Jan 20

Security Tips for Anti Data Leakage (2)

2. Many large enterprises also have this problem, the database administrator and the network administrator who on the earth should be given more full administrative privileges to complete their work. According to the proportion of employees, the total amount of database administrators and network administrators is also the minority of all employees. And implementing management for them is relatively simple. But there’s a vulnerability of management: whether DBA can view all the data without any limitation? Who can have the administrative privileges of copy of the database? Whether there’s no data loss threats even those who have admin privileges are trustworthy?

I recommend canceling the super administrative privileges of database administrator and network administrator, for they just need to do their own job well, and don’t have any reason to fully grasp the enterprise database administrative privileges. The responsibilities of these IT management staffs should be subdivided, allowing them to set user name and password for their work. These user names and passwords should be submitted to the CIO administrator, while they should be kept by password protection software but not CIO.

3. There’s another situation: some IT user may not need to have powerful privileges, but owing to their work, they need to use other people’s privileges. A typical example is a low- level data center operations staff, he may only be responsible for production scheduling environment, while some of his work may be related to database management and system administrator’s user name and password. This is a significant potential threat for any business.

This situation may seem difficult; in fact, it is not hard to solve. Let all the staffs know that all the network activities in the enterprise will be monitored, so as to prevent data leaks.

“The value of core commercial secrets is self-evident, while the number one way of core secrets leakage is the most common e-mail.” Proofpoint CEO Gary Steele thinks so.

The remarks above show the accuracy of a recent survey-according to Forrester’s survey, IT executive and managers believe that email is one way that most likely cause data leaks, particularly the confidential memo, valuable intellectual property rights and transaction information.

However, after observing a number of leaks, you will find that only a small part of these events is malicious leaks, mostly are caused by negligence.

It can’t be denied that there’re malicious data leakage issues in real life. Enterprise users should have awareness, such as using server protection software that can help companies build information protection platform to prevent inbound mail threats (such as spam and viruses ), and ensure that outbound messages comply with company policies and external regulations.

Jeff Bowling, the founder and CEO of TELXAR stressed that the best way to block data leakage is to perform a good security plan, which should include security notes about preventing service attacks and the internal network, and the network admin guide service. The following information should be included in the plan:

1 The reap time should be shown

2 Assign the login credentials and rights

3 Disable external software

4. Consider internal audit/intrusion monitoring applications

5 Lock the internal hardware components

6 Regular audition, security and resource

7 Disable USB or FireWire port

8 Set message size restrictions or/and block all attachments

9 Define a strict policy

10 Execute secrecy and confidentiality agreements

11 Determined command chain and upgrade procedure

12 Ensure secure plans and policies that managers and users understand

If you want to find enterprise data protection solution, you can visit Kakasoft for more tips.

Jan 13

Security Tips for Anti Data Leakage (1)

Whether in real life or in the virtual world of the Internet, the security issues existing in many enterprises are mostly caused by internal staff. The so-called “internal problems” doesn’t derive from hatred to enterprise, many of which are caused by unintentional faults. For example, employees visited the site linked to horse, spyware , adware, such of kind of malicious software will unknowingly downloaded to their computer, and then these programs will be spread within the enterprise network.

Harm caused by the employees to the enterprise, regardless of whether they intend to so, the results of their actions are the same: misuse of the network is likely to cause that the company information system is compromised, confidential information is stolen and the company network is congested and other issues. Once corporate trade secrets are leaked, the assets will suffer huge losses.

Data leakage is a great loss for both employees and the business.

When corporate data leaks, the enterprises are not the only one who suffers loss, the concerning staffs are also the ultimate victims.

In August 2006, the CTO (Maureen Govern) worked for America Online (AOL) resigned; the reason is that AOL had leaked 658,000 anonymous users’ about 20 million Search keyword in three months.

In addition, a researcher and his supervisor of AOL technical research department also left the company owing to data leakage. In order to quell the waves of criticism on the Internet, AOL said it would set up a special team to review the company ‘s customer privacy protection policies.

Data breaches will even make a nation suffer loss, letting the government competence being questioned – British Prime Minister Gordon Brown has been questioned for 2500 people losing information.

In October 2007, the UK HMRC lost two important data discs, in which there is 25 million people sensitive information. In the UK, child welfare subsidies are all directly deposited to the target bank account via transferring, while losing discs saved important personal information.

