SEC Enforcement Actions Nearly Beat Record in 2012, Anticipated Higher Still in 2013</h1> <article> <h1>SEC Enforcement Actions Nearly Beat Record in 2012, Anticipated Higher Still in 2013</h1> <p>Stephanie Jordan — Thu, 20 Dec 2012 10:29:36 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/sec-enforcement-actions-nearly-beat-record-2012-anticipated-higher-s" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/sec-enforcement-actions-nearly-beat-record-2012-anticipated-higher-s" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/sec-enforcement-actions-nearly-beat-record-2012-anticipated-higher-s" data-lang="en">Tweet</a></div><p>The <a href="http://www.sec.gov/">Securities and Exchange Commission</a> set a new annual record with its filing of 147 enforcement actions against investment advisors and investment companies this year. In his blog, Adam Bullock of <a href="http://www.smarsh.com/">Smarsh</a> reports that “broker-dealers also saw the impact of SEC oversight more in 2012 than in 2011, with 134 enforcement actions (a 19 percent increase year-over-year). The SEC totaled 734 enforcement actions, one short of the record set in 2011.” The penalties resulting from the record-setting 735 enforcements last year came in at $2.8 billion.</p> <p>It is not surprising that compliance professionals in the financial services industry are increasingly focused on establishing policies to mitigate risks. Included in those policies are best practices for electronic recordkeeping that encompasses not only email, but also other forms of messaging like social media.</p> <p>If Bullock is correct in his assumption that the SEC will continue the trend toward more enforcement activities in 2013, then beginning the year off with an exercise to prepare for a SEC examination might be time well spent.</p> <p>According to Smarsh Founder and CEO, Steve Marsh, the company’s 2012 Electronic Communications Compliance Survey found that the top message types requested during SEC examinations were (in order) email, website pages (including RSS feeds, blogs, wikis),Bloomberg or Reuters messages, and instant messages (IMs).</p> <p>One of the top concerns for compliance professionals is the growing use of smartphones and tablets. Mobile-specific communications, like text messaging, has potential to be outside the scope of current compliance practices. Of the compliance professionals that participated in the survey, 72 percent were concerned about new communication channels (including text messaging and social media) and 63 percent were concerned about new communication devices.</p> <p>This year the SEC published guidelines for investment advisors that use social media that included Facebook, Twitter and LinkedIn. This recognition by the SEC that social media adoption is happening within the financial services industry signals a possible addition in typical message types during an exam in the future.</p> <p>As Marsh says, “It is the content of the communication that determines its status as a business record, not the communication channel itself.”</p> <p>Marsh’s Navigating the <a href="http://www2.smarsh.co/NavigatingTheNewRegulatoryLandscape"><em>New Regulatory and Compliance Landscape: Electronic Recordkeeping</em></a> offers a quick review of key SEC electronic recordkeeping requirements. The New Year might be good time to establish an annual review of messaging compliance practices and policies. If the SEC does come to call, Bullock notes that firms should expect just five to 10 days advance notice.</p> </article> <article> <h1>BYOD Deluge, Get Ahead of Holiday Device Rush</h1> <p>Stephanie Jordan — Thu, 29 Nov 2012 17:30:51 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byod-deluge-get-ahead-holiday-device-rush" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byod-deluge-get-ahead-holiday-device-rush" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byod-deluge-get-ahead-holiday-device-rush" data-lang="en">Tweet</a></div><p>Bring your own device (BYOD) has changed the IT landscape, and some companies are handling the new world better than others. This week I came across a November blog from Sheila Jordan, senior vice president of the Communication and Collaboration IT organization for <a href="http://www.cisco.com">Cisco</a>, that shares how Cisco handles mobility.</p> <p>With the love of devices only growing stronger and new models and products arriving in time for the holidays, Jordan (no relation) gives six steps in the Cisco policy and practices for managing the mobile devices that have permeated the workplace. A few gems stood out.</p> <h2>More Access. More Security.</h2> <p>“The more network access the user wants, the more security we apply to the device,” writes Jordan. She also says Cisco IT has the right to wipe a device if it is lost or stolen.