Writers' Community!

Search:

Writers' Community!

SearchWarp Home Submit An Article Frequently Asked Questions Contact Author Login

Marilee-Veniegas blog

Marilee Veniegas (46) Unverified Account
Marilee Veniegas
Marilee Veniegas blog View Bio for Marilee Veniegas
Essential Security Software, Inc.

Unprotected Email, Can You Afford the Loss?

Posted Friday, September 14, 2007 (309 days 19 hours ago.) Viewed 24 times.

Summary:
Every unprotected email you send should be considered public knowledge.  Intercepted or received, email can be posted on a website, used for blackmail, public embarrassment, used for criminal activities and more.  It’s the number one method of routing documents both within and outside company walls. Learn ways you can prevent the distribution of your organization’s outbound email.
- - - - - - - - - - -
People constantly exchange personal and professional unprotected emails containing confidential information often without considering the potential consequences of such transactions.  Email is used both for communication and is often the preferred method of routing documents both within and outside company walls.

Corporate Espionage
Businesses of all sizes have succumbed to forms of corporate espionage. Some instances make the front page such as when a touted Ferrari engineer Mauro Iacconi reportedly passed wind tunnel data to Toyota(1)  and Hewlett-Packard’s legal fiasco with one of its former executives Karl Kamb.  Email threads show that HP attempted to gain access to computer rival Dell’s plans to enter the printer business(2).

Billions(3)  are spent each year on firewalls, anti-virus and other security tools to protect internal information from threats beyond the corporate perimeter.  While corporate dollars are allocated for such measures, relatively little effort is given to protect email data as it travels across the internet.

Outbound Email, a Valuable Commodity
With all the millions of email sent each day, why would anyone want to read my emails?  Internal and outbound email communications can contain your most important company secrets.  Think about the many invaluable pieces of collateral kept on your firm’s computers and shared drives.  Emailing any of these outside the firm could negatively impact your company’s commercial relationships, clientele and prospects.

These documents represent your business’s time.  Edgar Kully of Crestwood Associates, a Market Research firm in Kirkland, Washington, spoke to ESS about how this practice impacts his business:
“When a client takes your proposal and passes it onto a competitor with the instructions of, ‘this is a great approach, can you duplicate it for less money?’ we are getting screwed.  It’s one thing to argue price with a client, but a whole other thing when your intellectual capital is given away to make your competition smarter.”
Should smaller firms take this lying down?  Each time intellectual property (IP) is stolen from small and medium sized firms, it essentially puts the economy at risk.

Small firms stimulate the economy and account for 99.7 percent of all employer firms(4) and are 60 to 80 percent of net new jobs annually over the last decade(5).  SMBs need solutions to prevent IP from leaving its doors and inevitably affecting U.S. economic growth.

Protecting SMB Assets
Every time an email is sent out by an SMB, a sender must rely on luck and the mercy of its recipient for assurance that sensitive information isn’t leaked.  All too often, data is “Frankensteined;” cut up, stitched together and then parceled out to the competition.

Here are just a few ways your email can be stolen:
  1. Insider leaks and redistributing sensitive content.
  2. Corporate scanning of outbound and inbound email content - insiders may be tempted to gain access to the companies email logs, thereby compromising executive and other departmental communication.
  3. Interception at the ISP server level- it is possible for an ISP insider to get a hold of your email and attachments.
  4. Cross-border interception - when emailing internationally there are often few legal safeguards to keep your email and attachments from being hijacked.
  5. Interception of your wireless (WiFi) signal
  6. Access to your email account is stolen
The only way to truly prevent your email from being intercepted and redistributed is to use email encryption with rights management controls (also referred to as DRM). Email encryption with robust controls like rights management ensures the secure transfer of email and attachments between sender and recipient.

SBRM Solutions
What about the cost?  DRM technology which was once exclusively for large Enterprise entities and the financially privileged. These tools are becoming accessible to the small and medium businesses.  SMBs no longer have to rely on luck and the mercy of its recipients to keep sensitive information protected anymore.

SBRM Advantages
Are SMB solutions just as good as Enterprise DRM? Small Business Rights Management (SBRM) software can be just as robust, flexible and support just as many file types as ERM (Enterprise Rights Management) solutions.  

