Upcoming BYOD Webinar: Lessons Learned in Tackling BYOD Security

shutterstock_156558944 When it comes to BYOD, do you feel like you’re walking a tightrope trying to meet employee expectations while protecting the security of your company?

If so, you aren’t alone.

Whether you have mobile device management (MDM) in place or are still looking for the BYOD answer, join us on April 24 at 2 p.m. ET to learn about real-world BYOD experiences and success stories.

During this Webinar, a panel of data protection experts and a ZixOne customer, First National Banking Company, will take your questions and discuss:

    • Successful deployments, including technology adoption
    • Use cases for today’s BYOD solutions
    • Alternatives to frustrating and cumbersome MDM solutions

Can’t make it next Thursday? Stay tuned for a Webinar summary and an archived recording.

Posted in Bring-Your-Own-Device | Tagged , , , | Leave a comment

Follow-up Questions from Our Q&A: Enhanced Data Security Measures in the Legal Community

We recently posted a legal Q&A after two New York Times articles sparked an interesting discussion about data security measures at law firms. Zix General Counsel Jim Brashear often contributes and speaks on the significant need for data protection in the legal community, and he served as our Q&A expert.

During the discussion, Jim provided responses regarding the hurdles law firms face in implementing additional data security measures, how those hurdles could be avoided and who determines when a law firm’s data security measures are adequate. After the post, he received some interesting follow-up questions. Here are his responses:

What types of law practices are likely to implement additional data protection?
Law practices that serve clients who have heightened sensitivity and demand additional data security are most likely to take additional measures. Those clients include:

    • Companies working in industries that are targets of commercial espionage, such as energy and technology
    • Businesses with commercial trade secrets
    • Companies that have already been victimized by hackers that gained entry through an outside vendor’s or consultant’s systems
    • Organizations subject to privacy regulations, such as HIPAA for healthcare clients and GLBA for financial services clients

For legal professionals just getting into data security solutions, where should they start?
The ABA’s Legal Technology Resource Center has some good information. The ABA Cybersecurity Task Force has published the ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals. There are also some good data security consulting firms who have practices that focus on the special needs of law firms.

What other industries are next in facing similar data security pressures?
Any third party services providers that have access to their clients’ confidential information may face similar pressures. Examples include accountants, auditors, investment bankers, consultants and outside directors. These providers may become targets, because data thieves have learned to use a weaker point of access to acquire sensitive data.

For example, recent large data breaches resulted from lateral entry through a vendor that had access to a client’s network. Other breaches resulted from malware in spear phishing email that appeared to come from a trusted vendor. But the thieves may not need to penetrate the client’s network if the data they seek is stored within a services vendor’s servers or if it can be intercepted in transmission between the client and their outside service providers. That can occur when a man-in-the-middle attack spoofs a vendors DNS server.

Have an additional question for Jim? Comment on our post or contact him through Twitter at @jfbrashear.

Posted in Data Protection Trends, Legal Industry | Tagged , , , , | Leave a comment

Webinar Round-Up: Enhancing Your Data Protection with ZixDLP

Email is the number one app used in business communications and still the preferred method for sharing information and documents. As a result, it’s where a large amount of your company’s IP and sensitive information can be found – and where security policy violations occur.

While malicious hackers or even hostile insiders can pose a security threat, loyal employees can also make mistakes that have the potential to lead to a security breach as they move information around in email and expose your organization to compliance violations, security issues…or worse.

Since email continues to be the dominant communication tool used in business, taking all measures necessary to securing data is key.

Our very own Nigel Johnson, VP of product management and business development, hosted a webinar discussing ways to enhance email data protection with the implementation of ZixDLP – addressing the issue of data loss in email. During the webinar, Nigel took listeners through the following:

    • Reasons having a data loss prevention (DLP) solution in place is beneficial
    • Adoption of DLP
    • Benefits ZixDLP (including decreased complexity and cost, reduction of deployment timelines and minimal impact on resources, ease-of-use and reporting)
    • Email encryption
    • Capturing and analyzing emails against company policy using ZixDLP

But don’t worry! If you missed the webinar, you can still catch a recording of it here (as well as other past webinars) so that you too can learn more about DLP and all that Zix has to offer to keep your email safe and secure.

Posted in Data Loss Prevention | Tagged , , , , , | Leave a comment

Enhanced Data Security Measures in the Legal Community: Q&A with Zix Expert Jim Brashear

Two recent New York Times articles sparked an interesting discussion in the legal community about data security measures at law firms. One article, Spying By N.S.A. Ally Entangled U.S. Law Firm, describes how government surveillance is capturing attorney-client email communications. The other article in Dealbook, Law Firms Are Pressed On Security for Data, describes how clients are demanding their lawyers step up their data security measures.

James BrashearAttorney data security is a topic near and dear to the heart of our General Counsel Jim Brashear. Jim has invested many hours writing articles, speaking at legal and security conferences and participating in webinar panels with the goal of raising the legal community’s awareness to the significant need for data protection. He is a sought-after resource on the topic, so who better to have a Q&A with on an issue that is gaining speed in the media and the legal industry.

Does the fact that law firms are victims of hacking or email interception mean they don’t take data security seriously?

No. Law firms do take data security seriously. Unfortunately, law firms are targets for cyber thieves and spies, because law firms are a treasure trove of sensitive information for many clients – and law firms generally are perceived by data thieves to have relatively lower cyber security standards than their clients. Lawyers have ethical obligations to take reasonable steps to protect their clients’ confidential information and maintain data security measures, but the cyber risks for law firms are rapidly changing with increased hacking and data interception and greater use of mobile devices and cloud computing. There have also been recent changes in ethics guidance about lawyers’ usage of technology. The real question is whether typical law firm cyber security measures continue to be adequate.

Who decides that a law firm’s data security measures are adequate?
Ultimately, the law firm’s client gets to decide whether the law firm is adequately protecting that client’s data. A client might require that its lawyers implement particular cyber security measures. That’s the sort of behavior reported in the recent New York Times Dealbook article. Alternatively, a client may choose to take its legal representation business elsewhere because of cyber risk concerns. So, the ability to offer sophisticated data security measures can be a services differentiator for a savvy law firm. The law firm’s engagement letter should invite the client to request enhanced data security measures when dealing with particularly sensitive data or a heightened risk of unauthorized access. The letter should solicit the client’s informed consent to the firm’s normal, reasonable cyber security measures.

What keeps lawyers from implementing additional data security measures?
There are many reasons that law firms have been slow to adopt additional data security steps, including:

    • Conflicting Client Standards: Unlike companies that implement cybersecurity to protect their own proprietary information, law firms are obligated to protect information that belongs to many different clients. Those clients may insist on multiple, conflicting standards about what information they consider to be particularly sensitive and how that information should be protected. It’s difficult for law firms to manage multiple, conflicting standards and technology solutions. So, the law firm waits to implement additional measures until an important client demands additional steps – perhaps with the hope that the costs can be charged back to that client.

    • Management Challenges: Lawyers may not fully understand the risks and may be relying on the law firm’s IT staff to address the issues. Meanwhile the IT staff may be waiting for the lawyers to decide that additional steps are needed. Law firms typically are managed by reaching a consensus among the partners. It’s hard to get two lawyers to agree on anything, much less getting a whole bunch of lawyers to agree to adopt tools that don’t lead to more billable time or that they perceive may waste time due to increased complexity. So, law firms can be slow to make decisions about data security.

    • Resistance to New Technology: Lawyers focus their efforts on learning the law and providing counsel to clients. It’s rare to find a lawyer with time to invest in learning a new technology – even when that technology ultimately benefits clients. So, law firms sometimes don’t implement additional cyber security measures, because their lawyers think the technology will be hard to learn or use.

    • Lack of State Bar Mandates: Lawyers tend to make rules-based decisions about implementing data security measures and, based on current ethics rules, law firms are likely to say that there are no clear requirements for law firms to implement additional data security measures. My earlier posts on our ZixCorp Insight blog describe reasonable steps that law firms could take to meet evolving ethics guidance when using email or other Cloud services.

How might law firms avoid some of those implementation hurdles?
Managing data security is easier when law firms, clients, regulators and others share the same data security standards and tools. For example, there’s huge convenience in a large community of users who share the same email encryption platform. So law firms should consider the benefits of joining a widely accepted user community.

You have to strike the right balance between convenience and security. Law firms should also look for security tools that are as transparent as possible to end users. The easier enhanced data security measures are to implement and use, the easier they will be for lawyers and their clients to accept and adopt.

Interested in posing your own question to Jim? Comment on our post or contact him through Twitter at @jfbrashear.

Posted in Data Protection Trends, Legal Industry | Tagged , , , , , , | Leave a comment

Emergence of a New Security Trend

Healthcare, financial services and government organizations make up the majority of customers who deploy our email data protection and for good reasons. Healthcare and financial service manage an abundance of protected health information and personal financial information, and they are heavily regulated industries. Meanwhile local, state and federal government organizations must protect sensitive information to meet government standards and maintain public trust.

However, the customer trend is beginning to shift with increasing data breaches that are affecting millions of people. Businesses outside of the usual industries are taking notice and taking action. Law firms are in the mix, as highlighted in the New York Times article – Law Firms Are Pressed on Security for Data.

Here are key highlights and quotes from the article:

    • “In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased [security] scrutiny… ‘It is forcing the law firms to clean up their acts,’ said Daniel B. Garrie, executive managing partner with Law & Forensics, a computer security consulting firm that specializes in working with law firms. “When people say, ‘We won’t pay you money because your security stinks,’ that carries weight.”

    • “Companies are prodding law firms on security at a time of overall rising concern about hacker attacks like the information breach at Target last year, when the retailer said at least 40 million credit and debit card accounts were compromised.”

    • “‘Clients are putting more restrictions on law firms about things to do to protect themselves,’ said Mary E. Galligan, an executive in the cyber-risk services division of Deloitte & Touche and the former special agent in charge of cyber and special operations for the New York office of the F.B.I. “It is being driven by victims of hackers, and they don’t want to be victims again. It’s just good business sense.”

The legal industry may just be the start of a considerable change in how all businesses (not just healthcare, financial services and government organizations) protect personal information and corporate data. Do you agree?

Posted in Data Protection Trends, Legal Industry | Tagged , , , , | Leave a comment

Cisco IEA Users: Don’t be left behind with obsolete encryption

Zix SwitchIt’s time to switch to Zix. It’s tough enough when vendors stop supporting business applications, but it’s a red-alert emergency when a vendor announces end-of-life for a critical security product.

Come July 2015, Cisco IronPort Encryption Appliance (IEA) users will no longer have support, patches or upgrades for their email encryption. You can read more about IEA’s end of life announcement here.

If you are a current IEA customer, you have an alternative to being trapped with an outdated email security solution that threatens the security of your data and your ability to pass compliance audits.

Zix is the proven leader in email data protection. Over the years we have perfected a best of breed email encryption and security solution that has been selected by some of the nation’s most influential institutions for the strength of our security, ease of use and simple, effective delivery options.

In fact, by becoming a Zix customer you will become part of the world’s largest shared encryption community – ZixDirectory.

We have a dedicated and experienced team that has transitioned countless customers to Zix solutions. They offer complete support and will guide you through the migration process – whether that calls for business transitioning at the executive level or educating employees about how smooth and easy encryption will be or step-by-step technical guidance through the switch.

We are here to help!

We invite you to learn more about our email encryption and how Zix connects and protects what matters. Contact us via the form on the IEA migration resource page, and our team will contact you.

Posted in Email Encryption, Simple to Use | Tagged , , , , , , | Leave a comment

BYOD: A Fresh Perspective – Avoid a Bring-Your-Own-Disaster

Ready to jump on the BYOD bandwagon? Hold on, because it could be a bumpy ride.

At first look, BYOD seems like an obvious choice for companies and their employees. Workers stay connected to office email and work applications anytime and anywhere on their favorite personal devices. Companies gain a happier, more productive workforce.

Yet BYOD is a long way from nirvana. Companies are forced to walk on a tightrope between IT security and personal privacy. Done poorly, it has the potential to turn BYOD into Bring-Your-Own-Disaster.

The disaster aspect can come into play when boundaries are violated – from the company being perceived as “Big Brother,” to corporate liability for lost personal data after a device is wiped, to an employee downloading blacklisted apps or malware on the device.

Is there a way to empower employees without compromising security – or violating personal or corporate boundaries?

Next Tuesday, March 25, ZixCorp’s Nigel Johnson and Geoff Bibby will be at Boston SecureWorld discussing how companies can overcome the disadvantages of traditional BYOD approaches to avoid a disaster scenario.

Make sure to stop by Room 104 from 1:15pm – 2:00pm if you’re at the event!

Posted in Bring-Your-Own-Device | Tagged , , , , , , | Leave a comment

Keeping Your Most Used Mobile Business App Safeguarded

Chances are, you use your personal smartphone or tablet for everything from playing Angry Birds to choosing the best filter for your photos via Instagram and finding the love of your life on Tinder.

However, when it comes to business, despite buzz around BYOD and accessing corporate information on personal devices, if we narrow it down, email is the business app we use the most for viewing and sharing company data.

Within email is vital information from financials, credit card numbers, customer information, business plans and other proprietary information. The implications of this data falling into the wrong hands can be catastrophic.