The losing information involves a great number of UK households, almost all families having children under the age of 16 have lost personal information, and even Prime Minister Gordon Brown family was not spared. Losing information is related to all child welfare subsidies beneficiaries, including 25 million people, 7.25 million families. Almost half of the UK’s confidential information is lost, which contains important bank account content, British Prime Minister Gordon Brown s have been strongly questioned.

Many companies make up some security policies in the database, e-mail and some other aspects of information management, but these policies are just a framework, the effects of which is questionable.

One of the most stressful things for the IT charge men is business-critical data leakage, however leak is really inevitable, because no matter how powerful the technology and equipment are, the enterprise can hardly avoid illegal invasion.

Many enterprises will assign super administrator privileges to admin, such permission is a reflection of the abuse of authority to database. The data environment with such kind of privileges is very dangerous, because it is very easy to be exploited by unscrupulous people, causing critical data loss.

Johnson offers three ideas and suggestions to adequately protect data:

1. In the enterprise, allowing IT operation staffs to assign permissions based on the actual users’ needs is a strenuous and thankless job. Many business executives require IT operation staffs to set the permission of database as “super administrator”, but this requirement is not necessarily consistent with the actual need, which makes IT operation staffs in dilemma.

However, as IT executives, even if you feel very difficult, but I still recommend you to adhere to your principle – related personnel database permissions should match their actual work right, especially you should figure out why some staffs obtain the super privileges.

The management of company must have a clear judgment in this aspect, is it better to firstly regard convenience or the safety? But from all above, we know that in order to stand out from such a competitive market environment, sound and stable security measures are imperative.

You can visit Kakasoft for more information about data security.

Jan 06

Malware CryptoLocker May Cause Millions of Dollars Loss

According to Dell safety engineering researchers’ analysis, within 100 days the encryption virus software CryptoLocker invaded at least 200,000 computers, obtaining defraud income of at least $ 380,000 and this figure may be larger.

CryptoLocker encrypted over 70 different types of files, including Microsoft Word and Excel, Adobe Illustrator and PDF files, etc. and asked the victim for $ 300 to unlock their files. In a report released in late December, security researchers conservatively estimated that in the first 100 days at least 200,000 people infected with the virus, about 0.4 percent of the victims paid the fee to CryptoLocker for the decryption key.

Data loss caused by infection of CryptoLocker poses threats and loss to thousands of companies. In the past the majority of ransom ware or rogue security software at most locks Windows desktop until the users pay extortion fees, they don’t actually encrypt or destruct the data. However, CryptoLocker uses encryption technology, which is also used to encrypt files for data security, to encrypt important files, making them unreadable unless the user pay for the decryption key.

“Compared with most ransom ware, the difference is not only the scale of destroy or the competence level of hackers, more importantly, it’s a more pathetic desperation virus: it will destroy your files, and you will eventually lose your important data if you do not pay extortion fees.” Dell’s senior security researcher Keith Jarvis said.

CryptoLocker virus first spread in early September, it disguised as consumer complaints spam emails. When you run the compressed executable file in the attachment, the program will connect to a server and retrieve an encryption key on the Internet. In this way, it encrypts more than 70 different types of files in infected computer system.

“After a series of practice, the malware authors have created a powerful and difficult to circumvent the program,” the report said.

By using this malicious software in the field of monitoring, security researchers found that in late October and early November, nearly 32,000 computer IP address were displayed that having signs of infection of the virus. In the second week of December, there are nearly 6,500 computer IP addresses that showed signs of infection.

According to a statistical graduate student Michele Spagnuolo’s statistics, some infected people use Bitcoin as extortion payments to the criminals. Through analysis of payment Spagnuolo find out the Bitcoin account holder information. Through this way, security researchers discovered in the first 100 days, an account bundled with CryptoLocker collected 1216 Bitcoins which was worth at least $ 380,000.

However, the ransom collected by criminals could reach millions of dollars. Because Bitcoin is a kind of virtual currency, the fluctuations in the value might make the final ransom far exceed the minimum value of $ 380,000 in that period. In addition, there are more than 0.4% of victims possibly pay a ransom.” Security researcher Jarvis said, “I think the total ransom ultimately is at least several times of this number.”

Dec 30

Please “KISS” in Information Leak Prevention

Einstein led us to have a taste of the simple beauty of the physical world; Steve Jobs was showing us the extraordinary minimalist design. At most of time, only simplicity can reach the essence of things. There is a very important principle in enterprise management-”Keep It Simple, Stupid”, because only simplicity can be accepted by majority and be more widely implemented. Enterprise information leak prevention often make people feel complicated and have no thread, which makes it need KISS principle.

