A Tradition of Security
For more than a century, The National Banks of Central Texas have been helping customers build their financial security. Now they’re helping protect their sensitive financial and personal data online as well.“We are very aware of our customers’ privacy and were determined it wouldn’t be breached, especially in this day and age of identity theft,” said Barry Birchard, the banks’ Information Security Officer. “That’s why we chose Zix Corporation for our email encryption solution.”
With close to 30,000 customers — a significant number of them overseas on active military duty — The National Banks of Central Texas felt it was imperative they provide a top-notch level of security that would make their customers feel at ease when conducting online transactions from such far-flung postings as Afghanistan and Germany or as close to home as Copperas Cove or Gatesville, Texas.
“Having ZixCorp Email Encryption Services in place was a way we could guarantee our customers’ confidential information was protected,” said Birchard. “Before we implemented this solution, we were getting privacy questions from customers all the time. Now they can see right away that our email is encrypted and that makes them feel safer. They also like that they can ask us questions about their accounts by sending us a secure email themselves.”Birchard set up specific criteria that encrypt such personal data as account information, loan and mortgage applications, and Social Security numbers. “Anything of a sensitive nature is automatically encrypted,” he said.
Birchard says the ZixCorp® solution is easy to use and requires minimal maintenance. “The ZixCorp solution is a workhorse that keeps plugging away. I don’t have to do anything with it. I can set it and forget it, because it’s so reliable,” he said. “And when you’re a network administrator, you’re very grateful for that.”
Risk Level: HIGH
Offsite and web enabled access from anywhere is creating significant security holes.
Type of Threat:
We are giving Authorized user access to almost everyone we work with, supplying corporate information or valuable data from anywhere on mobile devices, apps, or through public WIFI. The opportunity exists for countless bugs and virus to gain access, not to mention the risk of a loss of a mobile device with connectivity settings intact. It’s more common than you think!
Why this is so important:
Personal devices are not usually monitored, whether personal or company owned. This opens up huge risks to your secure data just from typical user behavior, which includes personal web surfing, pornography (viruses), torrents, movies, personal email, apps, software / malware and more. End users believe connections to the corporate are protected, but what is not clear is what else is watching and logging that activity. With no protection on the end-point it’s impossible to know how extensive the threat.
At risk employees:
Desktops and Laptops contain user logon information to what matters; Data, company drives, bank information, credit information, identity. It’s a risk just to have Authorized users accessing this info, but potentially ten-fold risk if they do it from home on their own PC’s or Laptops. Quite simply a simple USB insert of a kids homework paper can introduce all sorts of stuff on the PC.
How to mitigate:
Simple as it sounds, you need a usage policy that requires any device accessing the network to have on it policy enforcement both on the network and off, period. We can debate legal infringement all day, but it boils down to having the privilege to access company information remotely requires a security cost. DLP end points that enforce last known policy regardless of connection to the Internet is a must. Technical Recommendations – We recommend software that loads on each workstation and enforces policies of data-loss, internet access, usb usage, attachment scanning and more to be in effect at all times both on the corporate network and off. This becomes even more important for work remote employees and contractors. DLP end point is a simple and easy managed software that we recommend.
Risk Level: MODERATE
Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers.
Type of Threat:
Web applications and web-enabled mobile devices for convenience is a green-field frontier for hackers. Corporate defenses were never designed to block web – they just allow port 80 and block playboy.com. Ok we’re way beyond security of 1998, so now we must re-look at our gateway devices and require them to control the most important aspects of our company, including web application access, usage, monitoring, website visits, reporting and more. We can no longer standby and hope our CRM access, our database, email and more is secure.
Why this is so important:
Convenience has driven faster than our security policies. Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers. We must remember internal threats are dangerous for three main reasons;
- We trust them (authorized users)
- We don’t typically monitor them
- We give them access to everything.
End users and executives alike have a limited time with an organization. The best practice is to realize that loyalty is not what it used to be, and to get serious about a policy, then employ technology to ensure the data and assetts are protected. When people are conntected to the web or even their web mail, the natural belief is they can “send” important documents to their home email, from their home email, to “work” on it remote. That activity just lost your entire database of customers. Hopefully they dont work for a competitor in the future….
