Tax season is behind us (at least for most of us) and we can all give a sigh of relief… but can we? This year, getting my taxes organized and handing them to my accountant seemed to be more difficult than usual. Fortunately for me, the Federal Government gave certain areas that were dealing with flooding a small extension that allowed me to find the time to pass my taxes into my accountant.

Once that task was completed, I was able to relax except for the fact I now had one day to get back into the accountant’s office and sign the documents for them to send to the IRS.

read more “Do People Realize What They Are Sending and the Risks Associated?”

How does the popular UK tech blogger, Jason Slater, use WS_FTP Professional?

WS_FTP Professional User Interface

In his latest blog post, “Mass Transferring Files with WS_FTP Professional,”  Jason reveals that he’s in the process of migrating his websites to a new dedicated web server.

In order to do this successfully, Jason needs to utilize a tool that transfers his data quickly and securely. That’s where WS_FTP Professional comes into play…

Jason explains that he relies on WS_FTP Professional to get this important job done and that he’s been using “WS_FTP for quite some years and [has] seen the product develop into the essential application it is today.”

To read Jason’s full  post on WS_FTP Professional, please visit his website, Jason Slater Technology Blog.

There was yet another security breach inside the government this week and this one involved an employee sending personal information via the Internet.

What in the world does that mean?

Open letter to the White House CIO: please better define what you mean by Internet. As I said in earlier blog posts, whenever you pull people into the middle of information technology it is unreasonable to expect that they will self-enforce 100% of the policies 100% of the time. We won’t lock our laptops all the time. We won’t choose passwords that are totally random with a combination of numbers and punctuation (my WEP password for my wireless router is based on the key 3210abcdef!) No matter how many encryption products you put on our desktop we will forget to use them and we won’t check for SSL encryption and check the certificate on every website that we go to.

  read more “Homeland alert! Beware of the Internet (but e-mailing, web browsing and file sharing are okay)”

With awareness of data breaches at an all-time high, financial
institutions are working hard to implement policies and solutions
that protect sensitive financial information along with their
reputations and industry competitiveness. In today’s digital
world, critical financial data is being sent back and forth between
businesses and individuals at speeds faster than anyone ever
thought possible. While this information exchange allows financial
institutions to deliver higher levels of service and capitalise on
emerging growth opportunities, it also leaves them vulnerable to
security breaches and data leaks.
Hermes a multi-specialist asset manager, owned by BT Pension
Scheme (BTPS), deals with a huge amount of sensitive data and,
therefore, turned to Ipswitch to provide them with a secure and
reliable solution to help protect the transfer of data and information.
Requiring a fully versatile solution they installed Ipswitch’s MOVEit DMZ Enterprise.
Hermes offers a range of investment solutions ranging from alternative strategies, such as fund of hedge
funds and commodities, to engagement focus funds, real estate, private equity and specialist equity products.
Its pension fund management service, Hermes Pension Fund Management Limited (HPFM), runs alongside
its multi-specialist structure and acts as the executive arm of the BT Pension Scheme (BTPS). Hermes
currently invests assets on behalf of 204 clients across these product areas and has over £20 billion under
management.
“We needed to host an FTP site so that people could post information to us, which, obviously, needed to be
very secure due to the sensitivity of the data,” explained Jamie Dewar, Technical Services Manager, Hermes.
“We didn’t host FTP before as we were a ‘pull only’ organisation and just used the basic Microsoft mainline
tools. However, due to changing business requirements we required an enterprise-class FTP solution that
was highly secure.”
MOVEit DMZ is an enterprise data transfer server that boasts end-to-end encrypted transfer and storage of
data, as well as delivering powerful administration and reporting capabilities. It resides on a secure server in
a ‘de-militarised zone’ (DMZ) attached to a firewall. This enables it to be accessed through the firewall from
both inside and outside of a network for transfers including End-User-to-End-User, End-User-to-Backend-
System and Backend-System-to-Backend-System.

With awareness of data breaches at an all-time high, financial institutions are working hard to implement policies and solutions that protect sensitive financial information along with their reputations and industry competitiveness. In today’s digital world, critical financial data is being sent back and forth between businesses and individuals at speeds faster than anyone ever thought possible. While this information exchange allows financial institutions to deliver higher levels of service and capitalise on emerging growth opportunities, it also leaves them vulnerable to security breaches and data leaks.

Hermes a multi-specialist asset manager, owned by BT Pension Scheme (BTPS), deals with a huge amount of sensitive data and, therefore, turned to Ipswitch to provide them with a secure and reliable solution to help protect the transfer of data and information. Requiring a fully versatile solution they installed Ipswitch’s MOVEit DMZ Enterprise.

“We needed to host an FTP site so that people could post information to us, which, obviously, needed to be very secure due to the sensitivity of the data,” explained Jamie Dewar, Technical Services Manager, Hermes. “We didn’t host FTP before as we were a ‘pull only’ organisation and just used the basic Microsoft mainline tools. However, due to changing business requirements we required an enterprise-class FTP solution that was highly secure.”

Read more about Hermes and how they protect their private data: http://www.ipswitchft.com/resources/case-studies/moveit/enterprise-file-transfer-compliance

A small Wyoming bank made national headlines when it filed a lawsuit against Google after an employee inadvertently sent sensitive customer data to the wrong user’s Gmail account (http://www.informationweek.com/story/showArticle.jhtml?articleID=220100410).  This incident reaffirms that a company doesn’t need to be the target of a massive plot by hackers to suffer a costly and damaging data breach.  In this case, simple user error resulted in the disclosure of sensitive data to unintended parties.

Obviously companies need a mechanism to exchange sensitive data with their partners and customers in order to conduct business.  Ignoring the obvious problem, using email to pass data in plain-text and no authentication to speak of along with the risk of the “Fire and Forget” nature of email is what really struck me about this incident.  Once the email containing sensitive data was sent, the sender had zero control or visibility into what happened afterwards.

Deploying a solution like MOVEit DMZ with Secure Messaging is a reasonable way to reduce the risk posed by sending sensitive data by email.  Using MOVEit DMZ provides for end-to-end encryption of the data, integrity checking, audit logging and non-repudiation, but in this incident, the two-step approach to sending sensitive data really saves the day.

When using MOVEit DMZ and Secure Messaging to send sensitive data to an external partner or customer, rather than pushing the sensitive data all the way to the intended (or unintended) recipient, that data is pushed to the MOVEit DMZ server where it is stored encrypted and available for pickup.  The intended recipient is sent temporary credentials and a link he/she can use to access the sensitive data.  All access is audited, so the sender knows exactly who, if anyone, has accessed the sensitive data.

In this particular incident, had MOVEit DMZ been used to send the sensitive data to the customer, the temporary credentials sent to the unintended recipient’s email account could have been immediately recalled as soon as the mistake was noticed, before any sensitive data was accessed.  Even if the mistake went unnoticed for days, the MOVEit DMZ tamper-evident audit logs would show whether the account had been used to access the sensitive data, or if the account credentials were sitting unread in someone’s inbox.  If the account had been used by the unintended recipient to access the sensitive data, once again the tamper-evident audit logs would provide non-reputable evidence of the unauthorized data access, giving the company stronger means to pursue legal action to recover the data.