Customer Spotlight – Union Bank “Opens Up Shop” with ZixOne

Let’s be honest, IT departments rarely have an opportunity to make everyone happy — especially when it comes to the selection of security solutions.

Selecting a BYOD product is no different than any other security solution — many times privacy is sacrificed in the name of security. While this ensures that data is secure, it can also lead to unnecessary tension within the workplace.

Because of this, Union Bank remained a “closed shop” to mobile devices for many years. Unable to find a solution that balanced employee needs with security, the bank made the conscious decision to not implement a security solution unless it would please all of its employees.

When Union Bank decided to allow employees to use their personal mobile devices, the IT team wanted to avoid making any compromises. They knew they needed a solution that could meet security requirements AND employee demands for an easy-to-use, non-intrusive solution.

Once discovering ZixOne, Union Bank knew it was the right product.

With its no data on device approach, Union Bank employees can now securely access corporate and client data on-the-go, without worrying about their personal privacy being violated.

Another bonus?  ZixOne is easy to use and easy to deploy.

Don Goodhue, vice president of information technology at Union Bank, sums it up perfectly:

“ZixOne’s approach of giving us control of our data without managing employee devices provides a straightforward solution that makes everyone happy. 

There is no admin overhead, and rollout was incredibly smooth. Employees use ZixOne in the office for meetings or on the road with clients. It works great — ZixOne is exactly what we needed.

Implementing BYOD may seem like a risky proposition at first, but Union Bank learned that with the right solution, BYOD can make everyone happy.

Here’s a little about Union Bank:byod stock photo

  • Founded in 1891 and headquartered in Morrisville, VT
  • Serves Northern Vermont and northwestern New Hampshire with 17 branches and two loan centers
  • Offers deposit, loan, asset management and commercial banking services

Posted in Bring-Your-Own-Device | Tagged , , , | Leave a comment

You’ve suffered a data breach! Now what?

As breaches have recently become a weekly occurrence — executives, IT departments and legal teams are wracking their brains to pinpoint the problem and identify solutions. But is anyone asking what is on the minds of the customers affected?

We are. And that is precisely what we explored in a recent survey that sampled more than 500 Americans.

Through the results, we concluded two main points –

  1. People are not as educated as they might think in regard to the severity and types of breaches that have been splashed across headlines.
  2. People want to be in the know regarding a breach as quickly as possible. In short – ignorance is NOT bliss when dealing with a data breach.

Regarding point No. 1 — 55 percent of those surveyed believe retail and insurance breaches are equally as bad, with 13 percent believing a retail breach is more concerning than an insurance breach.

If one thing is clear, it’s that people need further enlightenment when it comes to this topic. To begin with, retail and healthcare breaches both show cause for concern. However, both are not created equal –healthcare breaches should be more unsettling.

Why?

Both types of breaches hold vastly different information. For a retail store – your credit or debit card information can be leaked – which, let’s be clear about this – isn’t fun to go through. On the other hand, a retail breach is not as damaging as a healthcare or insurance breach where one’s Social Security Number and health records are compromised. Because at the end of the day, there is no undoing theft of your Social Security Number and identity.

Now examining point No. 2, 92 percent of those surveyed feel companies should notify their entire customer base of a breach, regardless of breach size. This is where companies need to be transparent when it comes to breaches and keep those affected top of mind. In addition, the survey results show that 84 percent would like to be notified of a breach right away in order to regain trust. We see where respondents are coming from — the sooner people are notified of a breach the sooner they can take action to protect themselves like implementing a credit freeze and monitoring for fraudulent activity. So it is up to businesses to be mindful of findings like these and do what they can to take action according to their customers’ view. After all, they are the ones affected and looking to them is the best way of retaining their business.

Data Breach Trust Survey Results

Interested in more of our survey’s findings? Just shoot us a comment, and we’ll be happy to discuss them further. Or feel free to check out our announcement here.

Posted in Data Breaches | Tagged , , , | Leave a comment

SEC Investigates Widespread Email Hacking

In overnight breaking news, it was revealed that the Securities and Exchange Commission (SEC) is investigating a group of hackers who appear repeatedly to have broken into email systems at biotech and healthcare companies to gain financial advantages by trading in these companies’ stocks.

Silhouette of Stock Market DiscussionReuters is reporting that John Reed Stark, a former head of internet enforcement at the SEC, told them that having a government agency ask businesses to disclose details about breaches is “an absolute first.” He also described the email interceptions as a “dangerous, new method of unlawful insider trading.”