Imagine attending a conference and paying a visit to a competitor’s booth. While you’re there, you accidently set down your phone and walk away to take care of other business. The next day, after realizing your phone is missing, you wake up to find sensitive company information spilled over to press and investors. This scenario could potentially cost you your job, damage your company’s reputation and even trigger millions of dollars in lost revenue.

So what is the safest way to make sure sensitive data doesn’t fall into the wrong hands?

While there is no one-size-fits-all approach, IT and security managers should start by protecting the mobile activity that is used by most, if not all, employees and exposes the most risk –email.

At Zix, we believe the best solution enables access to corporate email without allowing it reside on the device. If the device is lost or stolen, companies can disable access to the email app instead of wiping the device completely, ensuring the safety of company emails and attachments. At the same time, companies can avoid employee complaints and liability associated with loss of control, personal data and privacy.

If there’s one thing you should protect in our BYOD world, it’s email. Securing it and using it should simple, and it can be.

Posted in Bring-Your-Own-Device | Tagged , , , , , , | Leave a comment

ZixCorp @ RSA 2014 – Looking at Effective BYOD Options on the Show Floor

It’s hard to believe another RSA Conference has come and gone!

If you’ve followed the national headlines, you may think that everyone at the conference was obsessed with the NSA, the protest Trustycon event and headliners like Stephen Colbert … and you would be wrong.

Down on the expo show floor, the Zix team spoke with a steady flow of people who continue to struggle with managing the Bring-Your-Own-Device (BYOD) trend that is flooding businesses and agencies alike with personal devices like smartphones and tablets. For these people, solving their BYOD and email security problems is far more important than the heady national news stories coming out of the conference.

It’s clear BYOD is still leaving people a little bewildered. There’s no silver bullet yet, and people are trying to do it the best way they know how, within the limitations they have. For some, this means total avoidance of BYOD, and for others, it’s a full embracement of BYOD with an understanding of the potential cost benefits, recruiting advantages and how BYOD can work within the company’s budget.

Email encryption was also top of mind for many – especially for those in healthcare and financial services. At the conference, it was mentioned that companies spent $486 million on technical security solutions; however, data breaches are up 30 percent. These data breaches are also getting more sophisticated, and the primary focus is on detection and eradication.

We were able to share information on Zix Email Encryption and ZixDLP, and attendees seemed very responsive to the easy-to-use technology and its assistance with HIPAA and GLBA compliance.

One of our favorite highlights from the event was being able to have face-to-face time with Zix customers. Their enthusiasm is contagious. One person even dropped by to say ZixOne was the most interesting solution he had seen on the show floor. What a compliment!

Overall, a successful event (check out some booth photos below!), and we look forward to participating in several events in the coming months!

2014 RSA

2014 RSA

2014 RSA

Posted in Bring-Your-Own-Device, Company Update | Tagged , , , , | Leave a comment

ZixCorp Partner Program: Celebrating 10 Years

10-POEThe ZixCorp Channel Team is excited to celebrate our 10 year anniversary in 2014!

The channel program started in 2004 after ZixCorp established itself as a leader in email encryption. We started with one person managing the entire reseller division, and in our first year, we partnered with 21 resellers, the majority of whom continue to do business with us today.

Our channel program steadily grew throughout the years as the overall need for email data protection increased. We began offering participation at three partnership levels with sales, marketing and technical benefits for all. We rolled out a partner portal, deal registration, marketing lead generation programs and more, all designed to assist our partners in selling our solutions, expanding their customer base and increasing their profits.

Today, we are proud to have more than 400 Solution Providers (SP) and Managed Service Providers (MSP) across the country. ZixCorp believes in building mutually beneficial relationships with each of our channel partners, and it is this commitment that drives the success of the program each day.

We have dedicated Channel Account Managers who work to develop our relationship with each individual reseller. We offer sales support throughout the entire sales cycle, in addition to sales training, discounts, marketing resources and more.

In 2013, ZixCorp introduced DLP and BYOD to our product line. This expansion has significantly benefited our partners by introducing them to new and growing markets, while increasing their revenues and margins.

As 2014 begins, we look forward to continuing the development of the channel program, including growing the ZixCorp channel team and introducing new benefits and sales and marketing tools to assist in generating revenue for our partners.

For the past 10 years, we have worked tirelessly across all levels of the company to assist our partners in growing their business, and we are excited to celebrate this anniversary knowing how successful this program has been. It truly is the Power of Everyone.

To our current partners, thank you for your hard work and dedication to ZixCorp for the past 10 years. We look forward to 10 more years (and many more after that)!

Posted in Company News, Partner Trends | Tagged , , | Leave a comment