The Epsilon Email Breach

By now you must have heard of the Epsilon Email Breach. If you haven’t read or heard about it in the news, maybe you received an email from a company that you have an account with warning you about the breach. With the marketing company Epsilon servicing over 2500 clients, the breach affected approximately 2% of their client base, estimated at about 50 companies. The companies include such well-known names such as:

• US Bank
• Capital One
• Target
• Best Buy
• Walgreens
• Marriott Rewards
• Verizon
• Lacoste
• Home Shopping Network (HSN)
• Kroger
• And many, many more.

The hackers have mainly gotten away with names and email addresses but that leaves those customers wide open to phishing attacks (Phishing attack: the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft).

If you’re a customer that was affected by this breach make sure to keep your security software updated. If you have to open an email from one of these companies, then mouse over the link to see if the domain name matches the company. Check for HTTPS showing that the link is secure. Don't give out sensitive personal information unless you are 100% sure you are dealing directly with the company as these emails can open the way to identity theft. Remember that the majority of companies do not ask for your sensitive personal information via email.

If you’re an enterprise, whether you service clients or use a marketing agency like this to service your customers, make sure you review your own security measures. According to Fast Company, in lost sales and fees needed to fix the matter Alliance Data Systems Corp. (ADS, the company behind Epsilon) may end up paying over $100 million--about $20 per record for each of the approximately 100,000 customers at 50 ADS clients.

This breach raises additional concerns about how secure any data is within a cloud-computing infrastructure, especially as the technology becomes more mainstream. Make sure your own endpoints are safe and expect and demand the same from your providers.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

Virtual Desktop Infrastructure Protection – Free Webinar

Virtual desktop infrastructures (VDI) are becoming more common place as they offer enterprises costs savings however, they also pose new security risks. A Gartner report said that it expects 50,000,000 users, or 15% of corporate desktops to be deployed via VDI by 2013. For these users and their employers, VDI may offer cost savings but it makes them more vulnerable than ever to screen scrapers, key loggers, DNS redirection and malware.

As businesses strive to reduce costs associated with application and data access, many organizations are finding the solution resides in leveraging existing resources to centralize applications and services, including security. This may force enterprises to choose between poor VDI return on investment or poor security and potential lack of regulatory compliance. But what happens when data is accessed on your VDI from a local machine that is possibly infected with malware? That data is now susceptible to malware and theft.

Secure Your VDI Your Way
WebProtection™ for VDI provides data loss prevention (DLP) to ensure that the connection is secure and the endpoint data is protected when users access VDI farms. Enterprises can choose to run WebProtection’s SafeBrowser to protect browsing activity within our secure desktop or you can utilize WebProtection’s IE or Firefox browser plugins to automatically redirect certain browsing activity to the SafeBrowser allowing enterprises to ensure users are in a secure environment when accessing their VDI.

To learn more, sign up for SafeCentral’s VDI Webinar on Virtual Desktop Infrastructure Protection, on Wednesday, April 20, 2011 at 2:00 p.m.

Hosted by SafeCentral’s CTO Ray Dickenson. The webinar will discuss the following
•    New areas of risk for your customers
•    How cybercriminals are getting access to retail and wholesale banking customers' accounts
•    How you can proactively stop malicious attacks

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

SafeCentral Enters Security Challenge Video Contest

Citrix invited all security solution partners to participate in the Citrix Ready Security Challenge. SafeCentral has entered and provided video content that addresses the risk of data-stealing malware on endpoint PCs that access corporate data through XenDesktop and XenApp.

This contest enables security solution partners to demonstrate what makes their solutions innovative, unique and most importantly, how they help IT admins and users deploying virtualization solutions improve the security of their environment. 

Voting runs through April 2011. Watch and vote for SafeCentral's Data Protection Video today!  

