​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

Bring Your Own Device and Email Security

by

BorderLAN announces availability of mobile applications and solutions for bring your own device (BYOD) challenged organizations. The announcement focuses primarily on securing email on mobile devices.

logo-300BorderLAN Inc., a provider of network security solutions, announced today the availability of a new mobile app for businesses allowing easy access to secure email. With a simple per user pricing model, a user can now utilize email in a secure manner and reduce the exposure of sending and storing confidential information on a mobile phone. Data such as email residing on a mobile device can be detrimental in the event of a theft, loss or hack. In fact mobile device OS’s are just now getting the full attention of the hacking community as they realize the value of the data on the mobile devices.

“The BorderLAN announcement is to ensure our customers know we are diligently partnering and reviewing solutions to ensure data security and compliant technologies.” said Craig Smith, President of BorderLAN Inc., Smith goes on to explain the importance of BYOD – “Mobile computing is projected to be one of the fastest growing market segments in 2013 – 2016. Our preparation for helping customers focus reducing legal liability to corporations for having data like PHI, HIPAA and more on a mobile device, while simultaneously avoiding the liability that would normally come with corporate monitoring of an end user device.”

The app available for email security shows a user simple pin key entry, followed by access to the secure hosted email. In this way nothing is on the device and sending can be entirely secure delivery with a 3rd party encrypted mail service. Smith Continued “According to what we’ve read from Gartner Research in April 2013, 38% of companies plan to stop providing mobile devices entirely to end users by 2016. The primary reason for this elimination of devices is liability. BYOD often takes the place of corporate phones, but are even less secure as they are not monitored or managed. We at BorderLAN feel we can finally have the convenience of mobility while maintaining security.”

BorderLAN Network Security sees a steady increase of the use of mobile devices, both corporate owned and private over the next three years. The ability to secure these mobile devices will empower companies to finally use the mobile technologies for convenience and customer service in a way never before seen.

For more information on Bring Your Own Device For Secure Email – Click Here.

The National Banks of Central Texas honor their promise

by

A Tradition of Security

For more than a century, The National Banks of Central Texas have been helping customers build their financial security. Now they’re helping protect their sensitive financial and personal data online as well.“We are very aware of our customers’ privacy and were determined it wouldn’t be breached, especially in this day and age of identity theft,” said Barry Birchard, the banks’ Information Security Officer. “That’s why we chose Zix Corporation for our email encryption solution.”

With close to 30,000 customers — a significant number of them overseas on active military duty — The National Banks of Central Texas felt it was imperative they provide a top-notch level of security that would make their customers feel at ease when conducting online transactions from such far-flung postings as Afghanistan and Germany or as close to home as Copperas Cove or Gatesville, Texas.

“Having ZixCorp Email Encryption Services in place was a way we could guarantee our customers’ confidential information was protected,” said Birchard. “Before we implemented this solution, we were getting privacy questions from customers all the time. Now they can see right away that our email is encrypted and that makes them feel safer. They also like that they can ask us questions about their accounts by sending us a secure email themselves.”Birchard set up specific criteria that encrypt such personal data as account information, loan and mortgage applications, and Social Security numbers. “Anything of a sensitive nature is automatically encrypted,” he said.

Birchard says the ZixCorp® solution is easy to use and requires minimal maintenance. “The ZixCorp solution is a workhorse that keeps plugging away. I don’t have to do anything with it. I can set it and forget it, because it’s so reliable,” he said. “And when you’re a network administrator, you’re very grateful for that.”

Our quest for convenience may actually kill our security defenses.

by

Risk Level: HIGH

Offsite and web enabled access from anywhere is creating significant security holes.

Type of Threat:

We are giving Authorized user access to almost everyone we work with, supplying corporate information or valuable data from anywhere on mobile devices, apps, or through public WIFI. The opportunity exists for countless bugs and virus to gain access, not to mention the risk of a loss of a mobile device with connectivity settings intact. It’s more common than you think!

Why this is so important:

Personal devices are not usually monitored, whether personal or company owned. This opens up huge risks to your secure data just from typical user behavior, which includes personal web surfing, pornography (viruses), torrents, movies, personal email, apps, software / malware and more. End users believe connections to the corporate are protected, but what is not clear is what else is watching and logging that activity. With no protection on the end-point it’s impossible to know how extensive the threat.

At risk employees:

Desktops and Laptops contain user logon information to what matters; Data, company drives, bank information, credit information, identity. It’s a risk just to have Authorized users accessing this info, but potentially ten-fold risk if they do it from home on their own PC’s or Laptops. Quite simply a simple USB insert of a kids homework paper can introduce all sorts of stuff on the PC.