Email encryption and rights management used by small and medium firms level the business playing field when going toe-to-to against their large Enterprise business.

Email encryption can:
  • Enable small businesses to quickly send protected email and files to anyone with an e-mail address and a PC, securing email privacy between intended recipients.
  • Provide encryption to ensure safe transit of email, ensuring both sender and recipient is legitimate.
  • Prevent forwarding, editing, cut/copy/paste, printing, and print screen capture. Also allows sender to set access dates to sensitive data.
  • Ensure compliance with HIPAA and other data privacy legislation.

A SMB firm’s intellectual property doesn’t have to be a tool to make the competition smarter.  Using an extra layer of security can be the difference between being a market leader or falling behind the competition.

- - - - - - - - - - -

End Notes:
  1. Leyden, John “F1 enfineers plan appeal in Ferrari espionage case,” The Register, http://www.theregister.com , 30 April, 2007.
  2. Sandovall, Greg, “HP wins restraining order against former executive,” CNET News.com, http://www.news.com , 26 January 2007.
  3. Heiman. Richard V. and  Anthony C. Picardi  “Worldwide Software 2005-2009 Forecast Summary”, IDC, August 2005 http://www.idc.com/getdoc.jsp?containerId=33783 1 December, 2005
  4. SBA Office of Advocacy, “Frequently Asked Questions [pdf document] ” October 2005, http://www.sba.gov/advo, 1.
  5. Ibid.

        Comments (0)


Are There Holes in Your SOX? (Sarbanes-Oxley Compliance for Public and Private Companies)

Posted Friday, January 19, 2007 (1 year 183 days ago.) Viewed 107 times.

Summary:

The illicit transgressions by Enron and those alike in the late 1990s, lead to regulations created to standardize the trustworthiness of financial institutions and public companies. Companies facing SOX compliance will need to consider the following: what are the best practice processes, how do these processes differ from existing practices, how should new processes be implemented, and how can short term processes be balanced with longer term strategic goals?

- - - - - - - - -

A World Before SOX:

The enterprise world had a rude awakening after a series of well-publicized corporate financial scandals. Many stories of misappropriated corporate dollars surfaced in the late 1990s involving the likes of Enron, Tyco and WorldCom. Legislation soon responded to the multitude of gross transgressions committed by the upper echelon management of the enterprise world.

Offenses committed by these industry heads ranged from extravagant multi-million dollar trips to exotic locals, large private gifts to spouses and shuffling company funds to bankroll other investments. The corporate world needed to be held accountable for its misdeeds. SOX (Sarbanes-Oxley Act) or the Public Company Accounting Reform and Investor Protection Act of 2002 came into fruition to improve corporate governance and help police possible future misdeeds.

The 2002 Sarbanes-Oxley Act requires publicly traded entities to define, evaluate and document processes which lead to senior management accountability. SOX requires that audits or substantial verification controls must be in place to ensure senior management is held culpable for their financial actions.

Why Should Privately Held Businesses Care About SOX?

While SOX applies directly to publicly traded companies, those privately held businesses who wish to do business with businesses traded on places like the NASDQ must also become Sarbanes-Oxley compliant.

Many large public corporations will simply refuse to do business with privately held companies who are not SOX compliant. Private firms who want to do business with large public entities are now also thrown into a SOX compliant landscape .

SOX affects a broad range of industries who "touch" information of those traded firms, they include and are not limited to:

  • Attorneys
  • Accountants and Auditing Firms who review company financial statements
  • Brokers or dealers and their employees
  • Security companies handling electronic transactions
  • International businesses who operate in the United States
Acceptance of SOX by private companies is not an issue, as "73% of private company CEOs said SOX has done at least a decent job of improving financial governance and transparency for public companies."(1)

Who's Responsible for SOX Communication Compliance?

SOX requires incoming and outgoing correspondence be monitored. Depending on the business’s structure, communication exchanges can be monitored by the Chief Compliance Officers (CCOs) Chief Information Officers (CIOs) and Chief Risk Officers (CROs). These executives are responsible for the security, accuracy and the reliability of the organization’s reporting and messaging systems.

