Dec 15

Nearly one-third SMEs don’t emphasize on data secure backup

According to the survey conducted by the Internet and Mobile Security Organization AVGTechnologies, most companies hadn’t noted real value of their data. The result of the test showed that 37% of small business manager spent more time on tidying up desks and ordering new business cards rather than doing backup for data. This survey was give to 500 U.S. small businesses managers, and the result showed that although most (75%) businesses relied on automatic backup system, about a quarter (24%) of businesses didn’t require employees to back up data at least every week. However, 30% of respondents thought that more than half of their data were critical data.

 

Given that small business claimed that more than half of the data were sensitive data, the loss of employees’ mobile devices should attract more attention. In fact, about half of small businesses said they had experienced the loss of mobile devices. Interestingly, the survey showed that many small businesses management staff didn’t think employees’ mobile devices contained a lot of sensitive data. They cared more about the security of data transferred to cloud. When asked about cloud-based backup, 64% of small and middle enterprise said security was the issue they cared about most.

 

And the results of the survey can be concluded as below:

 

1. Compared with backup data in UK (22%) and US (21%), a substantial proportion of small and middle businesses often spend more time on tidying up desks and ordering new business cards, which is not even the most conventional computer-related work. 43% of UL companies and 53% of US companies said they spent more time changing passwords.

 

2. When it comes to cloud backup, security is still a most concerned issue. Other key issues include the cost, data recovery and lack of control.

 

3. Most small businesses have not experienced mobile device data loss, but they are approaching (51% in UK, 53% in US).

 

4. Most SMEs (62% in UK, 66% in United States) are confident that they can prevent data loss when employees leave the company.

 

5. Most small businesses (59% in UK, 54% in the US) still don’t require employees to back up daily. A considerable number of backup data (68% UK, 75% of the United States) is operated by IT automation systems.

 

6. When it comes to mobile device data, only 1-10% of employees of about one-third of SMEs (32% in UK, 34% in the US) go out of office at least once a week. On the other hand, mobile devices are increasingly used to work, and only a small number of companies said 80% -100% of their staff go out of office one day a week.

 

7. When the device is lost or stolen, 39% of UK businesses and 41% of US companies priority is to ensure that data cannot be viewed by an unauthorized third party. That’s why you need to protect files in drive with password and configure different users’ permission to content in the drive.

Nov 24

Tips for Enterprise Data Protection

Classify Data Security

Over time, enterprise data will gradually increase, administrators tend to get a headache on amount of data’s backup. In fact, we need to classify data and then choose different backup methods to back up data.

Enhance administrator’s data protection awareness

Employees lack awareness of enterprise data protection, which results in enterprise data leak. Companies should train staff awareness of data protection, rationally assign permissions to administrators, strengthen enterprise personnel management system, which often yield twice the result with half the effort.

Prevent security problems caused by data overflow

Since the data grow rapidly, administrators lack awareness of that, lots of enterprise data result in insufficient disk storage space. Administrators must pay attention to status of hard drive storage space, and add hard drives when it needs them.

Pay attention to backup frequency

Some companies do unreasonable frequency on data backup. The frequency of backup also affects enterprise data security. Administrators should set proper backup frequency based on their enterprise business situation.

Disk temperature should not be ignored

The temperature of the disk is often ignored, while at most time disk temperature can well reflect the storage system stability, storage situation. A good administrator can predict disk operating status based on disk temperature.

Genuine software is essential

Some enterprises tend to utilize pirated software to build enterprise database in order to save costs. The platform based on pirate software is vulnerable to hackers, which will result in data loss. Companies should buy genuine software, and provide absolute protection on the first layer for enterprise.

Critical data adopts encryption solution

Data security risks are ubiquitous. Some classified database, business data should prevent illegal access to illegal access, modify and copy, etc. Data encryption is the most widely used, and most cost-effective and relatively most reliable method. Data encryption is an effective means to protect data from being stolen or modified in the storage and delivery process.

Sep 22

Ten tips for USB drive data leak prevention

USB storage devices are popular because of its small size and portability. Even in the enterprises they are often used for data temporary copy and share. However, precisely because it brings convenience, it also brings many risks in the aspect of data security; especially in the field of enterprise- class, as many data and information are highly classified, once they are leaked or breached, the losses caused by them might be incomparable.

So when you are using USB storage devices, how to protect enterprise data? Here, we give you the top ten tips.