How to mitigate:

Simple as it sounds, you need a usage policy that requires any device accessing the network to have on it policy enforcement both on the network and off, period. We can debate legal infringement all day, but it boils down to having the privilege to access company information remotely requires a security cost. DLP end points that enforce last known policy regardless of connection to the Internet is a must. Technical Recommendations – We recommend software that loads on each workstation and enforces policies of data-loss, internet access, usb usage, attachment scanning and more to be in effect at all times both on the corporate network and off. This becomes even more important for work remote employees and contractors. DLP end point is a simple and easy managed software that we recommend.

The case for web filtering and web application firewalls: security | productivity | liability.

by

Risk Level: MODERATE

Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers.

Type of Threat:

Web applications and web-enabled mobile devices for convenience is a green-field frontier for hackers. Corporate defenses were never designed to block web – they just allow port 80 and block playboy.com. Ok we’re way beyond security of 1998, so now we must re-look at our gateway devices and require them to control the most important aspects of our company, including web application access, usage, monitoring, website visits, reporting and more. We can no longer standby and hope our CRM access, our database, email and more is secure.

Why this is so important:

Convenience has driven faster than our security policies. Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers. We must remember internal threats are dangerous for three main reasons;

  1. We trust them (authorized users)
  2. We don’t typically monitor them
  3. We give them access to everything.

End users and executives alike have a limited time with an organization. The best practice is to realize that loyalty is not what it used to be, and to get serious about a policy, then employ technology to ensure the data and assetts are protected. When people are conntected to the web or even their web mail, the natural belief is they can “send” important documents to their home email, from their home email, to “work” on it remote. That activity just lost your entire database of customers. Hopefully they dont work for a competitor in the future….

Liability has gone up? You bet!

Giving someone an ipad is enough to cause liability. Imagine them at home accessing things they should not with a copmany resources. Guess who’s fault it is? Yup – it’s the companies. Now imagine an employee downloading music and movies on a corporate owned system through open ports the traditional firewall/filter combos cant block. Again it’s the fault of the company. The third point brings up someone losing their laptop, which happens to have customer information. This happens all the time and brings hundreds of thousands of liability dollars, apologies, letters of shame, identity theft issues and more. Again, the companies responsibility and liability.

How to mitigate:

A couple easy ways; First you need a usage policy defining what can be accessed and what is inappropriate (BorderLAN can help with this template), Second a smart filter that monitors, reports and blocks inappropriate access both ON network AND OFF network on company devices or even personal devices. Third is to outline a web -app policy and procure a device to manage those apps. Think of it as a interal facing web-app firewall.

Technical Recommendations:

We recommend Appliance based Web Filtering with capabilities of controlling IPAD’s and mobile iDevices. We recommend Web Application Firewall appliances to mitigate and enforce usage policies on apps that are accessing critical and confidential data. BorderLAN can help consult with and size these appliances for your organization.

Desktops targeted for complex slow targeted attacks.

by

Risk Level: MODERATE

Method of entry:

Small Application / script payload / website link / email or spam

How it works:

Small every changing random payload scripts are carried in and quietly usually on the back of an email, usb file, freeware program, facebook looking invites, shared movie files, shared audio torrents etc.

Method of deployment:

Slow deployment will not replicate itself and send off warning signals. Instead it sits quietly in its random form listing, learning, keying every website and keystroke. Eventually the most complex can initiate simple web sessions and “post” the data in the background using open web ports to the hackers servers. From there data is sourced and filtered, used and sold depending on the quality.

Target:

Desktops and Laptops contain user logon information to what matters; Data, bank information, credit information, identity. Hackers know this and realize the complexity of network hacks becomes difficult. Hackers are like electricity….they date the path of least resistance, and right now it seems the end-point is the place. Why try to hack through huge defenses, when you can ride in and learn all the passwords through an unprotected trusted employee?

Who is doing it:

Out of country hackers primarily, open source software. Thousands of faceless hackers work to develop and implement cross border attacks as enforceability is non-existent.

Why it can be a substantial threat:

It’s not defended using traditional methods of black list AV and malware. Anti technologies must first identify a “match” before it can block a threat. What if the threat keeps changing, keeps morphing, and randomizes?

How to mitigate:

The trillion dollar question is how to mitigate. Ironic that’s the kind of numbers in loss we are talking about if not handled. Impact on every organization is significant and should be top of mind. Technical Recommendations – We recommend software that limits payload deployment. Identifying what payloads or applications can run via a whitelist is a safe layer of defense as most other randomly created threats and applications fly right through AV. Executable white listing is simple and easy managed from a simple server software.