So how to apply the KISS principle to corporate information leak prevention? In current enterprise information leakage protection projects, three aspects that most need simplification are security systems architecture, information using environment and security regulation.

1. Keep the system simple to realize easy operation.

If the security mechanism of enterprises is too cumbersome, employees will find any ways to circumvent them. For a suit of information leak protection system, no matter how powerful it is, it will be invalid if no one uses it.

Some companies will chose a system that stacks different brands of security systems together when purchasing the information leakage protection system. In fact, due to need to run multiple systems, administrators must log in multiple accounts, set policy on multiple platforms, and query data, which make the management more difficult. Coupled with compatibility and other issues, the company’s overall anti-phishing systems become more complex and practicability therefore becomes weaker.

2. Keep the environment clean so as to achieve an orderly control.

If compare a business to a planet, the information are lives on the planet, and the information ecological environment of the enterprise is very poor. For example, randomly placing important files, crossly using various U disks, randomly installation of various software, freely to modify the configuration of your computer, such kind of phenomenon that will harm information abound, which potentially increase the chance of data leakage. Meanwhile this chaotic environment will virtually give employees an expression that “company doesn’t attach importance to information leakage protection”, and gradually eroded employees’ security awareness.

Therefore enterprise information leak prevention can start from information using environment specification, such as to unify the registration and management of mobile storage device to ensure that admin can trace back to the owners of each device, every device usage has its operational records; such as to unify the applications installation and network configuration of external computers via desktop standardization. Clean information using environment can not only improve the enterprise anti- leak coefficient, improve safety awareness of users, but also help to shape corporate professional and trustworthy image.

3. Keep the system simple so as to achieve clear and feasibility.

At the mention of information security system, many people may come to mind is something out of a thick manual and the like, tedious, boring, soporific. Such kind of a system, although it takes a great deal of efforts, but few people like it.

Information security system should not be cold warning or even command, but a humanized communication between enterprise and users. Therefore, companies should take a variety of forms to communicate with employees, and with a reasonable incentive so as to achieve good results.

You may face core assets loss and heavy pressure from market, partners and the public if you don’t prevent information leakage; while you may feel difficult to promote, implement if you decide to prevent the information leakage. Those enterprises that worrying about information leak prevention project had better “KISS”!

For more information about data security and enterprise data leak prevention, please visit: Kakasoft.

Dec 09

Encryption Solution May be the Best Solution for Data Security Management

Network Systems globalization realize the real time communication among various countries, at the same time, it brings about a series of unsafe factors, the Internet system has more or less a series of drawbacks. It will lead to the disclosure of daily information, essential information if these drawbacks are used by hackers, resulting in a great inconvenience for users. Therefore, how to enhance the security of computer network information systems has become a pressing issue in today’s society.

Computer management system originated very early, in 1955, the computer system achieved the innovation, realizing development of power management application. With economic progress, the development of science and technology, computer information management system now constantly update, its function is more extensive, performance is more superior. After a long time of development, the computer network management system is also gradually improved, which is transited from the previous single function and traditional model to contemporary extensive features mode.

With the development of the times, computer network systems technology is becoming increasingly popular. In order to avoid hackers or virus invading through the system loopholes, resulting in paralysis of computer network information system, affecting people’s daily economic life, resulting in the loss of the user, we need to process regular network information system safety monitoring, inspection. In order to ensure the normal operation of computer network security, we should consider computer network and information security issues as an important part of the computer information technology research.

Network information management technology we usually refer to is basic network information, and some extensive network information. The former is IP address information that is used to confirm a user’s identity; it prevents unauthorized access and bad information into the system.

Generally speaking, computer network and information security has dynamic adaptability. With updated computer systems, the development of computer technology, relevant network and information security will also update, its function has been extended, performance has been enhanced, which is more useful to guard against hackers, viruses , ensuring vital interests of users, and avoiding the disclosure of private information. The complete establishment of network information security system is inseparable from cooperation of every aspect.

From a security management perspective: we need to use three main means of protection to establish a complete security system.

First, strengthening the security measures of the operating system

Generally, in order to ensure the security of computer information technology networks, you need to sweep the computer system for vulnerabilities, in this process, we need to use a series of scanning software for troubleshooting system vulnerabilities, and then provide effective security operating solutions and remedial solutions to strengthen user authentication and improve relevant laws and regulations.