1. Manage authorized devices

Software that’s responsible for devices management can help IT staffs to track USB devices connected to the network, so as to understand what data is being transferred, when the data s used. If the IT staffs can’t monitor devices’ dynamic information, sensitive data is likely to be copied or accessed by outside unauthorized staffs.

2. Block unauthorized devices

When not dealing with official business, some staffs still use USB devices to access or copy data. If the data and information is confidential, please disable all ports of unauthorized external devices. Meanwhile, strictly prevent staffs using unauthorized devices to connect to the company computer.

3. Make up USB encryption plans

Make up and implement an encryption scheme. This plan should include how to protect flash memory devices and their data transfer process, specify who can access to the company data and make up a response plan when the device get lost.

4. Provide company-approved devices

It’s necessary to not only tell staffs that they need to use encrypted drives and set password, but also provide company-approved devices. If enterprise can’t provide secure USB device and its execution policy, staffs will often adopt unsecure practices.

5. Adopt appropriate secure level

Enterprises often need to seek balance among cost control, security and productivity. Find the right secure level according to company’s budget. If you do not need military secure level, you do not need to spend too much money.

6. User training and education

Make employees understand how to safely use a variety of devices. Companies often require using secure devices, while there are still data leak incidents, which is mainly because staffs don’t use these devices, for they feel difficult to use. It’s a must to let employees fully be aware of the consequences of not using secure devices.

7. Clarify secure policy

Making up policies is only the first step, but it’s very important. Define individuals who can download data into secure drives, and create a limitation that only allows these users to access. To clarify who to obtain these devices, and how to place these devices and which type of password should be used to protect them.

8. Encrypt data

The confidential data is sent via emails or removable storage media transmission, they should be password protected before users to use them. If data is not encrypted in advance, attackers can bypass secure control and directly access these data.

9. Protect endpoints

Even the most careful users will connect infected USB to the company computer. The latest anti-virus software is critical because it ensures access networks are secure. When the USB is connected to network, it requires scanning them as soon as possible. For older Windows computers, they need to install patches to disable autorun.

10. Disable unsecure devices

A report of Ponemon institute found that even if the company will provide approved secure devices, 72% of employees still used meeting and trade exhibition drive devices, while these drives tend to spread malicious software.

Jul 28

Use Heartbeat as Password – a New Encryption Method Appears

Since now many people don’t trust the traditional passwords, some technology companies began to explore other ways to ensure people’s online account safety. Some companies invented to use brain waves or fingerprints as passwords. Now there’s a new encryption method in the world.

A wristband called Nymi can detect user’s heart rate through ECG sensor, and allows user to use own heartbeat to decrypt device. This product can be used with iPad or even cars. This product manufacturer is Bionym from Toronto, the company’s developers said using human heartbeat to unlock the device is safer than using fingerprints, facial recognition and other external means to do that.

When first time getting the device, users simply need to use finger to press on the sensor of the wristband, the sensor will automatically monitor and store the user’s heart rate. The whole process takes about two minutes, after saving the user’s heartbeat, the device will only recognize the user’s heartbeat. Ordinarily, the sizes of people’s hearts are completely different, so produced electrocardiogram is unique.

Daily use of the device is also very simple, you need to press and hold the sensor with your finger, after a few seconds, the sensor will be able to identify the user’s heart rate, and use Bluetooth technology to connected with the device that need to be controlled to unlock the device. When wristband leaves outside of the scope of Bluetooth, the device automatically locks.

Nymi even works with the gesture control feature, for example, when a user is in the car, waving can open the drive side door or rotating the wrist to open the front passenger side door. In addition, the product also has a secure payment feature, at highway toll stations users can use it to scan the device charges, and the fees will be automatically deducted from the user’s account. The wristbands can also remind users of receiving a mail or social network message by vibration, while the device vibrates, the screen will also display.

This encryption method is limited used to protect devices. We now still use traditional password most. For example, we use traditional password to protect files/folders on computer or external hard drive.

Jun 30

Best Defense is Equal to Attack

Speaking of BYOD, the best defense is attack, namely, making strategies in advance to achieve your desired results and to avoid potential risks.

BYOD (Bring Your Own Device) has stirred all walks of business processes. Some companies are fully enjoying the convenience brought by BYOD, yet some companies shy away from them. On the bright side, BYOD can potentially help companies save operating costs, help employees maintain a happy mood and improve office efficiency. But on the other hand, BYOD may also bring a series of problems and pitfalls in the various aspects of security, compatibility and so on. But through some planning and education, most of these problems and pitfalls can be avoided. We can have a look at the troubles brought by BYOD and corresponding resolutions to these problems.

