Tag Archive for Symantec

| February 12, 2015
Comments Off on 25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Doc'sMore than 25% of file-sharing service users report still having access to work documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider.

uncontrolled file-sharingAccording to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the work place from these practices are obvious. An Egnyte presser claims The survey results illustrate a major exposure for today’s businesses when it comes to the transfer and storage of data through unapproved and insecure cloud-only file-sharing services.

The new survey uncovers deep issues around the rogue usage of consumer-based cloud services and illustrates the need for IT to deploy a secure enterprise-grade solution that meets the file-sharing needs of employees while protecting sensitive business data from the risks associated with insecure file sharing through the cloud

The survey found that:

  • easy to take sensitive business documents51% agree that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for work documents;
  • 46% agree that it would be easy to take sensitive business documents to another employer;
  • 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service;
  • 38% have used file-sharing services have transferred sensitive files on an unapproved file-sharing service to someone else at least once; 10% have done it 6 or more times;
  • 31% agree that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments;
  • 27% of file-share service users report still having access to documents from that previous employer.

mobile users are willing to bypass IT policiesAnother report from Workshare paints a grimmer picture for those of us tasked with protecting a firm’s intellectual property. The report titled “Workforce Mobilization” shows the true extent to which mobile users are willing to bypass IT policies and use unsanctioned applications to share large files and collaborate on documents outside of the office.

  • 72% of workers are using free file-sharing services without authorization from their IT departments.
  • 62% of knowledge workers use their personal devices for work.
  • 69% of these workers also use free file sharing services to collaborate and access shared documents.
  • At companies with fewer than 500 employees only 24% of employees using authorized file sharing solutions.

Robert Hamilton, director of information risk management at Symantec (SYMC) in Mountain View, CA also told FierceCIO a continued threat to the company’s data comes from employees who feel like they live in a “finder’s keepers” environment.

Not encouraging

The results of the survey report, entitled “What’s Yours Is Mine,” were not encouraging to IT security professionals and IT management. According to the Symantec survey of employees:

  • "finder's keepers" environment68% of their company doesn’t take proper steps to protect sensitive work information;
  • 56% do not believe it is a crime to use a competitor’s trade secrets;
  • 40% download work files to personal devices;
  • 40% plan to use old company information in a new job role.

Symantec’s Hamilton told FierceCIO:

Employees are taking increasing amounts of data outside the company, and most people do not believe using corporate data for themselves is wrong … The attitude is that ownership lies with the person that created it, not with the company that employs them.

rb-

All three of these firms sell products they claim that can stop a firm’s intellectual property from leaking out through public file-sharing services. But before you engage any firm, some basic steps should be taken.

  1. Develop a technology acceptable use policy.
  2. Include public file-sharing services in the AUP.
  3. Incorporate the AUP in the staff handbook, and make sure staff sign it before they are given network access.
  4. Train staff on the risks associated with using public file sharing services for sharing corporate documents. Risks include HIPAA violations, PII release, Malware, PCI-DSS violations, and Government “Snooping.” Only then –
  5. Engage a service provider to implement an enterprise-approved alternative to the free file-sharing services.
What's Your is Mine

Symantec Infographic

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| June 3, 2014
Comments Off on The Evolution of Backup

The Evolution of Backup

The Evolution of BackupHave you ever stopped to think about how the technology for data protection has evolved? Backup has been around, in one form or another, since 3000 B.C. It has evolved and adapted to take advantage of improvements in technology platforms. Storage vendor Axcient traces the evolution of backup technology from clay tablets to the cloud in this infographic.

Axcient traces the evolution of backup and key events in backup methods.

Axcient infographic the evolution of backup

According to CrunchBaseAxcient is an entirely new type of cloud platform. Their technology stack eliminates data loss, keeps applications up and running, and makes sure that IT infrastructures never go down.

Axcient is designed for today’s always-on business, The system replaces legacy backup, business continuity, and disaster recovery software and hardware. They claim it reduces the amount of expensive copy data in an organization by as much as 80%.

By mirroring an entire business in the cloud, Axcient makes it simple to access and restore data from any device. They claim that with a single click their app can configure failover systems, and virtualize your entire office – all from a single deduplicated copy.

rb-

The key to any successful Business Continuity Plan is a solid, verified backup plan. The impact of a major data loss on a SMB can be devastating. The actual numbers are debatable, however, it seems that a significant number of firms go out of business after a major data loss. 

