The SC Magazine review reports that “Websense Express shows that small businesses on a tight budget no longer have to rely on scaled-down Web-content filtering solutions… [and] Websense delivers an industrial-strength Web content and protocol filtering solution that’s a cinch to deploy and priced just right for SMEs.”

WebSense has a great lineup of web filtering products that do a lot.

WebSense Express

Industry Leading Web Filtering

Bandwidth Optimization (at network level)

Reporting Tools (web based)

Security Filtering – Phishing protection, spyware, malicious mobile code

30 Day limit on data

Single location, Single Server

WebSense Enterprise

Industry Leading Web Filtering

Bandwidth Optimization (at user level)

Websense Reporting Tools

Sophisticated and Flexible Admin Tools

WebSense Web Security Suite

Industry Leading Web Filtering

Bandwidth Optimization (at user level)

Websense Reporting Tools

Sophisticated and Flexible Admin Tools

Security Filtering – Phishing protection, spyware, malicious mobile code

Security Protocol Categories – bot traffic, email born worms, key loggers

IM attachment manager

Real Time Security Updates

SiteWatcher

BrandWatcher

ThreatWatcher

read more | digg story

Sell Spam and not Drugs?

That is one of my favorite quotes, “Lies, Damn Lies and Statistics” and is attributed to many authors. I wish to site Mark Twain, because he has some many funny yet poignant quotes it has to be his quote. “They” say that you can make statistics say anything you want and if these stats, reported on CNN and Reuters, but if these numbers are anywhere NEAR close then every drug kingpin should invest some of that extra money they have laying around in Swiss accounts and Folgers cans and get into a business a little less risky. Let’s face it, when was the last time entire governments worked together and brought military might against a cyber criminal. How many are really in jail? And, there is certainly no death penalty for cyber crimes.

So maybe the Cyber Crime Stats are just close

If the stats, which we can all agree are hard to track, are not exactly spot on are even close who would have imagined the revenues could be so high. It goes to show that for individuals and businesses the War on Cyber Crime, if there is one, is not going well. I blogged before that I think it will take a large class-action lawsuit and a big settlement to consumers for loss of their critical personal data to open everyone’s eyes and I believe that even further with this data.

Can we wait for someone else to protect us from Cyber Crime?

I think not. Individuals as well as business need to take a tough stance on data protection and IT Security. We have the tools available to stomp out cyber crime, but it will take the proper use and education to make it work. I think it has to start with business. If business, small and big, were to take the threat even more seriously than they do and educate their employees on how they can protect data for the business as well as themselves personally, then we have a fighting chance. We cannot wait for The Government to do it for us! I think it starts with strong Corporate Security Policy and then education on the policy.

Michael Rowles

Sargent in The War on Cyber Crime

read more | digg story

Do not fall for Phishing Spam Scams

This is a great article written by Chris Barton of McAfee about a current phishing scam going on. He even lists out the url’s they have captured thus far. This list can easily be added into a content filtering block list to keep users who do not know better, from falling for this.

Why do they do this

Many people ask why they do this and the only answer is that it is profitable for them. As we educate users and create strong Corporate Security Policies that educate and rely on strong security products they will become less and less profitable and maybe go away some day…maybe.

Michael Rowles
Gawn Phish’n for Phishers

read more | digg story

Small Phisher is fried

Zulfikar Ramzan of Symantec writes that when Dolan was found he had private identification and credit information on 96 people. Dolan is characterized as a “small fry” in the phisher world, but a win nonetheless! Most large scale organizations have responsibility layers where different aspects fo the phishing scam from the acquisition of people’s information to the laundering of money are “outsourced” to different people. Dolan did it all himself, and that probably helped lead to his capture.

What is Phishing?

Phishing is when someone tries to trick you into giving them your highly sensitive personal financial information and then they rip you off. It is a form of identity theft.

What can we do?

Well, the best thing to do is stay ever vigilant. Always be suspicious of anything you do online. Always keep your anti virus and anti spyware and anti spam current with updates and on. In Dolan’s case he had a trojan, which is a hackers software program, which helped steal this information. Users thought they were giving their info to their institutions, when in fact they were giving the info to Dolan’s Trojan program that in turn sent the info to him.

It all sounds very spooky and you should not be frightened to death about this, but a healthy fear is good. You have 2 major defenses:

1. Technology like anti virus, anti spyware, anti spam and encryption.

2. Common sense: the key to almost all identity theft hacks is the use of social engineering or tricking people. Be smart. Be skeptical. And Be Safe.

Michael Rowles

Internet Hall Monitor

Why do businesses not have an encryption plan?

We all know that when you fail to plan, you plan to fail. This is the case for the overwhelming majority of businesses. Encryption is treated as this great mystery and either not approached at all or bought and added to the ’shelfware’ all IT Folks have in their office. A box is checked that software is purchased, but many do not incorporate into their Corporate Security Policy. Mike Fratto of Network Computing writes that there is a ‘lack of compelling business driver’.

Encrypt what data?

Forrester Consulting says that one of the most important initial steps is to put together a Data Governance Plan which includes the classification of your data. You surely do not want to encrypt every scrap of data a business has, this is where security becomes an annoyance. Knowing your risk by taking the time to own what is classified and own what you decide to encrypt makes the future more clear. You can know that if all procedures are followed, what is at risk and what is not. You then take your Risk Management into your own hands, instead of the hands of the fates as to what you lose.

Now you can sleep at night

Taking action instead of reacting to disaster will give IT, Executives and Ownership a lot more REM sleep than the alternative. The alternative is head in the sand like an ostrich or moving to N Africa and living in Denial!