Second, the specific application of information encryption algorithm

In order to ensure the stable operation of computer security information systems, we have to be positive to use cryptographic algorithms to encrypt information, so as to effectively avoid the occurrence of information insecurity. Cryptographic algorithm is one of the important aspects to ensure information security. With the rapid update of science and technology, traditional encryption system is outdated and no longer meets the needs of the times, which means we need to be proactive to make confidential approaches innovation.

It is worth mentioning that when using data encryption to secure information and data, you should also consider the flexibility of the encryption protection. Because at the information age, information security issues become more and more complex, countermeasures must also be flexible. For individuals and enterprises, choose flexible and suitable file encryption solution is very essential.

Finally, establish complete regulations and rules of computer IT network security management

To ensure network security, you also need to make up and improve relevant systems regulations, establish a professional team of computer information and technology security management team, and improve regulations of staff daily Internet access. At the same time, in order to actively prevent hackers, viruses, you need to install effective anti-virus programs to build a sound anti-virus system, regularly scanning and regularly updating to ensure system security. Timely replace outdated computers, realizing standard configuration of computer. According to the approach of unified management and sub-sectors custody, you should strengthen computer application management, designate computer responsible persons, and set power-on password and network password based on permissions.

With the development of the times, the computer information management technology is increasingly popular. It’s imperative to enhance network information security establishment to effectively prevent network insecure factors. As for the origin defense of data security, in order to cope with diverse security crisis, targeted and flexible encryption software is undoubtedly the best “solution”.

Dec 02

Data Disaster Backup Comes Ahead of Data Encryption

Data disaster recovery data is an important premise as well as an important part of the enterprise information leakage protection. The so-called data disaster recovery, in simple terms is to backup and store the same information in different places. If companies centrally store all the data in the one place, once the crisis occurs, the damage and loss will be immeasurable.

When the data has been destroyed, then there is no need to protect it. The so-called data disaster recovery, in simple terms is to copy the data and store them in different places, so that even if data in one place is accidently damaged, the data stored in other places can also be used, which will not affect the normal business operations. But if companies centrally store all the data in the same place, once the crisis occurs, the damage will be immeasurable.

In fact, many companies have risks of data loss or data damage in many places, which can be divided in following four types:

The first type is that some companies have low awareness of information security, paying less attention to data classification and archiving of documents, randomly storing documentation in any place, when you want to use, you cannot find them in anywhere.

The second is the false -style loss. In the office process, employees will randomly delete those data that they think it’s temporarily useless, while later on they need these data, but can’t retrieve them.

The third one is misconduct lost. We may take wrong operations owing to various factors at work; we may inadvertently delete important documents.

The last one is malicious destruction. If the members in companies want to vent discontent, commercial espionage deliberately implement to combat competitors, all those will cause data and information malicious destruction. If there is no perfect disaster recovery mechanism, these issues are likely to become a nightmare of enterprise.

How to build an effective data backup mechanism to deal with unexpected accidents?

First, the enterprise should track and backup the important documents in internal network, including document printing, IM transfer documents, files attached in send e-mail, a copy of the document in removable storage devices, etc. It’s able to not only prevent document being loss, but also completely control document to prevent illegal leaks.

Second, enterprise should audit and backup some operations of important documents, such as modify, delete, etc., to prevent accidental deletion or malicious deletion.

Third, enterprise should backup the document server, if the company adopts the information leakage protection system, the supplier should provide server backup solution, so even if a server fails, it will not interfere with the system running.

Fourth, the enterprise should also make plaintext backup if the company uses the file encryption system. Because no matter how stable the encryption system is, the event of earthquakes, fires, power outages and other accidents may have effect on the integrity of the document.

Only with a sound data disaster recovery mechanism, the enterprise information leakage protection system is considered complete.

Nov 25

Information Leakage Protection Also Needs Service Awareness

Enterprises always make a common mistake when constructing information leakage protection, namely: IT managers simply implement the superiors’ control strategy, but in spite of the majority of users. As everyone knows, the latter is the most important part of information leakage protection.

Many enterprises’ IT managers often complain during the process of building information leakage protection that other departments do not work with them. In fact, in this age where issues of information disclosure frequently happen, the enterprise takes some anti-phishing measures in order to protect their information assets, which is understandable.