</p> <h2>Create An App Center</h2> <p>Jordan says Cisco offers employees an easy way to access apps and services that can simplify business processes and increase productivity. “Consider creating your own app center where you can house a combination of your own and third-party applications. The corporate store will give employees easy access to Cisco-recommended applications–so they can submit business trip expenses from an airport, take a Jabber video call from the sidelines of a soccer game, or continue that WebEx meeting as they shift from one location to another.” Jordan is quick to point out that the corporate app store is not the only employee-accessible app repository and the intention is not to micromanage the employees.</p> <h2>Get Ahead of the Hype</h2> <p>Around the holidays, Jordan notes, many employees will receive “shiny new devices as gifts, so we proactively email instructions to ease the device-setup experience” She says this is to allow Cisco to avoid overtaxing its global IT support team, which operates with a skeleton crew during the holiday break. Similarly, when a new device will be making a debut, Jordan says Cisco sends communications to employees BEFORE the device is on the shelf. “Our IT team created a series of communications to share with employees as soon as the official announcement [for Apple iPhone 5] hit,” reveals Jordan. “The communication addressed common questions including how to order and provision new iPhone 5s. As a result, we were able to painlessly add 2,500 of them onto the corporate network within three weeks.”<br /><br />Speaking of Apple’s iPhones, there appears to be a shift in mobile preferences happening. A recent trending report from <a href="http://threatlabz.com/">Zscaler ThreatLabZ</a> shows “current Android use at 45.23 percent and iOS at 49.6 percent (compared to 36.88 percent and 55.36 percent respectively in Q2), the gap between the two continued to narrow—decreasing by 76 percent this quarter over last. Accounting for that gap, Android use increased by 22 percent over Q2, and iOS decreased by 10 percent.”</p> <p>Jordan’s full <a href="http://blogs.cisco.com/news/dont-let-device-deluge-get-you-down/">six steps blog</a>, even with a few Cisco product plugs, is a quick, yet insightful read.</p> </article> <article> <h1>Account Takeovers Estimated in 100s of Thousands a Day</h1> <p>Stephanie Jordan — Thu, 25 Oct 2012 06:43:16 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/account-takeovers-estimated-100s-thousands-day" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/account-takeovers-estimated-100s-thousands-day" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/account-takeovers-estimated-100s-thousands-day" data-lang="en">Tweet</a></div><p>Users lose control of Facebook, email, Gmail, Yahoo!, Twitter and other online accounts frequently. agreed representatives from Microsoft, Twitter, Yahoo!, Responsys and Dropbox during a breakout session at the <a href="https://otalliance.org/">Online Trust Forum</a> 2012 held earlier this month. While all the companies actively patrol for anomalies and conduct behavior analysis, breaches still happen, and while no one on the panel (nor among the who’s who in the audience) wanted to stake out a firm number, they agreed it was in the ballpark of hundreds of thousands each day. That number is plausible if you stop to recall this summer’s Yahoo! breach where over 450,000 accounts were hacked in one go.</p> <p>Ramses Martinez, director of security at Yahoo! did not talk specifically to the breach, but talked in general terms noting that the impact of such a breach is really on the brand more than the infrastructure, admitting that it can “indirectly affect revenue.”</p> <p>The impact of account takeovers at Dropbox, notes Cory Louie, head of trust, safety and security for the company, is that customer’s expectations of being protected by Dropbox are not met. “You lose trust immediately. The blame comes on you as a service provider, whether you are responsible or not.”</p> <p>Over at Twitter, Bob Lord, head of information security, explained that due to the nature of Twitter that a Twitter name is a personal brand, and that followers follow that brand. “When you lose control of the account, it is anguish to the people affected.” But Lord observes that while “many people act like they know security, their behavior online says otherwise.”</p> <p>The group discussed how passwords are key to tighter security, but that users, even after much education and recommendations provided, are still re-using passwords, or have very weak passwords.