Liability has gone up? You bet!
Giving someone an ipad is enough to cause liability. Imagine them at home accessing things they should not with a copmany resources. Guess who’s fault it is? Yup – it’s the companies. Now imagine an employee downloading music and movies on a corporate owned system through open ports the traditional firewall/filter combos cant block. Again it’s the fault of the company. The third point brings up someone losing their laptop, which happens to have customer information. This happens all the time and brings hundreds of thousands of liability dollars, apologies, letters of shame, identity theft issues and more. Again, the companies responsibility and liability.
How to mitigate:
A couple easy ways; First you need a usage policy defining what can be accessed and what is inappropriate (BorderLAN can help with this template), Second a smart filter that monitors, reports and blocks inappropriate access both ON network AND OFF network on company devices or even personal devices. Third is to outline a web -app policy and procure a device to manage those apps. Think of it as a interal facing web-app firewall.
We recommend Appliance based Web Filtering with capabilities of controlling IPAD’s and mobile iDevices. We recommend Web Application Firewall appliances to mitigate and enforce usage policies on apps that are accessing critical and confidential data. BorderLAN can help consult with and size these appliances for your organization.
Risk Level: MODERATE
Method of entry:
Small Application / script payload / website link / email or spam
How it works:
Small every changing random payload scripts are carried in and quietly usually on the back of an email, usb file, freeware program, facebook looking invites, shared movie files, shared audio torrents etc.
Method of deployment:
Slow deployment will not replicate itself and send off warning signals. Instead it sits quietly in its random form listing, learning, keying every website and keystroke. Eventually the most complex can initiate simple web sessions and “post” the data in the background using open web ports to the hackers servers. From there data is sourced and filtered, used and sold depending on the quality.
Desktops and Laptops contain user logon information to what matters; Data, bank information, credit information, identity. Hackers know this and realize the complexity of network hacks becomes difficult. Hackers are like electricity….they date the path of least resistance, and right now it seems the end-point is the place. Why try to hack through huge defenses, when you can ride in and learn all the passwords through an unprotected trusted employee?
Who is doing it:
Out of country hackers primarily, open source software. Thousands of faceless hackers work to develop and implement cross border attacks as enforceability is non-existent.
Why it can be a substantial threat:
It’s not defended using traditional methods of black list AV and malware. Anti technologies must first identify a “match” before it can block a threat. What if the threat keeps changing, keeps morphing, and randomizes?
How to mitigate:
The trillion dollar question is how to mitigate. Ironic that’s the kind of numbers in loss we are talking about if not handled. Impact on every organization is significant and should be top of mind. Technical Recommendations – We recommend software that limits payload deployment. Identifying what payloads or applications can run via a whitelist is a safe layer of defense as most other randomly created threats and applications fly right through AV. Executable white listing is simple and easy managed from a simple server software.
Lowering IT costs and providing a solid ROI for IT projects are among the top challenges for IT executives. Gartner reports that a locked-down and well-managed desktop PC can be 42% less expensive to keep than an unmanaged one, and that the salary cost of a help desk employee can be estimated to be between $21.63 and $40.86 per hour.
The average help desk cost per contact is estimated to be $23.09. Faronics lowers these costs. Faronics Deep Freeze reduces IT support costs and help desk requests while increasing computer availability. The hundreds of unsolicited testimonials that Faronics has received over the last 10 years provide a wealth of anecdotal evidence. This survey presents quantifiable proof of the effectiveness of Deep Freeze.
The findings of the survey are clear. Organizations using Deep Freeze experience up to a 63% reduction in the number of support tickets per desktop and support 12% more computers with the same staff compared to organizations not using Deep Freeze.
Organizations must always be conscious of the bottom line, but they must also balance restrictions with productivity. Excessive restrictions reduce personnel efficiency, relaxed policies result in additional costs associated with support. Deep Freeze helps here as well.
Deep Freeze’s patented technology makes computers immune to any software related issues, and assures IT that any changes are only temporary and will have no lasting effects on the protected computers. Users, on the other side, can enjoy a fully functional and unrestricted computing experience for
These facts point to the conclusion that Deep Freeze provides organizations with a significant and tangible savings value. Organizations are able to lower their IT support costs while concurrently
gaining efficiency for allocating their IT resources to other priorities.
