Marilee-Veniegas blogMarilee Veniegas (46)   Marilee Veniegas   Essential Security Software, Inc. Unprotected Email, Can You Afford the Loss?Posted Friday, September 14, 2007 (309 days 19 hours ago.) Viewed 24 times. Every unprotected email you send should be considered public knowledge. Intercepted or received, email can be posted on a website, used for blackmail, public embarrassment, used for criminal activities and more. It’s the number one method of routing documents both within and outside company walls. Learn ways you can prevent the distribution of your organization’s outbound email. - - - - - - - - - - - People constantly exchange personal and professional unprotected emails containing confidential information often without considering the potential consequences of such transactions. Email is used both for communication and is often the preferred method of routing documents both within and outside company walls. Corporate Espionage Businesses of all sizes have succumbed to forms of corporate espionage. Some instances make the front page such as when a touted Ferrari engineer Mauro Iacconi reportedly passed wind tunnel data to Toyota(1) and Hewlett-Packard’s legal fiasco with one of its former executives Karl Kamb. Email threads show that HP attempted to gain access to computer rival Dell’s plans to enter the printer business(2). Billions(3) are spent each year on firewalls, anti-virus and other security tools to protect internal information from threats beyond the corporate perimeter. While corporate dollars are allocated for such measures, relatively little effort is given to protect email data as it travels across the internet. Outbound Email, a Valuable Commodity With all the millions of email sent each day, why would anyone want to read my emails? Internal and outbound email communications can contain your most important company secrets. Think about the many invaluable pieces of collateral kept on your firm’s computers and shared drives. Emailing any of these outside the firm could negatively impact your company’s commercial relationships, clientele and prospects. These documents represent your business’s time. Edgar Kully of Crestwood Associates, a Market Research firm in Kirkland, Washington, spoke to ESS about how this practice impacts his business: “When a client takes your proposal and passes it onto a competitor with the instructions of, ‘this is a great approach, can you duplicate it for less money?’ we are getting screwed. It’s one thing to argue price with a client, but a whole other thing when your intellectual capital is given away to make your competition smarter.”Should smaller firms take this lying down? Each time intellectual property (IP) is stolen from small and medium sized firms, it essentially puts the economy at risk. Small firms stimulate the economy and account for 99.7 percent of all employer firms(4) and are 60 to 80 percent of net new jobs annually over the last decade(5). SMBs need solutions to prevent IP from leaving its doors and inevitably affecting U.S. economic growth. Protecting SMB Assets Every time an email is sent out by an SMB, a sender must rely on luck and the mercy of its recipient for assurance that sensitive information isn’t leaked. All too often, data is “Frankensteined;” cut up, stitched together and then parceled out to the competition. Here are just a few ways your email can be stolen:
SBRM Solutions What about the cost? DRM technology which was once exclusively for large Enterprise entities and the financially privileged. These tools are becoming accessible to the small and medium businesses. SMBs no longer have to rely on luck and the mercy of its recipients to keep sensitive information protected anymore. SBRM Advantages Are SMB solutions just as good as Enterprise DRM? Small Business Rights Management (SBRM) software can be just as robust, flexible and support just as many file types as ERM (Enterprise Rights Management) solutions. Email encryption and rights management used by small and medium firms level the business playing field when going toe-to-to against their large Enterprise business. Email encryption can:
A SMB firm’s intellectual property doesn’t have to be a tool to make the competition smarter. Using an extra layer of security can be the difference between being a market leader or falling behind the competition. - - - - - - - - - - - End Notes:
Permalink Comments (0) Are There Holes in Your SOX? (Sarbanes-Oxley Compliance for Public and Private Companies)Posted Friday, January 19, 2007 (1 year 183 days ago.) Viewed 107 times. Summary: The illicit transgressions by Enron and those alike in the late 1990s, lead to regulations created to standardize the trustworthiness of financial institutions and public companies. Companies facing SOX compliance will need to consider the following: what are the best practice processes, how do these processes differ from existing practices, how should new processes be implemented, and how can short term processes be balanced with longer term strategic goals? - - - - - - - - - A World Before SOX: The enterprise world had a rude awakening after a series of well-publicized corporate financial scandals. Many stories of misappropriated corporate dollars surfaced in the late 1990s involving the likes of Enron, Tyco and WorldCom. Legislation soon responded to the multitude of gross transgressions committed by the upper echelon management of the enterprise world. Offenses committed by these industry heads ranged from extravagant multi-million dollar trips to exotic locals, large private gifts to spouses and shuffling company funds to