</p> <p>At the time of the Yahoo! break-in, the top password, representing 38%, was <em>123456</em>. Here is the other top nine:</p> <ul> <li>password = 18%</li> <li>welcome = 1%</li> <li>ninja = 08%</li> <li>abc123 =.06%</li> <li>123456789 =.05%</li> <li>12345678 =.05%</li> <li>sunshine =.05%</li> <li>princess =.05%</li> <li>qwerty =.04%</li> </ul> <p>Lord made an interesting point, for Twitter and many other social media sites, an email address acts as an anchor of trust. When email users lose control of their email accounts, it can impact Twitter and other sites.</p> <p>So what are people losing when accounts are hijacked? “There is not necessarily a financial impact,” says Martinez. “But the contacts in your network, the ecosystem, that is the concern.”</p> <p>The entire panel agreed with Lord in that patrolling for break-ins is more art than science. Even the people who have their accounts hijacked usually have no idea anything has happened until their contacts start asking questions about the spam coming into their inbox from their trusted friend.</p> <p>The bottom line, protect your email accounts. Use a password tool, or develop a password strategy that allows multiple passwords to be used rather than reusing the same one for many different sites, and change passwords often. In today’s messaging world, keep in mind that email is the anchor of trust and doorway into many other channels, like Facebook, Twitter, Dropbox and LinkedIn.</p> </article> <article> <h1>iPhone 5 Eagerly Awaited Fuels More BYOD Fever</h1> <p>Stephanie Jordan — Thu, 20 Sep 2012 03:43:34 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/iphone-5-eagerly-awaited-fuels-more-byod-fever" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/iphone-5-eagerly-awaited-fuels-more-byod-fever" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/iphone-5-eagerly-awaited-fuels-more-byod-fever" data-lang="en">Tweet</a></div><p><a href="http://www.apple.com">Apple</a> pre-orders for its iPhone 5 topped two million in just 24 hours, more than double the previous record of one million held by iPhone 4S. During the product launch address last week, Philip Schiller, senior vice president Worldwide Marketing for Apple, reminded listeners that at the time of the original iPhone launch in 2007, <em>Time Magazine </em>called the product, “The phone that has changed phones forever.” Last week, at the company’s special event, Schiller introduced the iPhone 5 calling it, “The most beautiful product that we have ever made.”</p> <p>The phone, made of glass and aluminum is the lightest and thinnest smartphone to date and weighs just 112 grams. With a 326 pixels per inch (PPI) display and 44 percent more color saturation, it is, according to Schiller, “The world’s most advanced display.” Schiller walked through key features from its thinner, lighter design, Retina display, and performance and speed, to its camera, improved battery life and new iOS 6 platform.</p> <p>The announcement that might be less enthusiastically received is the iPhone 5’s charging connector. Schiller explains that the current connector design was launched in 2003 and says, “So much has changed since then. It is time for the connector to evolve.” Schiller announced that the new connector is called “Lightning” and is “a connector for the next decade.” Schiller goes on to describe its all-digital, 8-signal design, that it has improved durability, that it is reversible, making it easier to use and is 80 percent smaller. This translates to accessory makers needing to alter product designs to accommodate the change. It also means users that already own connectors, speakers, and devices, will need to purchase adapter accessories from Apple to convert the old style connector devices to the new connector design or purchase all new speakers, clock radios and the like. If the reaction of the two million placing pre-orders on Friday in the opening 24-hour period is any indication, Apple iPhone enthusiasts don’t seem to mind.</p> <p>One online company has tried to gauge the extent iPhone fever runs by polling nearly 2,000 U.S. visitors to its <a href="http://www.CouponCodes4u.com">CouponCodes4u</a> site. Respondents were asked whether they could afford to purchase the latest Apple gadgets and whether or not they have gone into debt to do so. Eighty-one percent of respondents admitted that they could not afford to “keep up with the latest” Apple releases and have purchased gadgets on “credit”. More than half, 51 percent, of respondents said they had used a credit card or got a loan out in the last three years so they could be amongst the first to buy the latest iPad and iPhone.</p> <p>During the iPhone 5 event last week, Apple’s CEO, Tim Cook, took advantage of the gathering to comment on Apple’s other device darling, the iPad. According to Cook, from April to June 2012 figures show 68 percent of the worldwide tablet market share belongs to Apple. He further cited the usage statistic claiming 91 percent of all tablet web traffic. Cook also stated, 94 percent of Fortune 500 companies are testing or deploying the iPad and believes, “The enterprise is also investing in custom apps at a high rate.”