An example of one group involved in the hacking is FIN4, as reported by FireEye back in December. Their regional president Richard Turner has said, “We have solid evidence that there is at least one group and probably multiple groups that are breaching corporate networks to gain knowledge and trade in the markets in an advantaged position.” Operating for at least two years, FIN4 is believed to have hacked into email accounts at more than 100 companies, looking for insider market information.

We at Zix know that there are far more email breaches than reported in the press. This is because businesses are not required to disclose email breaches unless they are deemed to be “material” under federal laws. These businesses can protect themselves, their sensitive data and their clients by implementing modern email encryption. The most influential companies and government organizations use the proven Zix solutions. Zix Email Encryption Services are powered by ZixDirectory, the largest email encryption community in the world.

You can learn more here.

Posted in Data Breaches, Email Encryption | Tagged , , , , | Leave a comment

Join Our Community

Last year in this blog, we told you about the Zix Encryption Network, a growing community of trust with thousands of companies and millions hands inof members participating. We’re happy to share that our Network is continuing to grow, with new companies and new members joining all the time.

There is no secret or mystery about why the Zix Encryption Network is so popular. Instead of users being required constantly to check their outgoing emails for sensitive information, and having to remember to follow a time-consuming procedure to encrypt these sensitive emails, members of the Zix Encryption Network need do nothing except hit the “send” button. Zix does the rest.

Zix reduces the risk of human error by introducing automatic email encryption. With sophisticated filters, Zix scans every outbound email, in real time, for sensitive information that needs to be protected. For the members of the Zix Encryption Network, all this happens seamlessly, and they need do nothing extra beyond their normal jobs. Having everyone within our community means there is no need for portals or passwords: for recipients who are members, encrypted emails are sent transparently. These emails are automatically decrypted upon receipt and delivered to the recipient’s inbox just as easy to read as regular emails. Nearly 12,000 businesses are now members of the Zix Encryption Network, and of the 1.1 million emails they send every day, a full 75% of these are sent transparently. For the remaining 25% that go to folks who have not yet joined up, decryption is still quick and intuitive.

To learn more about the Zix Encryption Network, the world’s largest and most secure email encryption network, click here.

Posted in Email Encryption | Tagged , , , , | Leave a comment

Mitnick Interview Goes Live Today

You may remember this blog from the last month when I reviewed the then forthcoming Kevin Mitnick video. Well the release date has arrived and today you can watch the forty minute interview of Mitnick by Geoff Bibby.

Mitnick-Bibby

When in college, Mitnick admits to having been bored with the assignments set by his tutors. He uses the term “prankster” often and states that he never hacked a system to make or to steal money. When asked by Bibby what motivated him back then, Mitnick replies “it was [for the] pursuit of knowledge, challenge, and the seduction of adventure.” Clearly for Mitnick, hacking was a game not intended to hurt anyone.

The interview is well worth watching in its own right; however the most important sequence is the email hack. In the studio, Mitnick has set up a demonstration of fiber tapping into emails in transit. He has laptops playing the parts of a user’s device, a company server through which the first device sends emails, and a third to represent a hacker’s device. The user’s device and the server are connected via optical fiber, just as they would be in the real world, and Mitnick introduces a $400 fiber tap that can read the traffic passing between them. Mitnick sends unencrypted emails to and from the user’s device and demonstrates that the hacker can read these emails in real time as they transit the fiber cable. For me, it is clear proof of how easy it is for hackers to read unencrypted emails as they transit the Internet; thus the great need to encrypt emails containing any sensitive information.

The video is released today and you can view it by clicking here.

Posted in Email Encryption | Tagged , , , , | Leave a comment

Government Data Loss Said to Include Social Security Numbers

On June 4th, the Office of Personnel Management (OPM), effectively the human resources department for the U.S. Government, confirmed that almost four million current and past employees had been affected by a massive security breach. A new data penetration monitor named Einstein had detected the breach that actually occurred in April. At the same time, the OPM stated that “[i]n order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance.”

Mark Van Scyoc / Shutterstock

Mark Van Scyoc / Shutterstock

Senate Intelligence Committee member Susan Collins stated that this was an indication of a foreign power trying to “identify people with security clearances.”

The hacked information was said to include employee job assignments, performance reviews and employee training. However, since June 4th the estimated number of people affected has said to have risen to 14 million, and the American Federation of Government Employees has stated that they believe far more personal information about victims has been compromised. J. David Cox, their president wrote, “We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.” He went on to state that his federation believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; and age, gender and race data; and worse: “We believe that Social Security numbers were not encrypted.”

