Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)

To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html

The launch of the new Endpoint Protector 4 client for Linux did not pass unnoticed.

The Var Guy wrote a blog post presenting the new release and emphasizing the importance of Data Loss Prevention and Device Control solutions for mixed environments (Win, Linux, MAC).

You can read the whole article here: http://www.thevarguy.com/2012/04/10/endpoint-protector-4-adds-linux-support/

]]> http://www.endpoint-security.info/2012/04/17/endpoint-protector-4-for-linux-gets-a-warm-welcome-from-the-online-community/feed/ 0 http://www.endpoint-security.info/2012/04/10/data-loss-prevention-do-we-really-understand-it/ http://www.endpoint-security.info/2012/04/10/data-loss-prevention-do-we-really-understand-it/#comments Tue, 10 Apr 2012 15:34:24 +0000 cristina http://www.endpoint-security.info/?p=889

What is Data Loss Prevention? Is it related to technology, processes or people? Is it limited to some administrative policies and IT restrictions? These are the questions discussed in a well-documented recent article on darkreading.com.

DLP is not just an information security concern, it is not just a technical issue. DLP involves the entire organization, establishing what data is sensitive, where the sensitive data is kept, how is it accessed and used, and only after understanding these key points will they be able to define and implement a strategy for protecting and securing such data, at a level of both administrative processes and IT limitations.

In short, DLP is a business issue and it concerns technology as well as processes and people.

With the rising number of attacks and unintentional data leakage, protecting sensitive information became an essential task for any organization, regardless of its size. This is why the implementation of security controls for preventing data loss is actually the foundation for a secure business performance.

You can read more on this hot topic on darkreading.com

Endpoint Protector just launched the new versions for Ubuntu and openSUSE of its Device Control and Data Loss Prevention solution, Endpoint Protector 4. With the new launched version, Endpoint Protector is virtually platfom-independent.

Endpoint Protector 4 is available as Hardware and Virtual Appliance, with support for Windows, Mac OS X and Linux Ubuntu 10.04 LTS and openSUSE 11.4. The data and device security solution ensures a complete and proactive protection against both inside and outside threats for organizations in an easy, but highly efficient manner with seamless integration and no operating system constraints. For more details, please visit: http://www.endpointprotector.com/en/index.php/products/endpoint_protector

The European Union is planning to create and launch a European Cybercrime Centre by January 2013. The centre, a proposal of the European Commissions, will operate within Europol, the continent’s police agency and will deal with online banking fraud, attacks against smartphones and other large scale types of attacks which are directed against public services and infrastructure.
The European Cybercrime Centre will also handle other cybercrime related issues, such as the protection of social network profiles, stopping and preventing identity theft and fighting child exploitation on the internet. Although many local agencies and organizations are already dealing with these issues in one way or another, the EU want this anti-cybercrime centre to become and intelligence and coordination hub which will better direct local efforts.

“The centre would pool European cybercrime expertise and training efforts. It would warn EU countries of major cybercrime threats, of new ways to commit online crimes and identify organised cybercrime networks and prominent offenders in cyberspace,” read a EU statement. “The centre would also be able to respond to queries from cybercrime investigators, prosecutors and judges as well as the private sector on specific technical and forensic issues. It would provide operational support in concrete investigations and help set up cybercrime joint investigation teams.”

Photo by Peter Beug / Flickr

The mobile industry is no longer thriving, as it has reached a critical point due to the security concerns raised by companies trying to integrate mobile computing into their overall security framework. A fresh survey on mobile security shows this type of devices represents a critical business tool, boosting creativity, but their malfunctions or security threats need to be avoided and carefully managed.

by Frank Gruber

More than 59% of organizations already use line-of-business applications on mobile devices and 71% plan to develop custom mobile applications for their business. Also, 70% of organizations say they’re planning corporate app stores for their mobile-equipped workers.

The survey showed that mobile computing is the number one security risk cited by IT decision makers and another 41% consider it to be one of the top of three risks.

Experts behind the survey believe that mobile computing is not a new risk for enterprises, it should be included in the overall data security policies, as such devices represent just another type of endpoint connected to the network, just as PCs and laptops.

The study experts recommend that companies do not altogether block mobile computing devices for their employees. Instead they advise the to allow staffers to use them to preserve productivity but make sure they enforce the right security measures to maintain safe usage.

A simple way to create a data and endpoint security policy and easily enforce it without disrupting business policies is to use a complete device control and data loss prevention solution such as Endpoint Protector.

People who use social networks and smartphones can easily become victims of identity fraud, as shown in the 2012 identity fraud study carried out by Javelin Strategy & Research.

The US number of victims was 13% higher more than 11.6 million adults have fallen pray to identity fraud, yet the average dollar amount stolen in these incidents was about the same as the previous year. Consumers whose personal information has been compromised by corporate data breaches were the most likely victims. Persons who have received notifications of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who did not receive such a notification.