</p> <p>Cook told the audience that last quarter the company sold its 400 millionth iOS device (through June 2012), exclaiming, “No one could have predicted this.”</p> <p>I doubt anyone predicted two million pre-orders on the first day of advanced sales, either.</p> <p>iPhone 5 carries a suggested retail price of $199 (U.S.) for the 16GB model and $299 (U.S.) for the 32GB model and $399 (U.S.) for the 64GB model. While a shortage is now predicted, the device is scheduled to be available in the U.S., Australia, Canada, France, Germany, Hong Kong, Japan, Singapore and the U.K. on Friday, Sept. 21. iPhone 4S will now be available for just $99 (U.S.) and iPhone 4 will be available for free with a two-year contract for most carriers. iOS 6 software is available as of today as a free software update.</p> </article> <article> <h1>Email Holding Its Own Against Social Media for Marketers</h1> <p>Stephanie Jordan — Sat, 01 Sep 2012 02:35:56 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/email-holding-its-own-against-social-media-marketers" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/email-holding-its-own-against-social-media-marketers" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/email-holding-its-own-against-social-media-marketers" data-lang="en">Tweet</a></div><p>With the recent broadening of messaging channels (social media, collaboration, text, etc.) it might be easy to believe the oft-made claim that “email is dead,” but a number of marketers said this month that email beats social media when you look at the stats.</p> <p>While all believe social media has an important role, none think email is losing its place as the cornerstone of emarketing efforts. <a href="http:/www.messagesystems.com/">Message Systems</a>, a provider of messaging technology solutions, conducted a survey during its annual user conference this month and found that 97 percent of respondents leverage email for marketing campaigns. The survey also found social media rising in popularity, with 70 percent of respondents indicating that they market through social networks. But regardless of its popularity, social media is outperformed by email marketing when it comes to driving sales and delivering return on investment (ROI).</p> <p>“Despite recent reports that the return on investment with email marketing has been declining over the past few years, our survey found that email is thriving, and driving more revenue and conversions than any other channel,” observes George Schlossnagle, CEO of Message Systems. “In fact, nearly 70 percent of our customers reported that their email marketing returns have actually trended upwards in the past five years.”</p> <p>The findings of Message System’s survey were echoed in <a href="http://monetate.com/">Monetate’s</a> E-commerce Quarterly Report published mid-month. This report claims that when it comes to ecommerce, email still rules.</p> <p>The report authors said, “Although social media is referring traffic to online shopping sites 77 percent more than last year, few users actually buy anything. E-commerce sites may be rushing to fill the Internet with their social banter and engagement, but the real winners are those emails campaigns reminding us of sales, previewing new items, and offering free shipping. At a rate of 4.25 percent, email deals are converting people to sales eight times better than social and four times (4x) that of search.”</p> <p><a href="http://www.experian.com/cheetahmail/index.html%20">Experian CheetahMail</a> published its Q2 email trends report this week also shows email to be a solid marketers channel.</p> <p>“For Q2 2012, overall email volume increased 10 percent while open rates were slightly above the 2011 Q2 rates, as more than 55 percent of brands had statistically significant increases in open rates for Q2 2012,” summarizes Regina Gray, vice president of strategic services for Experian CheetahMail. “While click rates continued to show a year-over-year decline, there is some evidence that the rates are stabilizing. Email is still the most effective channel to connect with customers as we’ve seen a growing trend of brands utilizing social capabilities to acquire and engage consumers and fans across these new media channels.”</p> <p>Social clearly does have a place, however. According to the Message System benchmark survey, “Social marketing is growing, especially for engaging customers. Although most customers prefer to be contacted via email, marketers are increasingly using social media to engage with customers and interact in a two-way dialogue—64 percent of respondents said they added social media in the past year to obtain greater engagement.”