses, these are big companies that should have plenty of security measures on their network to keep their data safe. Here’s the list:

1. AvMed Health Plans: 1.2 million records exposed
2. Lincoln National Financial Securities: 1.2 million records exposed
3. BlueCross BlueShield of Tennessee: 1 million records exposed
4. South Shore Hospital: 800,000 records exposed
5. AT&T (iPad exposure): 114,000 records exposed

Another list that should be read is the Top 5 Threats list. It will show you the range of targets and creativity of cyber criminals, targeting anyone from an individual email account and a small business to major high-profile websites. Here are the top 5:

1. Stuxnet: Numerous SCADA systems reported being hit by the AutoRun-spreading worm, but only two sites – both in Iran – reported damage.
2. Aurora: Google, in a much-heralded act of transparency, disclosed that its corporate systems were infiltrated by savvy cyberspies, believed to be operating out of China. Some 30 other high-profile companies also were targets.
3. Zeus: The repulsive malware extended its masterful ambush on mostly small and midsize businesses to steal banking credentials and dump out hundreds of thousands of dollars from legitimate accounts into those belonging to so-called money mules.
4. Here you have: In a year dominated by threat sophistication, a rapidly spreading email worm, traced back to a cyber-jihad group, did little damage but clog inboxes impacted corporations across the country.
5. Iranian Cyber Army: The hacker group responsible for defacement attacks against Twitter and Baidu appears to be adjusting its modus operandi to amass a mighty botnet. Researchers have traced exploits discovered on legitimate websites back to the gang.

This is definitely an article worth reading for any individual or enterprise who is concerned about Internet security, or maybe even more so for someone who is not concerned. It will show how many threats are actually out there and how many ways you can unwittingly invite them in.

To read the full article, go to: http://www.scmagazineus.com/it-security-in-2010-the-year-in-lists/article/191807/.

Many of this year’s cybercrimes could have been averted if companies took greater measures to ensure the safety of their customers’ information as well as their own data. One easy way to ensure secure online transactions is by using a secure browser. SafeCentral’s WebProtection™ operates under the assumption that the user’s machine is already infected with malware and makes sure that the endpoint data stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Locking Down the Browser

One of the weakest links in your security defense is your browser; it is one of the most prevalent means for spyware and adware to be installed.

As businesses move from risky paper check payments to a safer means of electronic payments, the online banking systems that financial transactions are made through have become an attractive fraud target. Although businesses are using payment fraud control devices such as ACH Positive Pay and ACH Debit Filter, they only mitigate fraud after it occurs.

For both banks and enterprises the customer is the endpoint. Banks deliver services to business customers through the browser but do not usually have any control of the business's computing environment. Small businesses do not necessarily have the experience or resources to combat fraud, which makes them especially vulnerable to attack, and they are still legally responsible for their banking transaction environment. 

There are numerous reasons why enterprises should increase their security investment but one of the weakest links in any security defense is the browser; it is one of the most prevalent means for spyware and adware to be installed. Trojans and other malware like man-in-the-browser attacks that are difficult to detect, hijack the transaction inside of a browser session, and attack the application and database on the server from there.

Of course you have to make sure your computer is up-to-date with anti-virus and anti-malware software, firewalls, latest security updates, and the latest browser versions to try to block intruders. The only problem is that the latest versions and updates only come out after the latest malware and virus has been detected. Your computer could already be infected by the time the updates come out.

The best way to ensure secure financial transactions is through a secure browser. SafeCentral’s WebProtection™ prevents funds transfer fraud even if the user’s machine is infected with malware. WebProtection™ provides data loss prevention (DLP) that combines impenetrable endpoint protection with secure DNS to ensure that endpoint data cannot be stolen or re-directed. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Many commercial banks and enterprises have already adapted to this software as part of their main fraud security measures, many of them requiring their customers, clients, and employees to use the software for all online transactions.

McAfee Releases Third Quarter 2010 Threats Report

McAfee released their quarterly Threats Report this week and discovered some new trends and threats in malware and cybercrime. The report uncovered that average daily malware growth has reached its highest levels. An average of 60,000 new pieces of malware are identified each day, almost quadrupling since 2007. McAfee identified more than 14 million unique pieces of malware in 2010, one million more than the same quarter last year. On the other hand, spam levels decreased in volume and hit a two year low this quarter, both globally and in local geographies.

Zeus botnet is one of the most sophisticated pieces of malware in Q3. It caused U.S. small businesses to lose $70 million at the hands of Ukrainian cybercriminals. Most recently, cybercriminals unleashed a Zeus botnet intercepting SMS messages to validate transactions. The criminal can then perform all bank transactions and steal funds from their victims. McAfee also saw an increase in email campaigns attempting to deliver the Zeus botnet, under the disguise of the following recognized organization names: eFAX, FedEx, Internal Revenue Service, Social Security Administration, United States Postal Service and Western Union.

Attacks on social media, such as Koobface and AutoRun malware, have leveled off but have not ended cybercriminal manipulation. Twitter, for example, provides an attacker with information on the most popular terms and trends being discussed. Shortened URL services hide website destinations, disguising malicious links targeted at users searching for these popular terms. In Q3, 60 percent of the top Google search terms returned malicious sites within the first 100 results.

Mike Gallagher, senior vice president and chief technology officer at Global Threat Intelligence for McAfee says: “Our Q3 Threat report shows that cybercriminals are not only becoming savvier, but attacks are becoming increasingly more severe. Cybercriminals are doing their homework, and are aware of what’s popular, and what’s insecure. They are attacking mobile devices and social networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance.”

For a full copy of the Q3 2010 Threats Report, please visit: www.mcafee.com/Q3_Threat_Report

SafeCentral’s WebProtection™ is a tool that can help keep online transactions and endpoint data safe. Even if the computer is already infected with malware, spyware, or viruses; WebProtection™ provides a secure browser and locks down the PC every time the user is trying to conduct an online transaction. This is obviously a very important means of protection for businesses and financial institutions who may stake their reputation on keeping their customers’ and their own data safe from cybercriminals.

WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction. It also establishes a secure DNS that routes the user directly to the website they are trying to access avoiding WiFi security concerns and man-in-the-middle attacks.

The software is a lightweight application that integrates seamlessly with regular security measures such as anti-virus and anti-malware tools. Because it operates independently of signatures and databases, it is always up to date making it easy to maintain and use for individuals and enterprises.

For a demo or more information, call us at 561-472-5200 or email us at sales@safecentral.com.