Founded in 1995, City Inn is a hotel chain focused on conceiving, designing, building and operating contemporary hotels to the highest engineering standards in prime city center locations through the United Kingdom. At the heart of the City Inn brand are the principles of an uncompromising approach to quality, a commitment to innovation, and a customer first mentality.
The hotel chain believes in providing guests with a contemporary environment to relax, work, or entertain, and continually strives for the latest in IT innovations. They recently set a new industry benchmark with the introduction of iMacs in every room across their six locations in the UK. The iMac is a range of all-in-one Macintosh desktop computers designed and built by Apple. Each iMac provides guests with the choice to watch 38 streamed TV channels plus radio stations, DVD and CDs. It also allows hotel guests to play music via iPod (or MP3 player) and provides free access to the High-Speed internet connection, iTunes, iChat, iPhoto, iMovie , Skype, Neo Office (compatible with MS Office) and iSight, providing one of the most comprehensive in-room entertainment systems currently existing in the market place. Having iMacs in each room eliminates the need for customer laptops since it acts as a standalone computer.
Problem facing City Inn
Hospitality providers like City Inn know their ability to deliver elite service is heavily dependent on the integrity and reliability of their computing technology. Whether it’s deployed in customerfacing, administrative, in-room, or business center environments, guests expect hospitality providers to deliver a stress-free experience from start to finish.
Protecting guest confidentiality is a chief concern for City Inn. Often their clientele includes highprofile guests such as politicians, so security and confidentiality is a necessity. For these guests, the assurance of having a solution that removes any trace of work or files they’ve used is very important.
The Faronics Solution
After researching possible options, Richard Pemberton, Head of Information Technology for City Inn turned to the bulletproof protection of Faronics Deep Freeze, a reboot-to-restore solution that ensures any changes made during a user session—regardless of whether they are accidental or malicious—are erased with each restart.
“Faronics Deep Freeze was recommended strongly by Apple, and since it is hard to find a solution like this for a Mac, we quickly jumped on the opportunity to purchase it,” said Pemberton.
Deep Freeze is now deployed on over 1700 iMacs within the UK hotel chain, with more scheduled in the future. With the imminent openings of the City Inn London and Amsterdam locations, over 3000 City Inn iMacs will soon be protected by Deep Freeze. Read more on Deep Freeze For Macs.
City Inn is just one of over 1,000 hotels benefitting from Faronics Deep Freeze. Deep Freeze helps hospitality providers meet and exceed guest expectations by ensuring a secure and trouble-free computing experience. Guests can count on total system integrity, staff can rely on professional computing availability, and IT personnel are freed from tedious maintenance issues. Deep Freeze is also cross platform and supports most operating systems, including Windows 7 and Snow Leopard.
When Bank Rhode Island was looking for an email encryption service for communicating with customers and business partners, it turned to Zix Corporation (ZixCorp) for the answer.
“I wanted an encryption solution targeted to the financial services market that needed very little investment in human capital and resources to set it up and minimal maintenance after that. Ease of use and ease of installation were key,” said Don Morash, Vice President and Information Security Officer for Bank Rhode Island. “That’s what ZixCorp delivered.”The fact that the Federal Financial Institutions Examination Council (FFIEC) agencies rely on ZixCorp for their email encryption was icing on the cake.
“What sold me was that ZixCorp has the federal regulators as customers,” said Morash. “If they’ve chosen ZixCorp, then obviously their email encryption service really works.”
Bank Rhode Island, founded in 1996, is a full-service financial institution with 16 branches across the state. With $1.5 billion in assets and 270 employees, it’s a mid-sized bank with a business focus priding itself on meticulous customer service. “We’re a community bank that really understands our clientele,” said Morash. “And in terms of protecting their information, we err on the side of caution.”ZixCorp®
Email Encryption Services allow the bank to leverage the efficiency of email communication while ensuring the appropriate controls to protect sensitive information as it’s in transit. “With this solution, we can permit electronic exchange of data, because we know it’s secure,” said Morash.
“If everybody were using the ZixCorp solution – if it became the world standard for email encryption – that would be great,” said Morash. “Then nobody would have to worry about whether their email is secure.”