Javelin also tracked users’ online behavior to see its impact on identity fraud. “LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation”. The survey also showed users ignore warnings about social networks being heavily used by fraudsters and are still sharing a significant amount of personal information that might be used to steal their identities. One of the examples quoted in the report was business social network LinkedIn where people connect with strangers without reading carefully or paying attention to of what they are really doing.

7% of smartphone users became victims of identity fraud last year, showing a 33% higher incidence rate compared to the general public. A good way to prevent such breaches for smartphone users is to have passwords on the home screen (the study shows 62% of mobile users fail to set one), to block access to information stored on the phone. Another safety measure to prevent identity fraud is to never tick the “remember password” button to save the information on their mobile device (32% users do this). Mobile users should also never accept the invitations of strangers or use the GPS tracking locations.

A data breach caused when an Office for Nuclear Regulation official lost an USB memory containing details about safety tests at the Hartleport power plant is currently being investigated by the authorities. While the memory stick was caring only safety “stress-test” not “significantly sensitive” data, none of the files stored had been encrypted. The stress tests the lost portable device stored are currently being carried out at European nuclear power plants in an attempt to prevent future disaster, like the nuclear disaster at Fukushima power plant caused by the Japan earthquake last year.

According to an official ONR statement, the reports contained by the memory stick would have been made public after their completion, yet the office completely forbids the use of unencrypted devices for transporting documents with security classification. This means that the official responsible for the breach has broken ONR security regulations. The Hartlepool plant, operated by EDF Energy, confirmed the lost USB stick did not have important data. They also mentioned that when they would have been published, the results of the tests would have been less detailed.

This is not the first such incident. Back in October 2010, a USB stick containing sensitive information about the Sellafield nuclear power plant was left in a hotel room. Moreover, the Ministry of Defence exposed secret information about nuclear submarines on its site by mistake.

The recent Hartlepool incident shows that employees will easily break a company’s or institution’s security policies. That is why it is highly recommended to use a cross-platform portable data encryption solution such as EasyLock 2 to enable employees to easily encrypt data when carrying it on portable devices. EasyLock 2 makes data transfers safer and easier and also takes the hassle out of encryption tasks.

If you still believe your employees will not take the time to encrypt sensitive information when storing it on USB sticks and other portable devices, we recommend usign EasyLock 2 with the endpoint security and data loss prevention solution Endpoint Protector, thus forcing encryption of all data in transit. Forgetful or simply lazy staffers will no longer be a problem.

99% of small healthcare organizations in North America suffered a data breach in the past 12 months and more than 70% do not have enough budget to invest in risk management solutions to be able to comply with legal requirements and industry standards. These are the key findings of a new survey by the Ponemon Institute.

The Ponemon Institute surveyed more than 700 IT and administrative professionals in healthcare organizations that employ a maximum 250 people.

“Cybercriminals are hunting for medical records,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The most serious issue is just the complacency small healthcare providers seem to exhibit with respect to securing patient records.”

Of the many security breaches reported by these organizations, about 29% admittedly resulted in medical identity theft. While risk management budgets are low, about half of respondents said a maximum of 10% is allotted to acquiring data security solutions. it’s no wonder the data security budgets are so low when just 31% of organizations consider data security and privacy a priority.

Almost 75% of healthcare companies allow their employees to access business or clinical applications on their laptops, smartphones and other portable devices. Half of the employees state they use them at work but only a quarter have any security solutions installed.

Although budgets for data security and preserving patient privacy are low, while the number of breaches are high, most of the survey respondents actually believe that their organizations are taking the right measures to comply with the HIPAA standards.

Highly experienced professionals are very hard to find, as enterprises have to go through lengthy processes to hire security experts who, although very experienced, are rather rare. Organizations that work with more than 2000 members report increases in salary and number opportunities to grow and ascend for trained and experienced security professionals, despite the slow economic environment. These are the key findings of the (ISC)2 2012 Career Impact Survey.

According to the survey, 96% of security professinals are currently employed and only as low as 7% of information security professionals were unemployed at any point during the last year. Moreover, over 70% or respondents received a salary increase in 2011 and more than half expect to receive an increase in 2012. More than half of those who changed jobs said they did so because they had opportunities for advancement.

While security professionals thrive, the tight market for skilled experts of the field is making life difficult for enterprises that need to hire them, the study shows. Security is a priority staffing need with 72% of respondents saying their organization hired individuals specifically for information security roles in the past year. Also, 62% reported that they are looking to hire additional permanent or contract information security employees in 2012.

However, hiring can be a lengthy process, taking up to 3 months to find the right security expert. In what the difficulties that employers have in choosing the right candidate are concerned, 50% describe the process as “somewhat” difficult and 29% found it “very” difficult.