However, the problem is that many companies do not spend enough time and effort to understand the demands of themselves and the changes of status caused by protection. And they seldom provide reasonable protection measures to decrease the impacts. If just anxiously deploying strategy, to take coercive measures and adopting coercive measures that cause inconvenience to some routine work, users absolutely can’t provide understanding and supports, so that the protection strategy won’t be formed and effective.

It’s not that Information leakage protection constructing itself is hard, but the companies’ attitudes to information leakage protection obstruct the effects. I believes that security matters requires all members to participate in, that the information leakage protection can achieve good results. If IT management staffs and application strategy staffs form a opposite relationship, the information leakage protection will become a internal friction battle.

How to ensure security and don’t affect efficiency at the same time? In the face of severe information security situation, companies should recognize that information leakage protection is a protracted war, which needs to establish a comprehensive anti-phishing front inside the enterprise, especially needs the main part, namely the non-IY departments to take part in the action. Enterprises must start from real working process, completely account of use experience to provide intimate “service” and find a balance between security and convenience, so as to win everyone’s understanding and cooperation. Only by this way, can information leakage protection be sustained effectively.

Enterprise should try best to ensure everyone in the company takes part in the information leakage protection action when establishing information protection team, so that all departments’ needs can be effectively conveyed.

Second, when deploying information leakage protection, enterprises must take different secure level on different departments, such as deploy the basic foundation of audit and control to the low level of classified departments; as for core departments, expect the detailed audit and control, enterprises may consider the file encryption to protect deeply the secrets of company..

Once again, every department should designate an authority management staff, letting him/her to be in charge of the department information security. If it’s possible, enterprise can provide direct feedback channel for average user to executives, in order to prevent the abuse of authority management staff.

Of course, such united front of information leakage protection can’t be established in a short time, or it can be said that it can’t be done only by the enterprises themselves; it also requires security vendors and national relevant departments to assist. However, after all, the enterprise is the leader of this action, the information leakage protection can be effective only when enterprise has a deep understanding of own security needs, and take active defense and the flexibility adjustment in this action.

Nov 11

Information Security Attacks are coming

In information age, two kinds of power of data and network have become a strong force to push the big wave of the times. We may say that information age is a symbol that little strength forms great strength.

But the biggest threat to the information age, data, and information security is an action that transforms small threat to big threat-DDOS. Confront the overwhelming DDOS attacks, comprehensive defense is apparently “time-consuming”, the effect is not ideal. What we can do is only focusing on breakthroughs.

What is DDOS?

DDoS is tributed Denial of Service means that utilize client/server technology to collect multiple computers as a attack platform to launch DoS attacks on one or more targets, thus exponentially increase the attack power of service denial. Typically, the attacker uses a stolen account to install DDoS master program on a computer, the master program will communicate with a large number of agents at a set time. Agents will launch attacks when receiving instruction. Using client / server technology, the master program can activate hundreds of times of agents operations.

Although nowadays, the bandwidth and the kernel are more and more powerful, it seems that resisting large flow of attacks is no longer a problem. But we must also know that for the hackers , the applicable network resources are more and more abundant, while the cost is getting lower and lower. If we say that the a conventional attack only aims at large site, or come from malicious competitions, now we can say that an attacker may randomly choose target, and  every site will be the attack object.

Currently, to resolve DDOS of DNS, such as flows attacks, the query type of attack, we can only rely on high anti -type DNS. Now defensive DNS don’t defense relying on checking attack source, but directly dependent on the strong machine room to accept this kind of attack traffic so as to ensure normal access to site.

Although DDoS seems to be overwhelming, as long as we understand its true purpose, we can take an effective defense or even counterattack. The targets of DDOS attacks are just the data and information that are increasingly improving their own value. So long as we can find a flexible defense method to prevent the origin of attacks, we can achieve the goal of defense and even counterattack. And now the security technology that can be capable of performing the daunting task is none other than non-multi -mode encryption technology.

Multi-mode encryption uses symmetric algorithms combining asymmetric algorithms technology, using a strong algorithm to ensure the protection quality of data origin, so as to greatly improve data’s resistance ability to attacks. And because of the flexibility of multi-mode encryption, users can choose encryption mode, this flexible feature is just the power of individual, enterprise or even nation to respond to DDOS.

Although the development of information technology and the Internet promotes the development of the times, the dark side of them also makes individuals, companies and even countries suffer from a variety of information security threats, DDOS is one of them. But as long as we can find a secure technology that have powerful defensive affects on origin of information and data.

