New technologies bring productivity increases and convenience benefits — as well as new threats. When unethical people exploit computer systems and mobile devices, your business and personal data become all the more open to risk. ARE YOU VULNERABLE?

How many hours and dollars would it take to get back your data if your computer crashed?

Last year, we suggested a number of safeguards for protecting data on your computer, including the use of strong firewalls and updating your security software regularly. This year, we have a few more tips for protecting data.

In a July report entitled The Ins and Outs of Email Vulnerability, Aberdeen Group noted that in addition to anti-spam software, you could improve security by using anti-spoofing, anti-phishing, anti-spyware, anti-fraud and anti-keylogger software. (Anti-phishing software identifies and blocks those who pose as credit card companies or banks and asks for your information such as social security number and bank account numbers. Anti-keylogger software prevents a hacker from learning your I.D. names, passwords and everything else you’ve stroked into your computer. For examples of what these messages look like, check out About.com’s What Phishing and Email Scams Look Like.)

In e-mail alone, new threats appear daily. As such, Aberdeen recommends organizations do the following to achieve “best-in-class” security performance:

• Develop comprehensive e-mail security strategies that address both inbound and outbound vulnerabilities;
• Define an enterprise-wide archive policy for e-mail, and implement it;
• Actively monitor, assess and address e-mail vulnerabilities on an ongoing basis; and
• Include e-mail vulnerability assessment in an overall threat analysis, looking at threats across e-mail and the Web as well as across desktops, laptops, servers and networks.

Yet security threats to Internet communication doesn’t stop at e-mail or even your desktop or laptop — using mobile devices has become an easy way to lose sensitive data.

IDC reports that by 2009 the number of mobile workers in the United States is expected to reach more than 70 percent of the country’s total workforce. Korn/Ferry International reports that 81 percent of executives globally are connected constantly via mobile devices.

Yet as wireless and mobility technologies have become a fact of life today, appropriate safety precautions are not being met.

Commissioned by Cisco Systems and the National Cyber Security Alliance this spring, a study of 700+ mobile employees in seven countries showed that more than 60 percent of employees sometimes use mobile devices without encrypted or password-protected data to connect to their work networks, and more than a third sometimes work by piggybacking on strangers’ wireless Internet connections.

In a Yankee study last month, 40 percent of the 500 respondents said they use consumer instant messaging (IM) technology at work. “IM presents numerous security challenges,” Computerworld says. “Among other things, malware can enter a corporate network through external IM clients and IM users can send sensitive company data across insecure networks.”

“One way to combat threats is to phase out consumer IM services and use an internal IM server,” Computerworld suggests.

To stay ahead of the pack, Aberdeen further recommends companies must pay attention to the areas where e-mail management needs to take a next step. They must develop a comprehensive messaging security strategy that addresses vulnerabilities in Web mail, wikis, blogs, IM, chat and other messaging media where companies are beginning to experience susceptibility. Companies must prioritize based on the technologies actually used in their organizations.

When it comes to the corporate side of security and data protection, another Aberdeen Group study shows that “using full-disk, database storage and application encryption products, in combination with hardware security modules, tokens and smart cards, companies are safely protecting sensitive information, thereby preventing potentially devastating data breaches,” as explained by information security firm SafeNet‘s Andy Solterbeck in a statement.

If selecting, sourcing and installing these are beyond your responsibilities, ask your IT maven if they are employed, and if not, advocate for them.

According to the latter Aberdeen report, released last month:

Sharply increasing use of encryption to protect sensitive data is causing many organizations to seek more consistent, automated and cost-effective ways to manage the encryption keys that provide the foundation for this higher level of protection. Today, the most prevalent approach for all companies is the tactical deployment of point solutions for encryption where specific needs exist.

In an information-centric approach to protecting data, says Aberdeen, all organizations need to: “identify and classify their information assets; establish consistent policies; implement an appropriate portfolio of enabling technologies for encryption and key management; and establish controls to ensure compliance with both internal policies and external regulations.”

Further, if you’re involved with sensitive intellectual property (IP) relating to design, it’s worth noting that there’s software available that protects AutoCAD, Inventor and SolidWorks files. Users can apply permissions to these file types using the vendor’s viewing applications — whether DWF Viewer, Design Review, TrueView and eDrawings — to access protected files.

Resources

Computing and Network Services
State University of New York

The Ins and Outs of Email Vulnerability
by Carol Baroudi
Aberdeen Group, July 2007

What Phishing and Email Scams Look Like
by Paul Gil
About.com, Aug. 9, 2007

Accounting for Human Error
by Andy Greenberg
Forbes, Aug. 30, 2007

How Can I Protect My Computer from Viruses?
by S. Smith
WiseGeek.com

SafeNet Lauds Report Citing Decreased Security Breaches Via Encryption Solutions
BusinessWire.com, Sept. 5, 2007

Pinion Software: Secure and Share Information that Matters
by Rita Stange
Connect Press, July 30, 2007

The 8 Most Dangerous Consumer Technologies
by Mary Brandel
Computerworld, Sept. 6, 2007

Additional:

Qubits Poised to Reveal Our Secrets
by Saswato Das
Eureka Alert, Sept. 12, 2007

More Laptops Mean Greater Security Risk to Taxpayers
by Gregory Hladky
New Haven Register, Sept. 3, 2007

Cyber Attacks: a New Weapon in the State Arsenal
Agence France-Presse, Sept. 11, 2007