There are many new ways to backup your data, from Acronis, Axcient, Barracuda (CUDA), EMC (EMC), ExagridHP (HPQ), IBM (IBM), Symantec (SYMC), Veem what is important is that you have a plan, execute it and test it. 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , , , ,
| December 12, 2013
Comments Off on Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y?Fortinet (FTNT) released a new study that says that most Gen Y staff members are thwarting their employers’ Bring Your Own Device programs. Fortinet surveyed 3,200 employees between the ages of 21 and 32 on their attitudes and practices around BYOD and found that 51 percent of respondents said they would ignore formal BYOD policies at their organization.  “It’s worrying to see policy contravention so high …” Fortinet VP of Marketing John Maddison said in the study report.

Gen Y staff

Gen YThe same Fortinet survey revealed that 55 percent said they have been the victims of cyberattacks on their desktops or laptops. The respondents noted that those attacks had affected their productivity and potentially cost them corporate or personal data.

FierceCIO provides another example of staff’s cavalier attitude towards data security from Symantec. According to the Mountain View, CA-based Symantec (SYMC) when it comes to corporate data, employees who feel like they live in a “finder’s keepers” environment, Robert Hamilton, Symantec director of information risk management said. The firm surveyed workers in the U.S. about taking corporate data outside of the workplace if they would use company information in another job and their views on whether that constituted stealing. FierceCIO reports the results of the survey, were not encouraging to IT security professionals and IT management.

Finder’s keepers

  • Data theft40% of employees download work files to personal devices,
  • 40% of employees plan to use old company information in a new job role,
  • 56% of employees do not believe it is a crime to use a competitor’s trade secrets,
  • 68% of employees say their company doesn’t take proper steps to protect sensitive information.

Mr. Hamilton summarized, “The attitude is that ownership lies with the person that created it, not with the company that employs them.” He says companies need to do a better job of safeguarding data from employees, especially with the growing popularity of BYOD. Symantec noted,

Only 38 percent of employees say their managers view data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies

File sharingA survey by mobile file-sharing app provider Workshare provides more evidence of how employees flaunt IT policies by using free file-sharing services to store and share corporate documents from their mobile devices. FierceMobileIT reports that the firm’s survey revealed that 81% of employees access work documents from their mobile devices. A disturbing 72% of workers are using free file-sharing services without authorization from their IT departments.

Fiberlink recently conducted a survey of its customers about what apps they are blacklisting and whitelisting. DropBox appeared at the top of the blacklisted apps lists for both Android and iOS devices. Commenting on the results, Fiberlink CEO Christopher Clark told FierceMobileIT: “I think there are other ways besides DropBox or Box to do apps and content management.”

personal USB devicesWork documents on personal devices

Another survey, conducted by Ipsos MORI for Huddle found that 91% of U.S. office workers store work documents on personal devices, such as USB drives, and 38% store documents on consumer file-sharing services.

FierceMobileIT reports that Dropbox is the most used consumer file-sharing service for work document storage and sharing.

Patrice Perche, Fortinet’s senior Fred Donovan VP for international sales and support, said in the report:

This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage, and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed.

FierceMobileIT’s Fred Donovan warns that enterprises need to educate their employees to combat the security risks of using consumer file-sharing services. He also says that employers need to offer enterprise-sanctioned file-sharing alternatives. Otherwise, employees will continue to bypass IT policies and put corporate data at risk. Symantec’s Hamilton told FierceCIO that firms need to undergo a cultural shift if they are going to win the battle of protecting their assets from their own staff.

rb-
Sharon Nelson at Ride the Lighting sums up my thoughts on the BYOD thing.

I have never understood the arrogance of this attitude or the failure to appreciate that employers have a duty to impose rules to protect client/customer/proprietary data./proprietary data.

It is common for each succeeding generation to despair of the generation that follows it, but I confess to a certain amount of despair for a generation that is so tied to their mobile devices that they cannot balance their desire to use their devices with the duty owed to the employer to keep work data secure. In a world where young folks cannot seem to keep from checking their phones at weddings and funerals, I guess it is no wonder that they see nothing wrong with willfully disobeying rules imposed at work.

What do you think? Is your data safe from Gen Y staff?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| September 13, 2012
Comments Off on Everyone Snoops Thru Smartphones

Everyone Snoops Thru Smartphones

Everyone Snoops Thru SmartphonesMobile device users lose almost 70 million smartphones per year in the U.S., about 30 percent of all the phones in use at any given time. According to one report only seven percent of the lost smartphones are recovered. Only 57 percent had any security, but 60 percent have confidential contact lists, emails, Internet and security codes and credentials for business apps or mobile-payment services.