</p> <p>Overall, nearly half—47 percent—of all survey respondents disclosed that their companies have adopted social media (Facebook, LinkedIn and Twitter specifically) as a channel for two-way customer dialogue, trailing only phone and email.</p> <p>The email trends discussed by these vendors seem to fly in the face of an earlier study conducted by the <a href="http://www.the-dma.org/">Direct Marketing Association</a> that found that email marketing had dropped by 25 percent and was likely to continue to decline.</p> </article> <article> <h1>Several Large, Frequently-Visited Sites Still Serving Malware</h1> <p>Stephanie Jordan — Tue, 31 Jul 2012 18:20:14 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/several-large-frequently-visited-sites-still-serving-malware" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/several-large-frequently-visited-sites-still-serving-malware" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/several-large-frequently-visited-sites-still-serving-malware" data-lang="en">Tweet</a></div><p>New discoveries were recently reported as a continuation of a March report on observed maliciousness in Alexa top-ranked domains. <a href="http://www.barracudalabs.com/">Barracuda Labs</a> has intentionally been mimicking typical web browsing behavior to review the most popular websites as listed by Alexa Internet, Inc, which offers information about websites including top sites, Internet traffic stats and the like. I wrote about the initial report in <a href="/eyeonmessaging/stephanie-jordan/popular-web-sites-found-host-malicious-content">Popular Web Sites Found to Host Malicious Content.</a></p> <p>According to researcher Paul Royal, the Lab continued to look at some of the same items from the <a href="http://www.barracudalabs.com/wordpress/index.php/2012/03/28/maliciousness-in-top-ranked-alexa-domains/">March study</a>, but this time went further into the data to examine recurring maliciousness for a given domain, the use of ad networks as entry points to drive-by downloads, and the use of Java in exploited sites.</p> <p>The latest observations validate the March findings. In this report, top sites served malicious content for 26 days per month, up from 23 days last report. The sites involved showed no geographic borders, with malicious content served across 13 countries this time and 18 last time. Also observed again was that the sites are not new: Over 97 percent of the affected sites were a year or more old, in both this report and the earlier one.</p> <p>For this report period, 39 of the Alexa top 25,000 websites, when visited, served drive-by downloads for at least one day. Royal says this time the researchers examined how, beginning with a visit to a popular website, malicious content was served to the browser. “Given that almost all of the sites were long lived, we expected most instances of malicious content to arrive via the sites’ use of ad networks, which are a frequent target of criminals,” Royal explains. “However, to our surprise, malicious content originated from [ad servers in] only 18 (or 46.1 percent) of the 39 sites. The remainder were, in one form or another, the result of directly compromising the website.”</p> <p>This latest report also examined the the use of Java among browser-based exploits. Royal notes, “Of the 39 sites, 34 (or 87.1 percent) served malicious content (usually targeting multiple software components) that included one or more exploits for Java (e.g., CVE-2012-0507). This finding supports the widely held belief that Java is one of the most ubiquitous targets of drive-by download attacks.”</p> <p>Disabling Java when it’s not needed is recommended by Barracuda Labs for this reason. Go to <a href="http://www.barracudalabs.com/wordpress/index.php/2012/07/02/new-insights-on-maliciousness-in-top-ranked-domains/">New Insights on Maliciousness in Top-ranked Domains</a> for more on this study. </p> </article> <article> <h1>BYOD's Downside: Higher IT Costs, Data Security and Compliance Concerns</h1> <p>Stephanie Jordan — Mon, 23 Jul 2012 21:32:54 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byods-downside-higher-it-costs-data-security-and-compliance-concerns" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byods-downside-higher-it-costs-data-security-and-compliance-concerns" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/byods-downside-higher-it-costs-data-security-and-compliance-concerns" data-lang="en">Tweet</a></div><p>One of the most talked about trends in messaging today is BYOD (Bring Your Own Device), which began about the time iPhone mania really took hold. After 2007, when third-party developers were encouraged to develop apps for the iPhone, users started to abandon corporate issued BlackBerrys in favor of their own phones and apps. Shortly thereafter, Android, iPad and a host of other devices with roots in consumer product design were streaming through corporate doors. The BYOD trend has put IT in a tough spot, and has captured the attention of vendors responding to the new need for mobile device management (MDM). Initially, we had on premises MDM offerings from companies like Good Technology, Sybase and MobileIron. Now, with the rise of “the cloud,” we see MDM cloud services, which have lower price points and can leverage the managed services approach.