bankroll other investments. The corporate world needed to be held accountable for its misdeeds. SOX (Sarbanes-Oxley Act) or the Public Company Accounting Reform and Investor Protection Act of 2002 came into fruition to improve corporate governance and help police possible future misdeeds. The 2002 Sarbanes-Oxley Act requires publicly traded entities to define, evaluate and document processes which lead to senior management accountability. SOX requires that audits or substantial verification controls must be in place to ensure senior management is held culpable for their financial actions. Why Should Privately Held Businesses Care About SOX? While SOX applies directly to publicly traded companies, those privately held businesses who wish to do business with businesses traded on places like the NASDQ must also become Sarbanes-Oxley compliant. Many large public corporations will simply refuse to do business with privately held companies who are not SOX compliant. Private firms who want to do business with large public entities are now also thrown into a SOX compliant landscape . SOX affects a broad range of industries who "touch" information of those traded firms, they include and are not limited to:
Who's Responsible for SOX Communication Compliance? SOX requires incoming and outgoing correspondence be monitored. Depending on the business’s structure, communication exchanges can be monitored by the Chief Compliance Officers (CCOs) Chief Information Officers (CIOs) and Chief Risk Officers (CROs). These executives are responsible for the security, accuracy and the reliability of the organization’s reporting and messaging systems. Well-groom organizations have policies set in place by their high level primary officers outlining what sorts of information may or many not be communicated outside a department and outside the organization. While these rules exist, firms often don’t take the necessary steps to make sure employees within the organization understand these rules, and their importance. What are the Key Elements of SOX Which Relate to Electronic Data Storage and E-mail Security?
What are the Holes in Your SOX Compliance? While sharing information online is a convenient luxury of e-commerce, it also creates a great vulnerability as information, data and correspondence are traded from business to business. Data and email exchange can pose both SOX compliance and privacy concerns. This errant misuse of company information isn't exclusive to U.S. companies. Staff at 18% of large UK firms gained unauthorized access to information during 2005, the report says. Nine per cent of those large firms saw staff misuse restricted information.(2) How Can Your Firm Sew Up its SOX Holes? Executive management seeking to be SOX compliant must have the fortitude and commitment to strategic planning and execution to the Sarbanes-Oxley Act's directives. The firm's CEO, CFO, CCO/CRO and CIO must cooperate and have demanding attention to detail when establishing policies to be SOX compliant. The need for creating and implementing strong electronic data and email retention policies and compliance in line with SOX has never been greater than in today's fluxing electronic business world. Email is not necessarily secure against interception. Whether or not email is encrypted in transmission depends on your software. It is therefore our policy not to send emails to you that contain identifiable information about you, your household, or business. Andy Purdy, acting director of the National Cyber Security Division of the Department of Homeland Security in a 2006 interview with CNET identifies the importance in protecting a company’s important digital assets: "small businesses and large enterprises and the government are all important when trying to reduce the cyber-risk. We're trying to raise awareness with partners of the responsibility and techniques consumers can use to help secure their systems..." (3)Before Sarbanes-Oxley, corporations saw a gross abuse of executive power at the cost of earnest growth in business. Today, stiff criminal and civil penalties for violations of securities law will be instituted against companies who do not meet SOX standards. How can private firms flourish in today's email reliant arena, while being SOX compliant. Introducing strong compliance policies in line with SOX which include firewalls, up-to-date virus protection, encryption and email anti-theft measures can help a business work cooperatively with publicly traded companies. Benefits of Email Anti-Theft Sofware Implementing email anti-theft allows a company to grow in credibility, reputation and trust; all factors which lead to increased clientele and revenue. With security measures to keep company correspondence as well as protect outbound email, SMB firms can be both prudent with their technology budgets and well-armed with the tools and resources necessary to be industry compliant. Clients will feel more secure about sharing their personal information with compliant SBM offices, paving the way to better and safer communication. - - - - - - - - - - - End Notes: 1.) Rob Preston "Time to Regulate the Regulations" Information Week, 27 February, 2006, 78. 2.) BBC News, "Firms lax on ID theft safeguards" 16 March 2006, BBC Online; URL: http://news.bbc.co.uk/2/hi/technology/4809262.stm 3.) Joris Evers, "Newsmaker: Locking down America's Net defenses" 16 February 2006, CNet New.com; URL: http://news.com.com/Locking+down+Americas+Net+defenses+-+page+2/2008-7348_3-6040223-2.html?tag=st.num
Permalink Comments (0) |
Archives:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||