Michael Rowles

Denial Travel Agent

No Problem Justifying Return on Investment

The potential liability exposure resulting from a breach in data security, such as what happened with the data security breaches at TJX that involved the undetected theft of sensitive customer information over an 18-month period is mind-boggling. Although TXJ estimates liability payouts to reach “only” $107 million – which analysts say is highly optimistic since the potential exposure is more likely over $1 billion – such risks clearly justify planning and expenditures to beef up the security of sensitive information. The company also estimates it will spend about $11 million in security consulting fees necessitated to study the causes for the breach and prevent their reoccurence. It doesn’t take a rocket scientist to quickly calculate that had the $11 million been spent up front to avoid even the overly optimistic figure of $107 million in payouts, that the return on investment would have been more than $9 for every dollar spent.

Added to the financial risks are the potential risks of embarrassment. Take, for example, the recent news story that candidate information stored on Monster.com was infiltrated successfully by a Trojan and it’s easy to understand the potential for public fallout that can arise from inadequately protected data. How this will impact the number of candidates who are willing to share their personal contact data with online job sites – critical to the success of any job site – remains to be scene. To date, Monster seems to be quiet on the issue and to be taking the stance that “it was no big deal”.

The potential for financial loss and public embarrassment is also a concern for small and medium sized businesses, perhaps to an even greater degree, since similar events could result in the complete bankruptcy and discontinuation of the business.

An Increasingly Mobile Workforce Adds Fuel to the Fire

As the work force becomes increasingly mobile and road warriors abound, the number of data devices that support mobile workers is also increasing and those devices are becoming more and more affordable, putting them into reach for deployment by an increasing number of small and medium sized businesses as well as large enterprises. Unfortunately, in spite of the great conveniences these mobile devices offer, they can also create a security nightmare for the small and medium sized businesses that mistakenly believe the devices are inherently secure enough without any increased cause for concern.

The main problem with data stored on devices that are getting smaller and smaller is that the devices themselves get easier and easier to lose, especially on the road and they are also getting easier to steal because they conceal easily. When properly put in place, encryption, especially when combined with access control and port management, is an effective means of protecting the important enterprise data contained on such devices.

A survey of attendees at the 2007 InfoSec security conference in London indicated that almost 40 percent of middle and senior-level IT managers felt these portable tools for the road warrior represented their top security concern, 80 percent of those surveyed indicated they have not yet implemented effective security policies for them. And, 76 percent of IT professionals surveyed in a 2006 study by Check Point Software in Belgium, Luxembourg, and the Netherlands, said that they never use any data security to protect information stored on USB devices.

Traditional Network Security is Insufficient

Obviously, network security measures were insufficient to protect the data of TJX customers and Monster candidates. This is obvious in both cases, especially since the Monster Trojan was released through a legitimate employer account log in to access candidate information.

In the case of mobile devices, because users may roam between multiple networks and because users may also take advantage of non-network communications, such as Blue Tooth, network security alone is not sufficient protection for mobile devices either. While networks can provide some degree of protection, such as anti-virus, or anti-spam protection, even to mobile devices, there is still an important need for the device-level “data-at-rest” protection that encryption can provide. All the network security in the world won’t protect sensitive data if the mobile device is stolen or lost.

Why Encryption Makes Sense

Encrypting data makes sense on both mobile devices and for “data-at-rest” on larger storage systems because it makes the data worthless to unauthorized users. Encryption software converts data into “ciphertext”, which must then be decrypted or “un-encrypted” in order for it to be usable. Only users with the proper credentials are able to access the stored data and read it. While the initial indication is that a valid log-on account was used to steal the information stored on Monster, it may be possible that additional encryption measures would have prevented the use of any of the stolen data.

Finding the Perfect Encryption Solution

Whether you’ve been thinking about putting encryption in place to enhance your IT security measures or you’re thinking about replacing an existing solution that’s not meeting your needs, every product is unique. It’s important to understand your specific needs and potential vulnerabilities before you commit to any encryption solution. For example, Pointsec Mobile from Check Point provides one encryption solution for mobile devices running Symbian, Pocket PC, Windows Mobile SmartPhone and Palm by encrypting files on the devices as well as their related memory cards. In doing so, encryption is performed automatically without user intervention, and it allows easy transfer of encrypted data between Pointsec protected devices. Many other top IT security software companies, including McAfee and RSA also offer wireless versions of their encryption software.

These are not necessarily one-size-fits-all solutions. That’s why we suggest that you Contact a security encryption pro from CopiaTECH to help sort out your encryption needs, find the solution that best meets those needs and your budget, and get to work on protecting sensitive data and reducing your exposure to financial risk and your potential for public embarrassment: Before it’s too late.

Related:

Monster.com Data Compromised by Trojan
TJX Sets Aside $2.60 For Each Breached Customer Credit File
Portable Devices Pose Growing IT Security Threat
Wireless Encryption Software – What You Need to Know

Related: Consumers & Merchants – Who Has to Protect the Data?

Here is a very detailed explanation of the scam by 5thirtyone.

Then you are redirected to a fake Gmail site:

read more | digg story

Michael Rowles
Your Internet Tour Guide

read more | digg story

What the heck is going on? As more and more business is done online the risk for identity exposure is ever increasing. If this occurs to you, expect to spend countless hours working with your bank, credit card company, and other institutions to claim that the expenses where not yours. Not to mention the effect that it can have on your D&B Score.

So what can you do? The first action item for you is to take your business and personal security seriously, by implementing simple security rules for your business.

Next, see what kind of ID Theft protection your financial providers can provide. There are many great programs out there that can make it more difficult for someone to use your identity to have new credit issued.

Finally, go through a risk analysis with a security professional that can help you identify the loopholes and vulnerabilities that may exist in your business.