We at Zix know the importance of protecting personal data such as birth dates and health information, and we know that the most precious of personal information is your social security number. Zix is famous for having the best filters and lexicons for ensuring that Social Security Numbers are not sent via email by mistake; and, that when you do need to send them, they are securely encrypted. Make sure you are securing the Social Security Numbers of your clients and your employees. Contact Zix to learn how.

Posted in Data Breaches, Data Loss Prevention | Tagged , , , , , | Leave a comment

New Survey Reveals Concerns with Security of Healthcare Information

Are healthcare organizations doing a good job of complying with HIPAA and ensuring the privacy and security of patient data?

According to the 2015 Healthcare Information Security Today Survey, published today, an overwhelming majority of respondents – 79 percent – were confident or very confident their organization would “pass” a Department of Health and Human Services HIPAA compliance audit. That indicates they believe they’re making all the right moves.ISMG graph

But are they really?

While the forty-page survey confirms that most organizations are fulfilling the requirements of HIPAA, and the HITECH Act, some organizations still have a number of concerns regarding the security of protected health information (PHI). In fact, 21 percent of survey respondents said they were unsure if they would pass an Office for Civil Rights audit. One of the bigger surprises was that only 56 percent of organizations apply encryption to mobile devices – leaving the other 44 percent of organizations exposed. It’s a surprise given lost and stolen unencrypted devices have consistently been a culprit in HIPAA breaches reported to the U.S. Department of Health & Human Services (the U.S. department that manages the Office for Civil Rights). In fact, the growing use of mobile devices, including BYOD, is cited as the second largest security threat faced by organizations, as shown in the above chart. However, according to the survey, the largest security threat is believed to be associated with business associates taking inadequate security precautions to protect PHI.

This survey should serve as an eye opener to organizations to help better prepare themselves for things such as audits and potential security threats of PHI sent via email and mobile devices, and a good place to start would be identifying the right solutions to safeguard the transfer of PHI via any vehicle.

Full results from the 2015 Healthcare Information Security Today Survey can be accessed here.

Posted in Compliance, Data Breaches | Tagged , , , | Leave a comment

Millennials & BYOD

Much has been written about the so-called millennial generation and its differences from preceding generations. It’s all too common to see headlines proclaiming things like “Millennials – The Most Entitled Generation?” and “Everything You Know about Millennials is Wrong.”

Truthfully, millennials are just like every generation before them, except for one key difference: they are the first generation to enter the workforce that grew up with access to computers, cellphones and the Internet.

With millennials expected to make up 75 percent of the global workforce by 2030 – it is essential to understand how this generation is transforming the workplace, especially when it comes to IT security.

Millennials and BYOD

One key aspect that needs to be taken into account is their love of mobile devices. While most people “love” their smartphones and tablets, millennials are the most connected generation ever and spend an incredible amount of time on their mobile devices; arguably more than the amount of time spent staring at TVs.

This doesn’t change when they get into the office. The barrier between work use and personal use is rapidly blurring, and employees are starting to push back on the intense security around personal device usage. In fact 53% of employees consider their company’s mobile device security a nuisance.

A recent Forrester survey also provided some additional insights:

  • 61 percent of corporate workers are choosing to use their own personal smartphones for work
  • 56 percent of those workers are doing the same with tablets

Not only is it an IT manager’s responsibility to stay ahead of the latest security threats, but also it is his or her responsibility to keep up with employee needs and demands. In the case of mobile security, this means stepping away from the dictatorship of cumbersome and outdated corporate-owned devices and MDM strategies.

To ensure employee buy-in, particularly from millennials, a mobile security solution must be easy to implement and use. By implementing a secure BYOD solution with a no-data-on-device approach, businesses choose a win-win solution. Employees can safely access corporate data while working on-the-go, while IT managers can rest assured knowing that corporate sensitive information is secure.

Unlike a traditional MDM solution, employees don’t need to worry about losing their selfies or notes or contacts. If an employee’s mobile device is ever lost or stolen, an administrator can simply disable access thus mitigating the risks of a potential breach because the data doesn’t actually reside on the device.

In the end, companies can greatly benefit from putting millennials’ tech-savvy ways of thinking to good use – and vice versa. In order to keep up with growing security concerns, it’s up to companies and their IT departments to implement security solutions that protect data without hindering opportunities created by a more mobile workforce.

There is a better way to do BYOD; look no further than ZixOne.

Posted in Bring-Your-Own-Device | Tagged , , , , | Leave a comment

Data Loss Disaster: A Sobering Tale

Australian Jason Wang was pleased with the purchase of his $200 Groupon gift card to be used at a local Woolworths, a large grocery chain. However he was not so happy when he checked his online account to discover his balance was zeasteroidro. His $200 was gone.

