By Scott Palmquist

In today’s worldwide business environment, organizations are sending vast amounts of customer data, product plans and other highly sensitive information across networks all over the world. Most of these companies are sending this data across multiple carrier networks in several different countries. Shockingly, 65% of them are sending their data in clear text, according to a recent Ponemon Institute study.

Many experts agree that encryption is the simplest and single most effective step any organization can take to protect this sensitive information. With the technical advances in the encryption industry and recent headlines about data breaches, network-wide encryption should be deployed by any organization sending data beyond its physically controlled network.

Mass email malware is yesterday’s news. Today’s attacks increasingly involve malware hidden on Web sites.

By Paul A. Henry

Mass emailing is no longer hip for hackers. Spam attacks are now yesterday’s news and have been replaced with targeted attacks. There are two predominant reasons for the switch:

First, mass mailing malware is noisy and slow; it typically takes considerable time for an email to work its way across the Internet. This global lag provides administrators with ample time to notify users and lock down the network to mitigate the attack.

Second, using a broad and unqualified email address list may generate a few hits for a hacker – but for the most part it delivers lots of misses. Simply put, if the malware launcher wants to capture banking credentials with a key logger, he would be better served to only target users who have high balances in their bank accounts.

It is often said that ‘the Devil is in the detail’. This was again proven to be true with the publication of the UK’s first National Security Strategy earlier this month.

Critics of the strategy have labelled it as more of a list than a strategy, suggesting that without any detailed implementation plan, there is a real risk of it becoming nothing more than the basis for “some sort of talking shop”.

Teranet, the organization that maintains the fully digital registry of all land titles in the Province of Ontario, is by the nature of its business a data intensive organization. Like most organizations, email has become a default method of communications for Teranet staff.

“We can’t live without email as it is vital to running our operations,” said Teranet’s CIO, Mike Sliwinski. “We treat our email like a mission critical app in every respect and we need to provision it the same way we provision disaster recovery for our overall data structure.”

By Monte Robertson

Security now comes in two primary flavors—physical security and digital security. The common link between them is people. Security issues range from loose lips to inadvertent clicks, whether either is intentional or not. That’s why it’s imperative to develop a security policy covering all aspects of security. Employees need training to be proactive in these areas to help protect the business.

We all run up against personal physical security every time we travel somewhere by plane. Business physical security affects us when we use a key to enter work or have to shred a sensitive document. Digital security kicks in the minute we turn on our computers—from the logon password to the user’s behavior, to the anti-malware software to protect your systems online and finally the backup systems.

While homeland security issues are out of our control, we can help control many areas of physical and digital of our business security. Give your business a fighting chance and create and implement a security policy. The tips listed below outline how important policy is when securing your business, some of the new threats you need to be aware of and steps to take right away.

By Andy Whitaker

With everyone from courts to regulatory agencies breathing down their necks, IT managers and CIOs are increasingly worried about whether or not they can be certain about the integrity of their e-mail archives.

Whether you’re an IT manager in health, finance, legal, a government agency, or simply one of the growing number of businesses for which electronic correspondence is becoming “communication of record,” it’s important to be able to verify the integrity or your organization’s communication—potentially for court submission.

Recent stories about deletion of data by government agencies and financial services organizations are intensifying IT managers’ alarm. They’re beginning to ask pointed questions about their own e-mail archiving solutions.