</p> <p>One such recent offering, announced last week, is from <a href="http://www.azaleos.com">Azaleos Corporation</a>, known for managed Exchange and managed SharePoint. The Azaleos Managed Mobile Device Management Service enables enterprises to centrally secure and control all leading mobile devices, including employee owned smartphones and tablets. The Azaleos Managed MDM service is based on technology from market leading MDM provider AirWatch and provides proactive 24x7 monitoring and management of company-issued and employee-owned mobile devices.</p> <p>The need for MDM appears to be growing. A recent study conducted by <a href="http://www.ostermanresearch.com">Osterman Research</a> revealed that full-time employee staff requirements to manage smartphones increased from a median of 2.9 per 1,000 mobile devices in 2011 to 3.6 today and is expected to reach 4.0 in 2013. The corresponding annual IT labor cost per user was $229 in 2011, $294 in 2012, and is projected to rise to $339 in 2013.</p> <p>“Organizations that do not address MDM properly face a growing set of risks, including an inability to adequately secure and retain data on mobile devices, greater downtime, higher IT costs, regulatory compliance violations and reduced employee productivity,” believes Michael Osterman, president of Osterman Research.</p> <p>A key area of BYOD concern to Osterman is content retention and management. In a recent research paper entitled <em>Putting IT Back in Control of BYOD</em> he wrote: “Smartphones and tablets contain a significant proportion of corporate data. Osterman Research has found that more than five percent of corporate data is stored just on users’ smartphones—we expect this figure to soar during the next 24 months as iPads and other tablets are employed in much larger numbers. Employee-owned and controlled devices make access to this data by corporate IT or compliance departments much more difficult, such as during an eDiscovery exercise. This is not only because of the difficulty that might be encountered in physically accessing these devices, but also because of the potential privacy and other legal issues that are raised by companies accessing their employees’ personal property.”</p> <p>At this point, the BYOD trend is so entrenched that trying to control what device employees may use is likely to fail, Osterman predicts. He believes that employees, if faced with such restrictions, will use their device of choice secretly. Another reason he does not advise trying to restrict users from making their own choices is productivity. “The vast majority of employees do not use their own devices or applications simply for the fun of it,” he says. “They are doing so to be more productive, and to bypass IT restrictions (e.g., email file-size limits) that prevent them from being effective in their work.”</p> <p>The simplicity of the cloud services converging with the increased number of mobile device platforms coming into corporate environs makes MDM increasing of interest to IT. In a <a href="http://www.azaleos.com/resources/whitepapers.aspx">MDM survey</a>, Osterman found among organizations that have not yet deployed an MDM solution, 32 percent will deploy one in 2013 and an additional 24 percent plan to deploy one in 2014. </p> </article> <article> <h1>Social Media Policy Guidance for Financial Institutions Good for All</h1> <p>Stephanie Jordan — Thu, 28 Jun 2012 02:34:45 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/social-media-policy-guidance-financial-institutions-good-all" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/social-media-policy-guidance-financial-institutions-good-all" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/social-media-policy-guidance-financial-institutions-good-all" data-lang="en">Tweet</a></div><p>The highly regulated financial services industry has been given another set of social media guidelines. Most well known might be <a href="http://www.finra.org/">FINRA’s</a> (Financial Industry Regulatory Authority) two notices (published January 2010 and August 2011) to try to assist with the use of social media within regulatory standards. More recently, the <a href="http://www.dfi.ca.gov/">DFI</a> (California Department of Financial Institutions) has offered guidance to financial institutions towards developing social media plans and policies, portions of which can be applied toward any industry.