For more information and solution about data security and file encryption, please visit www.kakasoft.com.

Nov 06

Privacy Leakage Bursts, Self-protection is in Need

Recently, many issues about information leakage have burst on the Internet, such as Paypal password hacking and the Prism. In these incidents, the consumer’s personal information was intentionally or unintentionally leaked and led to great loss to consumers, such as privacy theft, unauthorized use of funds. Due to network services still has many security risks, consumers must be aware of the importance of personal information in network service process and shall use privacy protection function in information security products to ensure personal information secure.

Privacy disclosure event arises one after another in recent years, in January 2012, e-commerce site Zappos was hacked, 24 million users’ e-mail, password and other information have been stolen. In July 2012, accumulated over 8,000,000 users’ information of Jingdong, Yahoo and many other sites have been leaked. With more and more people’s personal information was transferred to the Internet, the risk of information leakage is still expanding.

Because a lot of network services connected to each other, a single information leakage may produce ‘ chain reaction ‘, which leads to other more important information can be leaked. For example, in Paypal funds theft incident, the criminals will be able to get Paypal password by stealing customers’ phone. And criminals can also obtain access permissions to relevant network system by stealing the victims’ identity information, which allows the criminals to cause worse damage.

Even though consumers can not directly improve the level of safety and security of the network service provider, but you can take more prudent measures to prevent personal information from being disclosed, which includes:

  1.  Lower the relevance between various network services account, try not to set the same password for several account, or do not set one single verification method for many accounts. When your relevant information is leaked, you must move quickly to change passwords and other remedial measures to prevent harm to further expand. 
  2. When you use network services, consumers need to pay more attention to security of personal information, in particular, try your best to minimize the spread scale of identity information to prevent criminals’ targeted attacks. 
  3. Use file or folder encryption program to enhance the security of personal information stored in PC or cell phone. You can never ensure your PC will not be invaded by unauthorized access, or your portable storage flash drives won’t lose. Once you conduct mistakes as above, you will also confront great loss, including data loss and financial loss. In order to prevent the data and information stored in your PC or other flash drives falling into wrong hands, you had better lock the files in it with password, so that others who have no correct password can’t access to your data.access to your data.
Oct 28

HP: Cyber Crime Attacks Lead to Rising Costs and Increasing Defense Time

Hewlett-Packard Company recently released results of a global survey conducted by the Ponemon Institute; it shows that the costs frequency and defense time incurred by cyber attacks have been upward for four consecutive years.

Actual costs incurred for network attacks

The cyber crime that cause highest costs includes denial of service, malicious insiders and internal network attacks, which account for more than 55% of the total cost generated from cybercrime of average annual per enterprise.

Information theft is still the highest external costs, followed by business interruption. In 2013, information loss accounts for 43% of total external costs that is less than that of 2012 by 2%. Business interruption or loss of production capacity accounted for 36% of external costs, compared with 2012 increased by 18%.

Recovery and detection are the most costly internal activities. Last year, the costs of recovery and detection of internal activities account for 49% of total costs, most of which is in cash and labor expenses.

Cybercrime generated costs are different due to company size, but per capital cost in small companies per capita is much higher than that of large companies.

The costs caused by cybercrime in financial services, defense, energy and utilities companies are much higher than the costs incurred in the retail, hospitality and consumer products industry enterprises.

Security intelligence solutions and governance practices are essential

Using secure intelligence technology will be more effective in the detection and containment of network attacks, the average annual cost savings is of nearly $ 4 million, rate of return on investment is higher than that of other types of technical by 21%.

Adoption of enterprise security governance practices can reduce cybercrime incurred costs, including investment of appropriate resources, the appointment of executives and hiring security staff and certified experts, which can help companies to save nearly average $ 1.5 million every year.

“Information is a powerful weapon for enterprise to ensure network security.” the chairman and founder of Ponemon Institute, Dr. Larry Ponemon said: “Through practical experience and in-depth interview to more than 1,000 worldwide security professionals, the survey of cybercrime incurred costs provides us with valuable information about the causes and costs of network attacks. This survey is designed to help companies make low-cost, high-yield decisions to minimize the company’s risk as far as possible. ”

For individual and groups that want to defend against cybercrimes, password protection for files and folders is an extra security solution for data security. Comprehensive protection for confidential data and information is necessary for individuals and groups to decrease the cybercrime incurred costs.