Data leakage: Companies sensitive data leakage is always one of most concerned problems for companies. Employees bringing their own devices to company makes enterprise more worried. Employees may lose their smart phone or tablet; for these devices can easily be eyeing by thief. When the devices containing companies’ sensitive data get lost, the data may fall into wrong hands. One way to avoid this situation is to use file password protection program to lock sensitive data with password, and the other way is to use a remote deletion policy, namely when the employee’s mobile device is stolen, company can remotely delete the sensitive data on the remote device.

Password Leak: just like we usually carry several keys, employees’ mobile devices will store various passwords that are used to log in company’s network and applications. These passwords may exist in mobile applications, or may also be stored directly in the mobile device’s memory. Enterprises must establish a strategy to ensure that companies’ passwords won’t be stored in cache or any application in mobile device. An alternative strategy is that if employees want to save the password on the mobile device business (even login information), they need to use information/password saving application to properly encrypt them.

Productivity decline: When employees start BYOD, they will spend a lot of time on social network, chatting with friends or do other things unrelated to work. How to solve this problem? Since many devices are connected to operator’s mobile communication network, in which case the employees feel that their equipment is not bound by corporate policy. In order to avoid this situation, you should require employees’ mobile devices switch into WiFi network provided by the enterprise when entering company. 

Insufficient bandwidth: Many companies have been concerned about this problem. Most companies believe that the enterprise network bandwidth demands will be dropped after the use of BYOD, which is a big mistake. One of the advantages of BYOD is that employees also can use the mobile operator’s network networking to work when going out, but when they returned to the office, they are likely to connect desktop and their mobile devices to the corporate network, thereby increasing the burden on the enterprise network access bandwidth. Therefore, companies need to ensure that their network access bandwidth has sufficient load-bearing capacity.

Device Management: Many companies are asking how to manage a large number of mobile devices. Because of the many types of equipment, as well as different operators, companies is difficult to centrally manage all mobile devices. But what companies can do is to establish a set of network access control mechanism (NAC), and to control these devices via MAC address for each mobile device.

Over Autonomy: Once a company implemented a BYOD strategy, which’s equivalent to tell employees and users that businesses gives them a very high autonomy. Of course, this autonomy is likely to be abused by employees or network users. Therefore, even if the enterprises implement BYOD, they should let employees know that it doesn’t mean that they can use their own equipment in any activity. If necessary, you can also require employees to sign BYOD agreement confirming that they understand their mobile devices use behaviors in the enterprise are limited.

May 19

Nine mistakes enterprise often commits after data leakage

In the recent International Association of Privacy Professional (IAPP), a data and privacy protection expert from Data Breach Resolution – Michael Bruemmer lists top nine common mistakes that enterprises commit after data leakage.

When the enterprise leak their data owing to being attacked , if the enterprise fails to handle the problem, the situation will become deteriorate, which may result in secondary attack on enterprise brand and performance and even involve the enterprise into legal troubles.

1. There is no external safety management services company to assist

When the severity of data leakage exceeds the company’s processing ability, it’s better for the enterprise to have the assistance of external security services team, which is called the incident response team, such as Verizon Business, Trustwave or IBM all can provide similar service. This kind of service should be considered when making out business continuity / incident response plan.

2. There’s no external legal counsel

Currently laws and regulations are unable to effectively cover all types of sensitive personal information, hence when serious data leak incidents happen, it’s necessary to commission an external data leak related experienced lawyer unless your company’s legal department well knows all data and privacy related laws.

3. There’s no sole decision maker

Data leakage often involves multiple departments in company, and every department has its head, which always leads to low efficiency in execution. Enterprise must assign a similar CISO position, which can play a planning and coordination role in promoting the overall issue response.

4. A lack of transparent communication mechanism

A lack of transparent communication mechanism will lead to troubles, and wrong communication message will cause wrong actions, which will delay the processing speed of the entire incident and make new confusion.

After the incident response team was established, every staff in this team should be definite and provide a complete contact list for external consultants.

5. There is no communication plan

Another problem in enterprise is a lack of communication plan to communicate with the p[ublick or the media.

Enterprise should prepare a detailed and feasible media communication plan for a data leak incident. Rapid and effective media communication can avoid spreading false reports.

6. Think and plan before things happen

Data leakage incident often needs you to make decision when holding incomplete information or information is changing fast, which is somewhat similar to a hospital emergency room. Enterprise must launch contingency processing flow while data leak incident happens. Waiting to grasp the full information and then taking action will miss the best opportunity.

7. A lack of rehabilitation and correction plan after the event happens

After handling the data leakage incident, enterprise should make out a rehabilitation and correction pan to maintain good communication with consumers and stakeholders, while avoiding this kind of events from happening again. It’s helpful for rebuilding the brand and retrieve trust of customers by sharing your investment in information security technology and services with your customers and investors.

8. Provide customers with no remedy

Consumers should always be the core of intrusion response, which means that companies should notify consumers through channels such as call center to take proper measures to protect personal privacy data after the data leakage incidents happen.

9. There’s no plan to execute

Incident response plan must be constantly updated and corrected, and its implementation needs a complete team to continue to advance.

For more information about data security, you can visit: www.kakasoft.com

Dec 17

Dangers in Mobile Information Age

The development of the Internet and information technology makes people step into the information age, but with the change of the information processing terminal, people also enter the mobile information era. In this mobile era, people can use their mobile information devices to connect the network anytime and anywhere, beginning their informationalized living, office and entertainment. It’s sure that the mobile situation will continue for a long period of time, because it fit people’s hope of free.

But it is this portable mobile device that brings about information and data security issues to people. How to deal with mobile device security issues has become one of most concerned things of individuals, companies and even countries. Also due to the diversity of mobile devices and information technology, the protection solutions must keep up with them, namely is able to adapt to various possible environment and safety requirements.

Mobile Device Management (hereinafter referred to as MDM), namely management of smart phones, tablet PCs and other mobile network client. Now, MDM is an indispensable measure for enterprises, because the mobile network clients are similar to traditional computer, poor management is likely to cause a bad impact on operating safety.

Smart phones and tablet computers are developed from the PDA (Personal Digital Assistant, Pocket PC), their history is not long. They can be used as a mobile network clients, the earliest portable microcomputer appeared in the late 1990s.

Mobile + Portable= Increasing chance of stolen

Owing to the small size and portability, the stolen risk of microcomputer is significantly higher than desktop computer. Most desktop computers are larger in the volume and fixed on positions in the office, they are seldom stolen if you close the door. But because of the small size of laptops and smart phones, the stolen difficulty is sharply decreased.

Many researches show that mobile phone is now more important than our wallets for people. The reason why phones are becoming so important is that in addition to its intrinsic value, the important data stored in the phone, such as scheduling, address book, and so such private information are important.

Business people tend to store data involving many business secrets in office tablet PCs and smart phones, especially in the email. E-mail specific contents are different based on each company ‘s information infrastructure, which may include unimportant chat, and may also include customer information, corporate plans, and even the contract documents. Email possibly contains passwords of common office applications.

The most frightening thing is data. Important data may be lost due to security vulnerabilities in equipment: hackers can gain access to the device, and access the data in the device. Another way is through the phishing application. As long as you download some phishing applications, they will be able to access to the data stored in your device. Apparently, users who download these applications are insufficient of vigilance. As long as the application is free, users are willing to download; they are seldom concerned about the possibility that the data in their own equipment may therefore be compromised.

The traditional Trojan viruses can also spread on a mobile platform. Even though Apple, Google, Microsoft and other companies have considered this problem in the design of operating procedures and ensure that the factory equipment is not toxic, but it’s impossible that the program has no flaws.

As the security issues come with the development of mobile technology and IT are more and more, in order to decrease the loss caused by mobile device stolen we’d better password protect the data stored in it. If the threatening objects aim at the value of data, you can use encryption solution to protect the data.

People look for freedom, while the yearning for freedom also affects their attitudes of handling things. In the face of security issues in the information age, individuals, companies and countries need encryption technology to protect files and lock portable storage devices.

Nov 19

Master Data Leak Proof Initiative with Encryption Software

Security has always been a relative concept, data security is the same. Even though it is a relative concept, it doesn’t mean that it is not important. Data security is absolutely safe, but the secure level user can select is relative.

“Users should be free to choose secure level they need. Some users may need more Internet information exchanges, their required safety level might be a little lower, a number of special populations such as children, and they need higher secure level.

