Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)
To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html
Endpoint Protector for Device Control explained in plain English
You can try it yourself today. Visit www.EndpointProtector.com
Facebook, LinkedIn, Twitter, they’re all making their way into day to day corporate life. Users share information, sometimes too much, with others. While denying the value of online networking or its potential of driving new business your way is not our goal – we do use this blog, Twitter and Facebook! – the threat is very real and it’s there. As in all things data security related, it’s either an external threat or an inside one. It’s either malware targeting social media sites, or it’s your employees who, out of lack of proper training or attention, or worse, knowingly and willingly, post classified information on such sites.
How to prevent it? The see no evil, hear no evil, speak no evil method is the first one you should stop thinking about. You can’t shut this door, we’ve stated this before, it might be crucial to growing your business. Restrict access through limited time and limited networks? Highly irrelevant. It takes a couple of seconds to post, and no matter how restrictive you are, information can spread through other users.
I was reading a Dark Reading article on the matter the other day. They quoted a survey conducted in February by Sophos showing that 62.8% of companies were concerned that employees were sharing too much information on social networks, while 66% believed employees using social networking sites endanger corporate security.
Very true! And what can you do? The solution is threefold. First, take care of the files your employees show. Make sure you restrict access to them. A white listing system would probably help you. This is only a temporary fix. Then, educate your staff. Tell them what’s fair game and what isn’t. And then, you should really start monitoring their moves. There’s a fourth solution: pray for the best outcome
The CoSoSys team attended the Provision Security Days in Brasov, Romania over the weekend. Vendor of the most innovative and effective applications for endpoint security and portable storage devices, CoSoSys was one of the event sponsors and held a presentation on critical data security, device control and linked it to the recent Obama announcement on a White House coordinated plan to prevent cyber attacks.
I’ll reproduce here one the most significant quotes CoSoSys identified in what data loss protection is involved:
“The threat to critical data systems is among ‘the most serious economic and national-security challenges’ today”
You might wonder why economic. The answer is easy: everything translates into money. Less customers, hacked bank accounts, brand trust going down the drain, it all means loss of money. A competitor getting their hands on your prototype and producing it at a faster pace means money you’ll lose (the amount you’ve already invested) and money you’ll never get.
So what does CoSoSys offer as a solution? A best of breed endpoint security, device control and DLP solution, Endpoint Protector 2009. It effectively:
- stops data loss
- prevent data theft
- stops data leakage
- keeps data safe on the road
Speaking of data theft in the office, CoSoSys also presented a video emphasizing how easily they can be prevented. Enjoy!
As you’ve probably seen on this blog, there are news about security breaches, people who’ve been affected by identity theft and fraud, billions of dollars in losses every single day. More a day in really bad cases. Although there’s a ton of information out there, individuals and companies still fail at protecting themselves against such breaches and at keeping their private data safe.
CoSoSys, leading developer of endpoint security and data loss prevention solutions, has chosen a different approach to raise awareness about the risks we face everyday: humor, namely a series of comic strips showing what can really happen. As CNET puts it, they put the fun back in security threats.
The first comic, originally published on CoSoSys’ EndpointProtector.com site shows how easy it is for an employee to copy your entire data base and take it to your main competitor. A simple thumb drive, three minutes left alone in the office, and that’s it!
But as fun and laughing are not the only goals of the strip, each of them also helps you find out what to do and how you do it. Designed to promote the company’s most popular DLP, endpoint security and device management solution, Endpoint Protector, each issue will show how everything can be prevented.
“Recent research performed in both the US and the UK shows a troubling trend: data breaches are rising in numbers and in costs as well. Millions of people have their data exposed to identity theft or fraud each year and few of those affected or those responsible of the incidents know that most of these instances could easily be prevented. Making sure that your private records and all endpoints in your network are secured is not a difficult task. That is why we are committed to put our best efforts into raising awareness and educating the public about staying safe without making any lifestyle compromises”, explained Roman Foeckl, CoSoSys CEO.
The next issues of the strip will be published each Thursday for the next 7 weeks. You can see them here or register to get them on your email. Easier if you asked me, as remembering to visit a link every week is not something I usually do.
A company hired by the Nevada Department of Public Safety to do background checks for 109 job applicants managed to loose the private data of said job seekers. According to an article in Chron.com, their private records were stored on a thumbnail drive owned by one of the hired firm employees.
Following this incident, the Department of Public Safety has temporarily suspended the use of outside vendors for background checks while it is reviewing all its processes and procedure.
Two years ago, a major security breach was reported by the US Department of Veterans Affairs. At the time, a laptop containing private data on an extremely large number of veterans had been stolen. Following the incident, strict guidelines were established in order to protect personal information and prevent such thefts and exposures from happening.
According to the Register, two years was not enough time for government agencies to implement the guidelines and comply with their security requirements.
According to a report issued by the Government Accountability Office (GAO) today, a number of agencies fell short on recommendations for securing databases, remote access, and mobile devices. All of the agencies received a downgrade in their scores for e-government progress on the President’s Management Agenda Scorecard
Of the 24 major agencies audited in the report, only 11 had established policies for logging data extracted from agency databases and for erasing the data within 90 days of extraction. Only 15 agencies had established a “time out” function for remote and mobile devices that requires user re-authentication after 30 minutes of inactivity.
The same report has revealed that 25 other security breaches occurred in a three year interval – 2004-2007 – three of them exposing private records of more than 100,000 individuals. It also states these are only the breaches accounted for, but the actual number might be far greater.
Wireless USBs, besides bringing data transfers and portability to a new level and diminishing restrictions of the traditional USB protocol, also harbor specific threats. While transfers between these portable devices and computers comes with no impressive tricks, the data the store can be easily leaked to third party PCs or devices supporting wireless transfers.
The new Endpoint Protector 2008 efficiently protects PCs from data loss, data theft and other forms of data leakage. Endpoint Protector allows the controlled use of USB devices, external hard drives, FireWire devices, CD/DVD-Readers/Writers and many other potentially harmful devices, with the goal of stopping malware, viruses and other unwanted data intrusions.
Endpoint Protector 2008 also monitors and records all data transferred to and from portable storage devices. This new feature gives IT administrators the possibility to trace all data activity regarding removable storage and endpoint devices. This file tracing option allows the prevention of possible data breaches or of data being copied without authorization.
While the client product only runs on Windows operating systems, the Endpoint Protector Server 2008 is available for both Windows and Linux platforms, addressing a wider range of working scenarios.
The state of California has recently passed a bill imposing strict measures to be taken by companies experiencing data breaches. The main purpose of the document is to make sure those affected by their private details being compromised are informed and fully aware of what’s at stake. InformationWeek provided more information on the bill:
California has already enacted a law that requires consumer notification when data breaches occur. The new bill requires companies, public agencies, and other organizations to provide toll-free numbers for credit reporting agencies so consumers can put holds on their cards, the name and contact information of the business affected, and what information may have been exposed or stolen. It also requires notices to explain when the breach occurred and the number of people affected by it.
It is only a matter of time until such measures are taken by other stated and other countries. Given the significant amounts of time and money invested in reacting to such information breaches, implementing a data leakage prevention solution seems a much wiser and cheaper way out.