Symantec logoEven if an honest person finds your mobile, security company Symantec (SYMC) says that the good Samaritan will look at the confidential data stored on the smartphone while trying to return it. The study (PDF) found that 96 percent of the people who found a mobile device planted by the security vendor peeked at personal data. People who found the smartphones:

  • Clicked on an app labeled “online banking” 43% of the time
  • Tried to run a remote-access/VPN app to access the fake network 49% of the time
  • Clicked on a filed named “HR salaries” 49% of the time
  • Opened a file named “saved passwords” 57% of the time
  • Checked social networking tools and personal e-mail 60% of the time
  • Accessed a folder labeled “private photos” 72% of the time
  • Checked out something on the lost mobile device 96% of the time

Online storage company Carbonite (CARB) reports that the data on a mobile device is valuable enough and the headaches involved in recovering it are big enough that 50 percent of Americans would rather give up all of a year’s vacation time than lose all the files on their smartphones.

rb-

Even though most Americans would give up their vacation then lose the data on their mobile devices they don’t take steps to prevent other from snooping through their data. Simplistic as it seems, one password will deter most casual snoops.Identity theft data lose and embarrassment can easily be prevented by using the password screen-lock that comes with all smartphones.

How to Set a Passcode

WikiHOW explains How to Set a Passcode on the iPad to prevent people from snooping through your Apple (AAPL) iPad2.

Open the “Settings” app and tap “General Settings”. Continue by opening “Passcode Lock” in the center box of options.
How to Set a Passcode on the iPad - Step 1

Scroll until you find the “Passcode” option, then tap it. If this is your first time enabling a passcode, “Turn Passcode On” will be the only selectable option. If your iPad supports Touch ID, this option will be called “Touch ID & Passcode.”

How to Set a Passcode on the iPad - Step 2

Turn Passcodes on by tapping the “Turn Passcode On” option.

How to Set a Passcode on the iPad - Step 3

Enter a six-digit passcode of your choosing. You’ll need to enter it again exactly the same way on the next screen to verify. Be sure that it is a combination you won’t easily forget, as well as one that is also hard for others to figure out. This has increased from 4 – 6 characters since I first posted this article in 2012.

How to Set a Passcode on the iPad - Step 4

Re-enter the passcode. Pay close attention as you type to avoid mistyping the passcode. If both your new passcodes match each other, you’ll be taken back to the “Passcode Lock” screen.

How to Set a Passcode on the iPad - Step 5

Press the lock button to lock your iPad. You still need to confirm that your passcode is active.

How to Set a Passcode on the iPad - Step 6
Swipe right on your iPad’s screen, then enter your passcode. Your iPad is now passcode-protected!You can change or remove your passcode at any time in the “Passcode” menu.

How to Set a Passcode on the iPad - Step 7

rb-

Apple has updated this process since I first wrote about putting a lock on your iPad in 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| August 2, 2012
One comment

Malware Launches Massive Print Jobs

Malware Launches Massive Print JobsIf your printers start printing garbage characters until they run out of paper, it’s a sure sign your network has been hit by the Milicenso Trojan malware. Help Net Security reports that Symantec (SYMC) researchers have found that the garbled printouts are just a side effect of the infection and not its goal. The malware’s last variants have an extremely low detection rate – only 4 of the 42 solutions used by Virus Total detect them at the moment.

Trojan horse malwareThe article says the Milicenso Trojan is actually a backdoor used to deliver other malware on the affected machines. The infection vectors are links and malicious attachments in unsolicited emails, as well as websites hosting malicious scripts that trigger the download of the Trojan. “The Trojan creates and executes a dropper executable, which in turn creates a DLL file in the %System% folder”, shared the Symantec researchers.

The heavily encrypted DLL file creates a number of EXE and DLL files and uses a number of routines to discover whether the execution environment is a virtual machine, public malware sandbox or a black-boxing site. The Trojan also drops a piece of adware, whose aim is to serve as a decoy for AV solutions present on the machines. The blog says the  Adware.Eorezo has only one goal: to point Internet Explorer to an ad-relater URL.

Sandbox environmentHelp Net Security explains the malware triggers the massive printing by exploiting the Windows default print spooler directory. “During the infection phase, a .spl file is created in [DRIVE_LETTER]system32Spool PRINTERS[RANDOM].spl. Note the Windows’ default print spooler directory is %System%spoolprinters.”

The researchers explained “The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs.”

rb-

I have written about the risks of copiers and printers here and here. I’m sure someone will figure out how to use this malware as a direct DOS on printers, and not as a side effect.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »