http://www.siemensjobcam.com/2008-mobile-antivirus-download/
Stop Data Leakage: Making the most of your security budget
After years of struggling against intrusion, viruses and spam, organizations are now wrestling
with a relatively new security problem but huge significant: data leakage. In March 2008, the exhibition inadvertent confidential business information had been cited by analyst IDC as the number one threat above
viruses, trojans and worms1. At the end of the year, 80 percent of respondents in another
survey agreed that data security was one of the greatest challenges, with 50 percent
of respondents admitted to having experienced a data breach incident in 2008.2 IDC survey identified intellectual property as the most common type sharing of information was leaked and 81 percent of respondents saw information protection and control (IPC) – defined as the monitoring, encryption, filtering and blocking of confidential information contained in data at rest, data in motion and data in use – as an important part of its overall strategy to protect data. The IPC solution top priority was the prevention of data leakage (DLP) deployed
the organization's perimeter and endpoint computers.1
Importance of surveillance of employees using a
% The choice of 4 or 5 on a scale of 5 points
corporate e-mail 56%
Lost / stolen laptop 51%
Web e-mail or web, posting a 37%
Instant messaging 33%
Lost / mobile devices 33% stolen
Devices Media 19%
Other 12%
Intentional or accidental exposure of information, ranging from personal information legally protected intellectual property and trade secrets is something that affects the IT environment in its broadest sense, involving lost
or theft of laptops, USB keys and other devices, e mail and Web 2.0 applications such as instant messaging.
Responded to the survey by IDC shows how many exit points that are (see figure 1).
The challenge now is to protect not only the threat of data theft or corruption
malicious software, but to add a security layer seconds to prevent data being accessed if lost.
The increasing importance of DLP
There are several reasons for the movement of data leakage prevention at the forefront of enterprise security.
High profile, which damages the reputation data leaks
The bad publicity of data leaks can lead to damaged reputations, loss of customers, and
sometimes even ruin businesses.
The number of well-publicized examples data security breaches is growing significantly.
Government bodies, financial organizations, educational institutions, the giants industry and even presidential candidates – no one is immune
. Recent high profile incidents have been:
Secret government documents on Al Qaeda and Iraq were left on a commuter train in the
United Kingdom. (June 2008)
Personal information of nearly 1,000 bank customers lost by an employee of Bank of Ireland, after the data is copied to a USB memory device unencrypted was lost then. (November 2008) 4
Stop Data Leakage: Making the most of their security budget
An email containing the names, positions, salaries and social security number of 192 teachers and staff members was accidentally sent to Ohio State University Agricultural Technical Institute students.
The hackers were accused of stealing more than 40 million credit and debit card numbers from nine outlets in the U.S. retail Deals in wireless networks mass distribution.
An investigative reporter for MyFoxDC bought a BlackBerry device for the sale of the McCain-Palin presidential U.S. its inventory of used office, only to find 50 phone numbers of people connected
with the campaign and hundreds of emails.
Regulations
Government legislation
Governments around the world have introduced increasingly strict legislation data protection,
such as the U.S. Sarbanes-Oxley HIPAA and the Gramm-Leach-Bliley, and the UK data
Protection Act, to provide adequate controls over sensitive business information. Organizations found to be in breach of the law may be fined and required to bring solutions to prevent a recurrence. California Senate
Bill 1386, introduced in 2003, was the first to demand that organizations notify all affected people if their confidential or personal data has been lost, stolen or compromised. This public disclosure is now required by 35 states.
Many regulations also require regular audits, that an organization can not happen if the right
the controls are in place.
Today, the protection should focus on controlling access to information, not on the block perimeter.
Cost of a violation data
Up to 11 percent since 2006
Average cost per breach – $ 6,600,000
Average cost per registration – $ 202
for heathcare – $ 282
Retail sales violation – $ 131
Cost of lost business
Up to 40 percent from 2005
69 percent of the total cost (compared to
65 percent in a similar study 2006)
Source: Ponemon Institute 8
PCI DSS
Along with government legislation sits PCI DSS (Payment Card Industry Data Security
Standard). Created by multinational companies, which applies to retailers as part of their terms of being allowed to accept credit card transactions. Organizations can not demonstrate compliance with PCI-to
audit firms are subject to sanctions, even if no actual data breaches occurred. PCI reaching across borders well as its ability to respond quickly to changes – the last time expanded its scope in 2008 – makes it as important
a safety standard that any local or national legislation.
Cost
In addition to legal costs, organizations have to deal with less tangible costs of recovery and
commercial consequences such as loss of business, or revocation of the status of credit card merchant. All the
these costs have been rising steadily.
The perimeter of the dissolution and Web 2.0
As business has gone online and become much more mobile, the security strategy of the twentieth century
Edge protection organization with firewall, intrusion detection intrusion, and similar
tools has become insufficient. There are simply too many points of entry and exit data. While
blocking the perimeter is still important
protection should focus on controlling access to information.
Stop Data Leakage: Making the most of your security budget
This need is growing exponentially with the perspective totally different entered by users of Web 2.0. This new "working 2.0" workforce brings a mentality that is very attuned to the exchange of information social networking
sites, blogging, instant messaging and e-mail and friends, with little or no consideration of whether it is of
appropriate in a business context.
The challenge to the DLP solutions
Several vendors focused business DLP solution, we have developed innovative solutions for preventing the leakage of confidential company information. Many of these products focus on identifying and categorizing all corporate data and implementing corporate policies DLP to track sensitive information across the enterprise, the implementation of controls when necessary.
These solutions make little sense in the concept, but in practice are given various
implementation obstacles.
Too much data, too little time. For many organizations data is so scattered, disorganized and bulkier than the overall rating is too expensive and resource intensive task for most IT
departments to carry out.
IT resistance. Many DLP products are relatively new and still suffer from common problems such as false positives. IT departments may be reluctant to invest their resources increasingly widespread in
the complex enterprise deployment of another level of infrastructure spending to send
strategic value to the organization.
user resistance. There is a mistrust implementation of a new agent in each
desktops and laptops that may interfere with legitimate business for hogging processor cycles, which require frequent updates and stop the performance of user applications.
The complexity of the field. The development and implementation of, viable political global
supported by the DLP solutions can get in the way regular business practices, requiring the participation of not only IT but also human resources, finance and legal teams, and managers business units.
The wrong approach. Many of these solutions focus largely on intentional data leakage, when in fact data leakage is difficult to stop. For example, people can deliberately alter files to avoid detection or not
more mundane problem information that people just share in the conversation unduly.
Organizations real needs
The truth is that, except larger companies with more stringent security requirements, most organizations simply do not have the funds, staff resources and the need DLP efforts to implement a large scale. most of its
immediate needs are divided into three categories.
Stop the stupid
98 percent of data breach incidents are actually due to an accident or stupidity.9 Lost laptops and USB keys, accidental misuse e-mail the irrational distribution of information about instant messaging, email, social networking sites and sites peer-to-peer file sharing are a threat much more significant to organizations that hackers.
Meeting regulatory requirements
The most pressing need for most organizations is to implement an effective solution that satisfies the auditors are providing the necessary protection and control comply with existing regulations without the need for large amounts
of funds, personnel and resources in the implementation and management.
Stop Data Breach: Getting the most out of your security budget
Maximize your IT investment
IT departments want to make sure you have the budget for them – they are asked to do more and more – is spent in the most efficient and profitable. DLP solutions that integrate with other security features are better able to do this (as explained below).
Enabling DLP
The implementation of a policy of acceptable use
Create and enforce an acceptable use policy (AUP) should underpin any attempt to stop the leak of an organization's data. Due to the changing nature of infrastructure organizational and employee expectations that information should be freely available to access and share the success of an acceptable use policy depends heavily on the creation of ongoing employee buy-in to the fact that the threat is internal, accidental overwhelming, and his power to prevent.
In addition to highlighting the importance of common sense, the PUA must establish
exactly how an employee is expected to use an organization's information, which contains advice prescriptive about best practices and clearly define the prohibited conduct.
Will address issues such as:
What information / Files should not be emailed
The company's policy concerning the posting of web forums or downloading from the web
Politics on the use of USB keys and CDs to store sensitive business information
Policy in altering security settings.
The implications of not adhering to the policy must also be specified.
Integrated solutions
The key to successful prevention leakage of data within a limited budget is to see
as part of the overall security picture, not as a separate entity. In fact, you may already
have security tools with features that address their most pressing needs DLP.
As a company grows as DLP concern of these features is likely to be updated in most
in the same way that the prevention of spyware, spam detection, and intrusion prevention It started as separate categories of security and infrastructure, but were quickly subsumed in other categories such as anti-virus protection
and firewalls.
As we move forward, including up to date with DLP is something you need to ensure to maximize your budget. The two basic requirements can be summarized as:
Protect your data against accidental loss or intentional theft
Secure their data so that if lost or stolen, you can not read.
Protect your data
Endpoint Protection
Endpoint Protection goes far beyond the imperative of not leaving laptops on trains:
Use solutions powerful anti-malware to block spyware that can steal confidential financial and other.
Organizations need to implement products DLP features that combine with other security features to provide an integrated solution.
Three steps to success UPA
Create policy
Educate users about the policy
Policy enforcement
Stop Data Leakage: Making the most of your security budget
Block the use of non-essential applications such as P2P file sharing, instant messaging, FTP clients, email clients unauthorized wireless network connections, and smartphone and PDA synchronization tools. All can be subverted by criminals to steal information. Even more easily, employees can – by usually without thinking – send and share business data through these applications.
Managing write access to removable storage devices, as USB memory sticks. Because these are so easy to lose, these devices are high security risks.
Make sure each computer that connects to the network – either the office or remotely, the company owned or belonging to anonymous users – is compatible with the organization security policy.
Gate link protection
Much of the functionality available in the products of e-mail and web, it can prevent sensitive data being sent or inappropriate outside the organization or for unauthorized users within the organization. Features include:
Content analysis of email messages mails and attachments to control and block sensitive information by identifying, for example, social security numbers, or keywords for confidential corporate information.
Content analysis of web traffic to make sure spyware Trojans and other malicious programs are downloaded to user's computer.
Preventing the discharge of particular file types and prevent users to disguise and obfuscate unauthorized file types in email messages.
Controlling access to certain websites and applications and webmail sites as
Googlemail and Mail.
Monitor and block unauthorized IM and FTP traffic.
Protection against "drive-by downloads" spyware that secretly place in the team when you visit a website.
Protect your data
Despite having the best policies and best solutions, you can still find the data have been
lost or stolen. Therefore, it is essential to have a second layer of defense – encryption. In a survey by the Identity Theft Resource Center, 82 percent of respondents who had lost the data, said that if the data was encrypted, the risk to the company would have been much reduced.2 With this being the case, you must: Perform full disk encryption of laptops and notebooks.
Encrypt data on removable storage devices like USB sticks, CDs and DVDs. Encrypt emails addresses to prevent unauthorized users from reading them. Data encryption devices in this way means that your information is secure, even if put in the wrong hands.
Summary
data leakage has become one of the most pressing security issues facing organizations today. The most effective solution to the problem is to see DLP as part of its global security issue, as part of a comprehensive
strategy. It is also necessary to create a policy acceptable use to enforce compliance with technology and ensure that both are monitored for compliance with corporate policies.
About the Author
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
Free Trend Micro Antivirus!?