Power Save and Redlands Unified School District

by

Redlands Unified School District (RUSD) is a California-based school district, serving over 21,000 students. There are 23 schools in the district, ranging from elementary to high schools, and over 1,800 employees. RUSD currently has over 7,000 Windows computers across the district, supported by 75 servers. The main district office connects to all of its schools via fiber point-to-point optic connection.

Problem
Like many school districts, RUSD was mandated to cut costs and realize savings wherever possible. The district did not have an existing power management strategy in place, and therefore manually shutdown their computers every night. Not only was this difficult to control, but because there were no specific reporting features, it was impossible to determine how much unnecessary energy was
being consumed or saved.The Technology Services Coordinator, David Massaro, and the Facilities team attended a Southern California Edison presentation on power management. For schools and other organizations facing shrinking budgets, they learned that a dedicated PC power management solution is an immediate and cost effective way to reduce computer energy consumption and greenhouse gas emissions. Southern California Edison is one of the largest power providers in California and provides rebates to school districts and companies who purchase PC power saving software.

Solution
Recognizing the opportunity to save money with a dedicated PC power management solution, Massaro began researching various solutions. Out of the numerous vendors Massaro examined, Faronics caught his attention. As an already satisfied customer of Faronics Deep Freeze (an instant system restore solution) and Faronics Insight (a classroom management solution), David didn’t hesitate to choose Faronics Power Save as their power management solution of choice.

The PC energy reducing software is now deployed on over 5,500 computers at RUSD. There are two dedicated servers that manage all Power Save PCs in the district’s office, and the software has been configured to ensure the most efficient savings without any end-user disruption.

HIPAA RULES ARE STRENGTHENED.

by

hipaaThe Department of Health and Human Services known as HHS released even more safeguards for patients health information. The primary change is the Omnibus rule, which says any improper use will be considered a breach and would result in mandatory notification requirements. The omnibus rule also extends the requirements of HIPAA privacy to all business associates of physicians and all subcontractors doing business with physicians. The official deadline for the omnibus rule is March 26, 2013. Proper policies and technologies should be implemented immediately to ensure compliance. Some helpful technologies for HIPAA that BorderLAN Network Security supplies are:

  • Email Encryption – Helps physicians communicate with contractors third-party medical facilities, hospitals, and even home healthcare practitioners about patients securely.
  • Intelligent antivirus – enterprise level AV software to watch not only known threats but help prevent emerging threats and zero day attacks.
  • Desktop security software – helps prevent leaks occurring from end-users loading of programs, malware knowingly or unknowingly.
  • Bring your own device – enterprise server that can accept and remember guest connections to Wi-Fi, and ensure those devices are scanned according to policy before being allowed on the network.
  • Proper web filtering – high-capacity servers that mitigate users web activity and help prevent web-based threats, downloads, Hotmail and other potential holes and breaches for HIPAA.
  • USB prevention and data loss prevention – software that enforces security policies to end points both on networking off network.

 

See Products from BorderLAN http://borderlan.com/products/ for more information or Contact us

Justice FCU relies on Zix Corporation

by

Email Security for America’s Protectors

When you’re in the business of guarding the financial concerns of the people responsible for protecting America, you want to make sure their personal data is safe.

That’s why Justice Federal Credit Union chose Zix Corporation (ZixCorp) for their email encryption solution.

Justice FCU is the premier provider of financial services to employees of the Department of Justice and the Department of Homeland Security. It also offers membership to those working for state and local law enforcement organizations. With assets of approximately $438 million, it pledges to maintain the highest standards of confidentiality to protect their members’ personal privacy. Every single employee, from mortgage specialists to marketing staff, uses ZixCorp® Email Encryption Services to send secure messages to members and business partners.

“With the alarming rate of identity theft in the United States, email encryption is crucial for the protection of our members’ personal information,” said Rifat Ikram, Justice FCU’s Vice President, Electronic Delivery and Support Services. ”We chose ZixCorp Email Encryption Services because of its superior reputation.”

Another key factor in selecting ZixCorp Email Encryption Services was that the Federal Financial Institutions Examination Council (FFIEC) agencies have implemented it, says Ikram. “If they’ve done their homework and have chosen ZixCorp, it makes it easier for credit unions encryption solution. If the ZixCorp solution is good enough for the FFIEC, it’s a no-brainer that it would be the right choice for us.”

