By ADuch -

What can we take away from the recent Zappos breach? Lucky for us, InformationWeek listed 8 lessons that all businesses should learn from the Zappos situation.

Lesson 1: Advance planning mitigates breach fallout

Lesson 2: Create a response plan in advance

Lesson 3: Issue a clear, timely warning

Lesson 4: Secure stored credit card data

Lesson 5: Notify customers in multiple ways

Lesson 6: Think of non-U.S. customers

Lesson 7: Tap external sites if necessary

Lesson 8: Pick the right breach support channels

For more details on each rule, please visit InformationWeek or click here.

By ADuch -

With the year winding down, more breaches and attacks have surfaced and made headline news. To solve this issue, companies should tighten up their security and be more cautious of their surroundings and how they transfer valuable data. Losing personal and/or sensitive data and having it in the wrong hands can crumble a company. Therefore, it is extremely important to enforce and follow all security practices at all times.

In recent news, another major corporation has reported it was the target of a cyber attack. On November 3, 2011, Adidas became aware of the attack and immediately took action. They took down any site that was affected, left a message apologizing to their users, and then added in data security measures to their websites.

Some of the websites that were taken down include adidas.com, reebok.com, miCoach.com, adidas-group.com, and several other local ecommerce shops. Although all these sites were affected, there was no evidence shown of any stolen data.

Following the attack, Adidas left a message. “Nothing is more important to us than the privacy and security of our consumers’ personal data. We appreciate your understanding and patience during this time.”

To read the full story and learn more about the cyber attack on Adidas, visit UK’s ITPro.

http://www.itpro.co.uk/637204/cyber-attack-drives-adidas-websites-offline

By ADuch -

Many companies in 2011 have been hit by high level attacks and breaches by malicious hackers. How are these organizations being targeted, and how are hackers penetrating their networks? It all starts with the lack of security awareness by individuals at a company.

In a recent article by Computer Weekly, Lieberman Software conducted a survey with 300 international IT professionals. The survey showed that:

• 50% of the respondents have worked for a company that have not changed their privileged passwords
• 50% of the respondents have worked for a company that have had its computer networks breached
• 42% of the respondents were aware that an IT staff was sharing passwords with others and giving them access to several systems
• 26% of the respondents knew of an IT staff abusing a privileged login to gain access to sensitive data

These results show that senior management need to enforce and pay attention to basic IT security practices. This means to constantly change passwords when you can, and to limit and/or lock down access to any systems that carry sensitive data. These little things will increase security and help keep hackers away.

Read the full story at ComputerWeekly.com and get more stats from the survey.

http://www.computerweekly.com/Articles/2011/10/18/248187/Password-chaos-linked-to-network-breaches-survey-finds.htm

By DCarmody -

In the wake of the 2010 Wikileaks controversy, the United States Congress ordered the Office of the Director of National Intelligence to conduct an audit of all the security clearances granted by the US Government.   The results were surprising to some.  A total of 4.2 million people – which the Washington Post notes “rivals the population of metropolitan Washington” – have active security clearances to access government-classified data.

Although we’re just learning of this report, the numbers are dated to October 2010, which means this number has most likely grown over the past 11 months.  It also dwarfs some experts’ expected numbers, raising some concerns about the security of our nation’s important data.

Others don’t think this number is high – and argue that it is a result of increased Government secrecy in the recent years.  Additionally, figuring all military personnel and the entire workforces of the FBI and CIA agencies will have some level of clearance, the number seems much more palatable.

Regardless of the number, the security of our government’s most important and sensitive data should be very closely monitored. As technology has made accessing data exponentially more efficient and immediate, the safety and security of the transfer and storage of this sensitive data should be of top priority.

Read the full article and comments favoring both sides over at the Huffington Post: http://www.huffingtonpost.com/2011/09/20/security-clearances-government-classified-information_n_972492.html

By ADuch -

Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.

In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.

To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.

Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.

As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.

For more on this story, follow gizmodo and their latest posts on Security:

http://gizmodo.com/5838708/how-researchers-stole-20-gb-of-e+mail-from-fortune-500-companies

By Erik Small -

With the growing number of ‘devices’ available to us, the number of ways we can connect and share information is ever increasing.

Here is a great read from the Knowledge Transfer blog at Ipswitch File Transfer (the Planet’s parent company).

Information Sharing Wake-Up Call: Customers Now Pushing Organizations to Reconsider How They Transfer Sensitive Files

In a new report from Ipswitch, findings revealed that employees are using risky workarounds to share information and avoid corporate information-sharing roadblocks:

• Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk.  And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.

• Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information.  Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.

By Erik Small -

A quick follow-up on the Sony security breach. Ipswitch File Transfer’s Frank Kenney, VP of Global Security, offered solid advice in this NY Times article on the Sony breach:
“These attacks are a combination of Sony’s lax security and a
number of groups being very vigilant about breaking in to show how powerful
they can be,” explained Frank Kenney, vice president of global security at
Ipswitch, a company used to securely transfer files online. “What Sony has to
do is re-examine their entire security system including the type of code they
are using and the type of servers; they have to acknowledge that their brand is
at stake.”

Mr. Kenney said that no server was impervious to hackers, but a
company like Sony, with millions of credit cards and users’ personal
information on file, had a responsibility to ensure protection “equivalent to
the Department of Homeland Security’s servers is in place.” He said that the
fact that dozens of Sony Web sites and servers had been breached indicated it
was clearly a companywide problem.

“Any type of environment can be breached, but Sony has to come up
with a plan that not only protects their infrastructure, but also convinces
their customers that their credit cards and personal information is safe,” Mr.
Kenney said.

By Erik Small -

If you haven’t already heard, email marketing firm Epsilon fell victim to a security breach. The company manages millions of email addresses and campaigns for a long list of clients…like Walgreens, Target, Best Buy, Brookstone and many other big names. We don’t have details on the exact method or failure point of the security breach, but this sort of news perks our ears at FileTransferPlanet.
Read the latest post regarding the Epsilon security breach from Ipswitch’s Hugh Garber.

By Erik Small -

Wow. An incredible stat for the security market in 2010.

On many levels of FTP or file transfer, this is a staggering number of instances. What file transfer processes are being used to avoid a security breach in your small, medium or large business environment?

Check out the Knowledge Transfer blog on Ipswitch File Transfer’s corporate site for more on security breaches in 2010.

• Malicious attacks still account for more breaches than human error, with hacking at 17% and insider theft at 15%
• 39% of listed breaches did not identify the cause — Indicating a clear lack of transparency and full reporting to the public
• 49% of breaches did not list number of potentially exposed records — A clear sign of inaccuracy and incompleteness of reporting
• 62% of breaches reported exposure of Social Security Numbers
• 26% of breaches involved credit or debit cards

The full blog post from Ipswitch’s Hugh Garber: 16,000,000 reported breached records in 2010