SafeCentral WebProtection™ offers many benefits giving you peace of mind when transacting online such as:

• Patented technology to block key-loggers, screen-scrapers and other malware agents, even on an already infected PC
• SecureDNS to ensure a connection to the actual site, eliminating man-in-the-middle attacks
• Automated "launch anywhere" protection for seamless integration into your existing browsing habits

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

Cloud and Remote Endpoint Data Loss Prevention - Protect your Business

FinancialPost.com reported on March 24, 2011 that the security at the world’s largest travel website, TripAdvisor LLC* was breached by an “unauthorized third party” the previous weekend. The company’s email addresses belonging to TripAdvisor’s 20 million members were taken.

The travel website states the source of the vulnerability has been discovered and shut down. Fortunately, TripAdvisor does not collect credit card or financial information from its members; however, members may receive some unsolicited emails (spam) as a result of this incident.

This is not the first time that large online companies have had information taken from their systems. Last December, a group of hackers, known as “Gnosis,” broke into the Gawker Media user database and stole contact information; and popular online dating websites, PlentyOfFish and eHarmony, have also been victims of data theft in the last two months.

Some hackers have even higher ambitions than just collecting contact data. In early February, the operator of the Nasdaq Stock Exchange, the largest electronic trading platform in the United States, found “suspicious files” on its U.S. servers which led to the discovery of repeated attempts over the past year to access confidential information.

SafeCentral can protect your business and can secure an entire organization from malware including screen scrapers, key loggers and DNS redirects. SafeCentral protects a company’s VDI, SSL VPN and Cloud Service from malware that may be infecting local PCs used to access these secure areas.

To learn more, sign up for SafeCentral’s Enterprise Webinar on Cloud and Remote Endpoint Data Loss Prevention, on Wednesday, April 6, 2011 at 2:00 p.m. Hosted by SafeCentral’s CTO Ray Dickenson. The webinar will discuss the following

• New areas of risk for your customers
• How cybercriminals are getting access to retail and wholesale banking customers' accounts
• How you can proactively stop malicious attacks

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

*TripAdvisor is a worldwide forum where anyone can contribute hotel reviews. The 18 websites that operate in 27 countries under the TripAdvisor Media Group — which is owned by Expedia Inc.

Stopping Online Account Fraud

Online banking platforms have been implemented as a more efficient channel for banking transactions. However, these web-based applications are exposed over the Internet making their users an appealing target for mal-intended individuals.

Security for online banking primarily uses encryption—a form of invisible coding and firewalls to protect information from third parties. Typically, a password and personal identification number are required to login to an online bank account. Most banks offer additional protections, such as automatically logging off of their site after several minutes of inactivity or when you leave the site without logging out of your online bank account.

Reputable banks have security measures in place to secure both the personal and financial data stored in online accounts. However, data security is a serious concern for both banks and consumers, especially following a reported rise in identity theft over the past few years. Banks are constantly challenged to implement anti-fraud measures to protect financial accounts from a host of potential security breaches.

As malware and cybercrime attacks, increasingly targeting small to mid-size businesses, online account fraud is becoming a major problem for commercial banks. There have been discussions and even pending lawsuits to determine whether the responsibility for providing adequate security and loss recovery lies with the banks or the enterprises.

SafeCentral’s WebProtection™ for Commercial Banking authenticates participants and combines a locked-down desktop with a certified, encrypted connection to make online banking as safe as possible: 

• Actively protects desktop PC from malicious agents (such as keyloggers and screen scraping trojans) by intercepting the low-level Windows commands that allow those agents to function
• Rescues the user from the perils of the local network (Wi-Fi, man-in-the-middle attacks) by establishing an encrypted, certificate guaranteed link with a secure DNS server
• Routes the user to the bank’s site directly through secure DNS
• Provides visual cues with a locked down desktop, simplified browser, and cooperation with existing authentication methods (Site Key, certificates, etc.) to thwart phishing and other attacks
• Prevents application tampering by restricting application execution privileges
• Operates independently of signatures or databases, ensuring up-to-date protection at all times
• Integrates seamlessly with traditional desktop security measures (e.g., anti-virus, anti-spyware, etc.) and existing authentication schemes with little or no effort
• Can protect any type of financial online transaction, including banking, online trading, tax filing and the like

To learn more, sign up for SafeCentral’s Commercial Banking Webinar on Stopping Online Account Fraud, on Wednesday, March 23, 2011 at 2:00 p.m. Hosted by SafeCentral’s CTO Ray Dickenson. The webinar will discuss the following:

• New areas of risk for your customers
• How cybercriminals are getting access to retail and wholesale banking customers' accounts
• How you can proactively stop malicious attacks

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

How Secure Is Your Business?

With the onslaught of new malware that’s being created and distributed every day, new and inventive phishing schemes, and other ways cyber criminals have to get in to your endpoint data and accounts, how secure do you think your business is?

Small and Mid-size businesses that may not have a dedicated IT department can have a hard time keeping up with the latest happenings in online security, especially with the new trends of cloud computing and virtual environments.

We wanted to do our share to help and decided to write up a quick checklist to help you evaluate the security status of your business. The checklist should help you keep your documents and your personal account information secure.

Checklist:

1. Do you have policies in place for the following:

1. restricted critical data access to only the people who need it?
2. proper and safe disposal of any documents with critical or personal identifying information?
3. what types of network activities are allowed and which ones are prohibited?
4. secure email and other electronic communication?
5. network access by outside devices such as laptops or phones?
6. remote access for employees accessing the network from remote locations?

2. Have you educated your employees of the importance of password security and how to stay secure when conducting transactions online?

3. Do you have the following technologies in place:

1. Firewalls?
2. Secure wireless network?
3. Up to date anti-virus and malware protection?
4. Intrusion prevention?
5. Identity Management?
6. SafeCentral’s WebProtection™?

4. Do you have a contingency plan in the case of a data breach for who is responsible for handling it and how to contact your customers or anyone else affected by the breach?

5. Finally, we recommend that if you don’t have the skill set in place to properly secure your business information, hire a security specialist. It is a lot cheaper to secure your business properly than the cost of cleaning up a data breach when you consider both monetary repercussions and your reputation.

Another great way to check the status of your antivirus software, firewall protection, and the web security status of your computers is to download the WebAdvisor™. WebAdvisor™ is a free diagnostic tool that runs a complement to any existing security software and does not negatively impact the performance of your computer.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

What Is Keylogging?

We were excited to see the term “keylogging” mentioned in the mainstream a couple of weeks ago when it was actually featured in an episode of “The Good Wife” on CBS, starring Juliana Margulies. In the TV show, keylogging software was found on her computer as someone was trying to uncover secrets and spying on the TV shows ‘Alicia’.

It’s great that malware like keylogging is mentioned on TV making the public more aware of its existence, still there are many who will do not realize that this threat is very real and very common. What do you really know about keylogging?

Keylogging is actually completely legal software that many businesses use to track their employees computer activities and that parents use on their kids’ computers. The problem is that cybercriminals use keylogging as a tool to break into people’s computers and get their personal information to then commit identity theft or online account fraud.

The term keylogger is neutral and describes how the software functions, namely monitor and log all keystrokes. It doesn’t have to be software; it can also be a device. Many keyloggers hide themselves in the system which makes them fully-fledged Trojans. Keyloggers are now the most-used method in the theft of confidential information.

Cybercriminals will plant keylogging viruses on fake websites or package them in fake downloads and once you access it, it will infect the user’s computer. Once infected, the keylogging virus will start tracking the user’s computer activities and discover confidential information such as passwords, user names, personal information, and more. This information will then be used to access the victim’s bank account to steal funds or to steal the victim’s identity.

A great way to prevent keylogging viruses and something ‘Alicia’ in The Good Wife could have used on her computer is SafeCentral’s WebProtection™.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.