Deep Freeze Mac and La Mesa-Spring Valley School District

by

La Mesa-Spring Valley School District is a K-8 district located in the East County of San Diego. The District serves 14,310 students housed in 18 elementary (K-5) and four middle schools (6-8). Certificated and classified employees number 1,550.

District-wide there are approximately 1,600 workstations running on a Novell core network. Though Windows workstations are used by administrative staff, Macs are used for educational purposes – students and teachers. The Macs mainly run OS 10.2.8 to 10.3.9 with any new hardware purchases having OS 10.4 (there are also some older machines still running OS 8 & 9, but these are slowly being phased out.)La Mesa-Spring Valley School District has an annual budget of $100,000,000 and an approximate student-to-computer ratio of 10:1 (on computers less than three years old.)

At the time that La Mesa-Spring Valley was transitioning to Mac OS X, the Information Systems (IS) staff realized that, though the operating system offered an environment that was more “kid-proof ”, there were still general worries with regard students “explorations” and general OS integrity.“Middle-schoolers are notoriously mischievous when it comes to computers,” said Richard Ribley, a Support Technician at La Mesa-Spring Valley. “They like to change things just because they can, whether that means taking items off the Dock, moving files to different locations or changing the toolbar in an application like Word. This would, of course, screw up the machine for the next person or even for the same person coming back to that machine later.”

Mr. Ribley and the La Mesa-Spring Valley IS staff found that the teachers often wouldn’t know how to rectify user-created difficulties or, if they did, would spend more time fixing the problems than teaching – a situation that didn’t work for either teacher or students. Generally, the teacher would end up calling the IS staff. With a staff of six and a schedule that meant that a staff member could only visit a school once every five days, a computer could easily be out of commission for a week.

In their preventative efforts, the IT staff implemented pop-up blocker software for Windows Explorer When OS 8 and 9 were being utilized, La Mesa-Spring Valley utilized programs like On Guard (which they still use on their older systems) and Foolproof Security. With their transition to OS X, a security solution that worked with OS 10.2 (Jaguar) had to be implemented quickly or computer downtime and over-stretched staff would become an ongoing problem. Attempting to use Jaguar’s Simple Finder to curtail precocious users proved unworkable because this solution did not allow for a shortcut to the District’s Novell server and, therefore, students could not log in to their network accounts. There were no known OS X alternatives out there.

“The difference that using Deep Freeze Mac made was huge,” said Mr. Ribley. “Immediately, we saw the amount of support time devoted to our Macs easily cut to 5% of what we had been spending prior to installing Deep Freeze. Deep Freeze eliminated 95% of all the software issues we were encountering so that almost the only difficulties we had were hardware-related.”

A switch from SonicWall – gateProtect

by

Security on an international level: Ameropa protects its global business with gateProtect

The Swiss company Ameropa AG was founded in 1948 and trades on an international basis. It currently manages the business of 22 Sectors located throughout the world from its headquarters in Binningen near Basel and is steadily expanding on all continents. Ameropa AG, which is not stockmarket listed, sees organic growth as instrumental in achieving this. Its core business is global trade in cereals and artificial fertilisers and also in petrochemicals and metals. Around 2,300 people work for the company, many of them in the field.

At the Ameropa headquarters in Binningen in Switzerland, administration of IT security is outsourced to the German service provider Computer Löwe. „In 2003, we put out 2 calls for tenders: for the replacement of the SonicWALL solution and an upgrade of the security infrastructure at Ameropa‘s international locations. In a direct comparison between SonicWALL and gateProtect, the Hamburg supplier clearly came out on top,“ says Markus Keller, Managing Director of Computer Löwe„This was mainly because the gateProtect firewall is so easy to operate, but also because SonicWALL were unable to offer German-speaking support.“ The intuitive and process-oriented front-end to the gateProtect administration client, the ergonomic Graphic User Interface (eGUI®), is the reason why it is so easy to operate.

The project has grown steadily over the last five years. Two gateProtect GPA 400 solutions have been implemented at Ameropa headquarters and guarantee high availability and failure safety. The foreign branches have acquired four GPA 250 and four GPO 125 solutions, which can be maintained remotely; however, the administrator can also make changes to the configuration locally, as required.

Conclusion

As operation has been trouble-free, the gateProtect implementation is being steadily extended. For example, there are plans to deploy more gateProtect solutions at the locations in the UK, Brazil and the Czech Republic. The existing Cisco VPN solution is also set to be replaced by the equivalent gateProtect product.

Copyright © 2012 BorderLAN. All rights reserved.
Privacy policy | Terms of service
Find us on Google+