Well-groom organizations have policies set in place by their high level primary officers outlining what sorts of information may or many not be communicated outside a department and outside the organization. While these rules exist, firms often don’t take the necessary steps to make sure employees within the organization understand these rules, and their importance.

What are the Key Elements of SOX Which Relate to Electronic Data Storage and E-mail Security?

  • SOX Section 404: Financial spreadsheets and reports must be safeguarded from being falsified or accidentally or deliberately redistributed.
  • SOX Section 409: Real time disclosure of material that impacts the company’s finances must be reported within 48 hours
  • SOX Section 802: Guarantees that documents and records are not altered
  • SOX Section 1102: Corrupting, altering, mutilating, destroying or concealing records are violations. Those found guilty of obstructing an investigation or official proceeding will face 20 years in prison and fines.
The Sarbanes-Oxley Act focuses on corporate governance, accountability and the reporting practices of publicly held companies. Yet the act also impacts private firms that one day might become public and those who do business with publicly traded companies.

What are the Holes in Your SOX Compliance?

While sharing information online is a convenient luxury of e-commerce, it also creates a great vulnerability as information, data and correspondence are traded from business to business. Data and email exchange can pose both SOX compliance and privacy concerns.

This errant misuse of company information isn't exclusive to U.S. companies. Staff at 18% of large UK firms gained unauthorized access to information during 2005, the report says. Nine per cent of those large firms saw staff misuse restricted information.(2)

How Can Your Firm Sew Up its SOX Holes?

Executive management seeking to be SOX compliant must have the fortitude and commitment to strategic planning and execution to the Sarbanes-Oxley Act's directives. The firm's CEO, CFO, CCO/CRO and CIO must cooperate and have demanding attention to detail when establishing policies to be SOX compliant. The need for creating and implementing strong electronic data and email retention policies and compliance in line with SOX has never been greater than in today's fluxing electronic business world.

Email is not necessarily secure against interception. Whether or not email is encrypted in transmission depends on your software. It is therefore our policy not to send emails to you that contain identifiable information about you, your household, or business.

Andy Purdy, acting director of the National Cyber Security Division of the Department of Homeland Security in a 2006 interview with CNET identifies the importance in protecting a company’s important digital assets:

"small businesses and large enterprises and the government are all important when trying to reduce the cyber-risk. We're trying to raise awareness with partners of the responsibility and techniques consumers can use to help secure their systems..." (3)

Before Sarbanes-Oxley, corporations saw a gross abuse of executive power at the cost of earnest growth in business. Today, stiff criminal and civil penalties for violations of securities law will be instituted against companies who do not meet SOX standards.

How can private firms flourish in today's email reliant arena, while being SOX compliant. Introducing strong compliance policies in line with SOX which include firewalls, up-to-date virus protection, encryption and email anti-theft measures can help a business work cooperatively with publicly traded companies.

Benefits of Email Anti-Theft Sofware

Implementing email anti-theft allows a company to grow in credibility, reputation and trust; all factors which lead to increased clientele and revenue.

With security measures to keep company correspondence as well as protect outbound email, SMB firms can be both prudent with their technology budgets and well-armed with the tools and resources necessary to be industry compliant. Clients will feel more secure about sharing their personal information with compliant SBM offices, paving the way to better and safer communication.

- - - - - - - - - - -

End Notes:

1.) Rob Preston "Time to Regulate the Regulations" Information Week, 27 February, 2006, 78.

2.) BBC News, "Firms lax on ID theft safeguards" 16 March 2006, BBC Online; URL:

http://news.bbc.co.uk/2/hi/technology/4809262.stm

3.) Joris Evers, "Newsmaker: Locking down America's Net defenses" 16 February 2006, CNet New.com; URL: http://news.com.com/Locking+down+Americas+Net+defenses+-+page+2/2008-7348_3-6040223-2.html?tag=st.num


        Comments (0)


 


Archives:

July 2008
M T W T F S S
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
« Jun
   


All Posts by Marilee Veniegas

Home  |  FAQ's  |  Contact  |  Terms of Service  |  Article Submission Guidelines  |  Reprint Rights  |  Article Categories  |  Writers' Contests  |  Privacy  |  Mission / About
Copyright © 1999-2008 SearchWarp.com, All Rights Reserved - SearchWarp.com is an IcoLogic, Inc. Company