But some people who are used to use network security, data security programs for free make themselves be tied up with many software ads packages when they enjoy the free service. Such kind of security program is free, while it will grasp user’s mind and decide users secure level when they choose this free program. This is equal to give the autonomy of data secure to others, or it’s just the reason why data leakage happens so frequently.  

Currently, people are paying more and more attention to information security and personal privacy. People are gradually willing to grasp the autonomy of data leak proof, but don’t want to be controlled by others.

How can we get back our autonomy of data leak proof? Where shall we begin? The answer is the data itself, as long as you control the data itself, which is as the main body of information security, once the data has been controlled, and then the information security initiative naturally will be returned to your hands.

So what if you control data itself or ensure the security of the data itself? That is file encryption software. Choose trustworthy encryption software, use its technology to automatically choose data protection method, once you do so, you get the data defense initiative for your own data, even though you want to use other programs to further enhance the security, as long as you control the data, the data leak proof initiative is still in your hands.

Multi-mode encryption is a kind of transparent data encryption technology that can offer a variety of usage scenarios and adopt a variety of encryption strategies. In multi-mode encryption mode, the user creating secret files ways include both active and passive methods, which contains at least the following modes: specific format encryption mode, specific directory encryption mode, specific format unencryption mode, specific user unencryption mode(able to modify and check other’s secret files), particular user unencrypted mode (able to view but can’t modify other’s files), USB flash drives and other external hard drive encryption mode , Network Neighborhood network encryption mode, manual encryption, full disk encryption, etc.; these encryption modes can be assigned to different users or user groups .

This flexible encryption technology that can be selected according to the user’s own requirements just meets people’s desire for the right of choice, so that people can master data security and information security initiative.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.

Sep 16

Reuters: “Prism” Scandal Propels the U.S. Technology Industry

Reuters published an article entitled “Despite fears, NSA revelations helping US tech industry” analyzing that after the exposure of monitoring project called “Prism” implemented by the National Security Agency, it’s widely believed that the scandal will have a serious impact on the image and income of U.S. technology companies in overseas markets. But it turns out, because demands of encryption and related security services rise in overseas markets, which actually allow some U.S. technology companies to benefit a lot from the “prism” scandal.

 

The following is parts of the article:

 

Prophesies of doom

 

Shortly after Snowden’s leaked documents detailed collaboration giving the NSA access to the accounts of tens of thousands of net companies’ users, the big Internet companies and their allies issued dire warnings, predicting that American businesses would lose tens of billions of dollars in revenue abroad as distrustful customers seek out local alternatives.

 

In a federal court filing last week, Google said that still-unfolding news coverage was causing “substantial harm to Google’s reputation and business”. The company said that could be mitigated if it were allowed to comment with precision about its intelligence dealings.

 

Likewise, last month, six technology trade groups wrote to the White House to urge reforms in the spy programs, citing what it called a “study” predicting a $35 billion cumulative shortfall by 2016 in the vital economic sector.

 

That number, it turns out, was extrapolated from a security trade group’s survey of 207 non-U.S. members – and the group, the Cloud Security Alliance, had explicitly cautioned that its members weren’t representative of the entire industry.

 

Boon for encryption sector

 

As for the upside, so far only a minority of people and businesses are tackling encryption on their own or moving to privacy-protecting Web browsers, but encryption is expected to get easier with more new entrants.

 

Snowden himself said that strong encryption, applied correctly, was still reliable, even though the NSA has cracked or circumvented most of the ordinary, built-in security around Web email and financial transactions.

 

Some early adopters of encryption have senior jobs inside companies, and they could bring their habits to the office and eventually change the technology habits of the whole workplace, in the same way that executive fondness for iPhones and iPads prompted more companies to allow them access to corporate networks.

 

A week ago, Google said it had intensified encryption of internal data flows after learning about NSA practices from Snowden’s files, and consultants are urging other big businesses to do the same.

 

Stiennon said that after more companies encrypt, the NSA and other agencies will spend more to break through, accelerating a lucrative cycle. “They will start focusing on the encrypted data, because that’s where all the good stuff is,” Stiennon said.

 

Just as Snowden said, correctly applied strong encryption is still reliable. Correctly applied file encryption, folder encryption and USB encryption will useful and reliable for ordinary people and enterprise to protect their important or even confidential data. Data security isn’t a dispensable problem that we can ignore any more, for data loss and data leakage have retaliated back a bitter lesson. Complete data security management should be established in every enterprise and effective data protection should be paid more attention by individuals.