Log in

Archive for January, 2010

Investigating Google’s Security Breach

January 20th, 2010

photo_974_20081008

The Google China cyber attacks are still under investigation but have already had several serious effects on the technology industry. Google continues to deal with serious repercussions, some of which we covered last week, and is even considering the security breach could be an insider job. However, it’s not the only company that wishes the hacking never happened. Microsoft’s Internet Explorer 6 is under heavy fire as a security hole in the browser has been pointed out as the key vulnerability which made the attacks possible. Several governments have been warning people to stop using Internet Explorer, dealing serious blow to Microsoft’s internet browser.

Are Google Employees Responsible?

Google is considering the possibility that the security breach may have had help from within the company. Knowingly or accidentally, a Google employee may have played a key role in letting a Trojan infiltrate the company’s digital defenses. While some speculate that the parties behind the cyber attack had a insider in the company, security firm McAfee supports a different theory. McAfee purports that the outsiders were able to access Google’s private information and intellectual property when an employee unwittingly downloaded malware either from a website visited or an e-mail received.

While it’s currently unclear whether or not employees are at fault, Google’s problem can be a good lesson for us. Proper employee training on security measures and powerful encryption software are a necessity for both multinational firms and small companies. Having a secure business environments helps avoids catastrophes such as the one Google is facing. While the long term effects are unknown, the short term ones are already visible, the largest being Google’s reevaluating its business in China and considering leaving, even at the cost of sacrificing revenues and a significant market share.

Internet Explorer 6’s Downfall

McAfee’s investigation of the security breach presented another theory: an exploit in the Internet Explorer 6 browser played a key role in the cyber attack. Though several accusations were made against other applications, including Adobe PDF files, they didn’t hold water. The claims were retracted and everyone pretty much agreed that there was a serious vulnerability in an older version of Microsoft’s browser. In fact, several countries’ administrations have issued bulletins urging online users to drop Internet Explorer as their browser of choice. Though the exploit was only functional in IE6, both Germany and France are urging users to switch no matter which version of the browser they have installed. As you can imagine, Microsoft is scrambling to get a patch out to fix the vulnerability and trying to do damage control. Microsoft’s Head of Security and Privacy in the UK spoke with TechRadar and claimed:

“The net effect of switching [from IE] is that you will end up on less secure browser…”

“The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.

“There are broader risks and issues with other browsers.”

Though it’s unclear if Internet Explorer’s market share will drastically fall following the bulletins from the German and French governments, the situation shows the importance of data security. One hole in Microsoft’s IE browser has done permanent damage to the brand. It’s best not to wait and see if a leak in your organization can have similar effects. If your computers aren’t already protected by Pointsec data encryption services, you should check out what we have to offer.

Further Reading
Operation Aurora [McAfee]
Operation “Aurora” Hit Google, Others [McAfee Security Insights Blog]
iDefense retracts claims made on Adobe’s involvement in cyber attacks [SC Magazine]
Kritische Sicherheitslücke im Internet Explorer [Bundesamt für Sicherheit in der Informationstechnik]
Vulnérabilité dans Microsoft Internet Explorer [Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatique]
Image [FreeDigitalPhotos.net]

1 comment »

Posted in Data Protection, Encryption

Antivirus + Encryption = Total Security

January 17th, 2010

It’s important to understand that encryption software is very different from antivirus software. Many companies consider the two security solutions to be the same and fail to realize that they complement one another. While antivirus software is a perfect way to ensure that your computer is safe from the trojans, viruses, and rootkits, it only goes so far. Antivirus software doesn’t add an extra level of data security by encoding your hard drive. If an outsider gets their hands on a company notebook, antivirus won’t be able to prevent them from directly accessing the information stored.

A recent post from ComputerWeekly brings up a great point:

“…for as little money as it costs to install anti-virus software on your laptop, you can install encryption software, and protect your organisation not only from a data breach but also against any backlash…”‘

Companies need to understand the differences between antivirus and encryption and accept both as standards in their company’s defense. Most, if not all, data breaches or hacking attempts can be prevented and avoided by the right combination of security software.

Protecting your business is in your best interests and that’s where we step in- we provide a powerful and effective encryption method which works alongside all antivirus protection to ensure that your computer is secure. Using industry standard encryption, our software prevents unauthorized users from accessing private company information. Best of all, our software is affordable and manageable for pretty much any business. To learn more about our encryption solution, click here.

If you have any questions about how antivirus and encryption work together or would like to share an experience, leave a comment.

Further Reading
Data encryption is simple safeguard against data breaches [ComputerWeekly]

2 comments »

Posted in Data Protection, Encryption

Tags: alertsec data encryption desktop encryption software laptop security software security security breach

Following the Leaders

January 15th, 2010

Google You know you have to start tightening security when you see companies like Google are doing the same. A few days ago, Google announced that their popular “Gmail” e-mail service will now automatically be using https, a more secure protocol which allows encryption and easier identification when going online. Though the feature has always been available for users who wanted additional protection, the folks working on Gmail have decided to enforce it for everyone, even at the cost of slightly decreasing e-mail speed.

It’s a good idea to follow the leader and learn from Google’s additional security measures. Data is extremely important and its security should be every businesses’ main priority. Google’s other big news about security should help reinforce the point- the company is seriously reconsidering and reevaluating its business in China after learning about cyber attacks targeted at Gmail accounts of human rights activists. Google has even gone as far as considering pulling out of the country altogether, closing its offices and ceasing all operations.

If a multinational company with billions in capital can be affected by online security to the extent where it is willing to lose out on an extremely lucrative venture, any and all businesses have to carefully monitor and frequently upgrade their security systems. It’s apparent that Google’s two announcements are related- the company realizes the serious repercussions that could arise if it gained an image as an insecure service provider. Businesses need to properly protect their data and one of the easiest ways to do that is by encrypting it, using software such as the protection offered we offer.

1 comment »

Posted in Data Protection, Identity and Information loss

Common Arguments Against Encrypting

January 13th, 2010

It’s not uncommon to hear about companies neglecting to encrypt and properly secure their computer data. Many businesses underestimate the damage that can be caused by unprotected information getting into the wrong hands. Others knowingly accept the risks and hope for the best. Unfortunately, institutions which don’t encrypt their computer hard drives are playing an extremely dangerous game- one that can have very serious consequences.

While the above comic pokes fun at the benefits of computer encryption, the reality is that most data related disasters don’t involve a complicated kidnapping plot! In most cases, a careless employee leaves a computer unattended or is a target of theft. In these circumstances, encryption is the best defense your business has to ensure that your computer records and data are protected.

Below are the most common arguments against encryption with rebuttals, explaining why encryption is the appropriate solution. If you have any other concerns or arguments, feel free to leave them in the comments and we’ll attempt to address them in a later post. On the other hand, if you’re convinced, take a peek at our affordable encryption solutions or sign up for a free trial!

“It’s Not That Serious…”

Unencrypted company data getting into the wrong hands can be an extremely serious and costly issue. All sorts of problems can arise if someone gets access to information they shouldn’t. If personal customer details are jeopardized, you may be liable for damages related to the data breach. You also risk a serious blow to your reputation; customers are very unlikely to continue doing business with a company that can’t offer stable and secure transactions.

Other types of information leaks can cause just as many troublesome issues. If sensitive information about company business is discovered, operations and future plans may have to be put on hold. Figures and data could find their way to competitors, helping them gain an unfair edge. Even something as innocent and simple as employee salaries could wreak havoc, causing friction among co-workers. All in all, no matter what type of data is lost, it can cause serious damage to a business.

“It Won’t Happen To Us.”

Companies like to think that they have enough protection which makes encryption unnecessary. Many have security measures in place and rely heavily on workplace policies, employee training, or even simply common sense. While this may be an easy way to cut costs, it’s a poor strategy for businesses interested in a secure future. A major data breach can occur from a single error that is often unpredictable. It’s irrational to rely on other strategies when there’s a simple solution.

It’s a good idea to think of encryption as sort of insurance related business expense. While you can hope that your data will always be secure without the extra layer of protection, you’ll certainly be wishing you had encryption if a company computer is ever lost or compromised.

“Am I Really Protected?”

Contrary to the suggestions of the introductory comic, encryption works and is an effective solution for both small and large businesses. It’s an extremely powerful technology that prevents others from accessing your computer’s stored data without knowing your password. Unlike most basic login/password prompts, encrypted hard drives are protected using AES, a proven industry standard.

We ensures your data is safe by including additional levels of security such as personal authentication questions. Rest assured, computers using an encryption service are as protected as they can be.