He wasn’t alone: according to this article, an email sent by a Woolworths employee to hundreds of customers contained the wrong attachment. Instead of including details to redeem their vouchers, the attachment contained not only the codes to access all 8,000 of these vouchers, but also the email addresses and names of over one thousand customers who had paid for the vouchers.

Make no mistake: this is a public relations disaster for a well-known brand. Included in the news was the case of another customer, Mr. James, who “was embarrassed in front of a large number of people” after he attempted to buy his weekly groceries using his legitimately purchased gift card, only to be told by Woolworth staff he was using a stolen card. Mr. James subsequently abandoned his grocery cart at the checkout and later stated to reporters, “I tried to call Woolworths, but no one picked up the phone.” Is it likely he will ever shop at Woolworths again? I don’t think so.

Was this a security breach perpetrated by a hacker? Regrettably no: it was a mistake made through human error; it was an understandable and, I believe, predictable mistake made most likely by a conscientious employee of Woolworths. What did the employee do to cause this catastrophe? He had computer files with similar looking names and accidentally attached the wrong one, an Excel file. What is most sad about this incident is that it was preventable. We already know – or should know – that employees make errors. It is ineffective to ask employees to check their every activity. They could do this, but their productivity would be drastically decreased as they check their work and check again and, just to be safe, check again. The answer is obvious: automation. Computers can stay alert 24 hours a day, every day, and software can be automatic, repeatable and consistent in its real-time checking of email content. We call this Data Loss Prevention or DLP. A good DLP solution searches email content and attachments for sensitive information of the kind accidentally leaked by Woolworths. It works reliably in the background all the time to detect sensitive information. When identified, the email is quarantined, and the sender and other staff are asked to review the email, thus giving the business a second chance to prevent the wrong data being sent. If you’d like to read more about Zix DLP solutions, please click here.

Posted in Data Loss Prevention | Tagged , , , | Leave a comment

Privacy Rights – The United Nations Steps Up

I’m a big fan of Brian Krebs and his daily blog KrebsOnSecurity. Back in March, Brian reminded us that the IRS remains in apparent disarray with its “Get Transcript” function available on IRS.gov, making it very easy for criminals to get a copy of anyone’s previous year’s tax return, fill in a bogus one for the current year, and claim a tax refund under someone else’s name shortly after January 31st. For you and me , this issue is no surprise – we’ve been hearing about it for years. But, what did come as a great surprise to me were the discoveries of Mr. Michael Kasper, a reader of KrebsOnSecurity who shared his experience on being a victim of the above IRS scam.

united nationsWhen Kasper found the person who had received the bogus tax refund of $8,936, that person turned out to be a student at a university who had responded to a Craigslist ad for a moneymaking opportunity. In a situation reminiscent of a Nigerian 419 Scam, the student had received the sum into her bank account, kept a portion, and wire transferred the rest to her “employer;” the only difference being that in this case the money actually existed – and wasn’t hers.

In March, Fast Company posted an interesting article on “espionage as a service.” With espionage as a service, clients post requests for hacks and offer fees for these services. For payments ranging from, say, $90 to $350, users openly post ads offering to hack into computers and online accounts, knock servers offline with denial-of-service attacks, track down people’s personal information and break into Gmail and Facebook accounts. And just as in the case of the university student in the IRS scam above, none of these people seem to realize that what they are doing is criminal. Somehow new technologies that have enabled this type or behavior have diluted people’s sense of right and wrong.

Western governments are struggling to find a balance between protecting society against criminals while also protecting our privacy rights. Against the current background of calls from the U.S. and U.K. governments to hobble encryption, the U.N. Human Rights Council will be debating these issues in a session running from June 16th to July 3rd. Questions to be posed by a  Special Rapporteur revolve around the issue of privacy as a human right. In short, is it ethical for people to view your email account, Facebook account, bank account or IRS submissions just because they can? If private information is accessible via the internet, does it cease to be private or is it fair game to be hacked, cracked, skimmed or cloned?

While the U.N. and governments debate these issues endlessly, we ordinary folks need to protect our personal and business information as best we can and remember never to include sensitive information in emails unless there is a proper encryption solution in place. There are a number of email encryption solutions available, however the best are widely agreed to be the Zix email encryption solutions. The Zix solutions are not only very secure, but also the easiest for you, your business partners and your clients to use.

An advance copy of the U.N. report can be downloaded here. Zix email encryption solutions can be found here.

 

Posted in Email Encryption | Tagged , , , | Leave a comment