</p> <p>The use of social media is a hot topic for all industries, with most embracing the channel as an important way to stay connected to customers. A short DFI survey published in the <a href="http://www.dfi.ca.gov/notices/2012/011012.asp">December issue</a> of DFI’s Monthly Bulletin proved very revealing. The survey asked three questions: </p> <ol> <li>Do you have a social media plan? </li> <li>Do you have a social media policy? And </li> <li>Does someone look at public websites, e.g., Yelp, Twitter, Google search, etc., for reviews and postings on your financial institution?</li> </ol> <p>The answers: 96 financial institutions or 28 percent responded “yes” to a social media plan and 245 financial institutions or 72 percent responded “no.” To having a social media policy, 140 institutions or 41 percent responded “yes” and 202 institutions or 59 percent responded “no.” As for reviewers, 133 institutions or 39 percent responded “yes,” 85 institutions or 25 percent responded “no” and 124 institutions or 36 percent responded “not applicable.”</p> <p>With only 28 percent of the survey respondents saying, “we have a plan” the <a href="http://www.dfi.ca.gov/notices/2012/february2012_bulletin.asp">February issue</a> of the DFI’s Monthly Bulletin offered the following to be considered before embarking on social media activity:</p> <ol> <li>What does your financial institution expect to gain from using social media?</li> <li>How will the plans be implemented and over what period of time?</li> <li>Who are the “target” viewers?</li> <li>What types of bank activities/postings are planned?</li> <li>What types of social media do you plan on using and how do you plan to use them?</li> <li>How will the social media activities be managed and by whom – internal and/or external?</li> <li>Who will the social media staff report to within your financial institution?</li> <li>Who and how will these activities be reviewed/audited?</li> </ol> <p>The DFI also recommends that a “financial institution should perform a risk assessment based on the complexity of your goals and objectives prior to implementation.” In addition the assessment should identify “all key risks (e.g., reputational, legal and operational) for which risk mitigation strategies should be developed and incorporated into the social media plan.”</p> <p>Sounds like a good exercise for any industry, doesn’t it? But how many of us take that time before leaping into execution mode?</p> <p>As a follow up, the DFI offered another social media installment in its <a href="http://www.dfi.ca.gov/notices/2012/march2012_bulletin.asp">March</a> Monthly Bulletin, this time aimed at the 59 percent of responders that did not have a social media policy.</p> <p>The DFI recommended financial institutions address these key elements within a policy framework for social media:</p> <ul> <li>Description of the approved Social Media Activities (e.g. Facebook, LinkedIn, Twitter, Yelp, etc.)</li> <li>Establishment of responsibility for the social media program oversight.</li> <li>Establishment of the appropriate reporting authority.</li> <li>Designation of staff members authorized to manage and respond to social media inquires and postings.</li> <li>Specification of type of use for social media (business use only?)</li> <li>Guidelines for personal use, if allowed.</li> <li>Definition of permitted content (e.g., communications, product promotions or advertisement, customer education, etc.)</li> <li>If advertising products and services, inclusion of applicable consumer protection laws and regulations requirements (e.g. FDIC insurance, Truth in Lending, etc.)</li> <li>Employee training program.</li> <li>Social media procedures to detail how activities are to be performed.</li> <li>Description of reporting metrics to monitor the social media program’s goals and objectives.</li> <li>Regular review and updates for the policy and procedures.</li> </ul> <p>Again, this is a really good list to be included in anyone’s social media policy.</p> <p>With so many social media mediums out there, it’s important for all businesses to establish a social media plan and a social media policy. Having them will prove more important as employee adoption (and perhaps abuses) grow.</p> </article> <article> <h1>Latest Password Breach Reminds Us to Update Passwords</h1> <p>Stephanie Jordan — Wed, 13 Jun 2012 23:20:49 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/latest-password-breach-reminds-us-update-passwords" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/latest-password-breach-reminds-us-update-passwords" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/latest-password-breach-reminds-us-update-passwords" data-lang="en">Tweet</a></div><p>Last week security researchers were buzzing with news and opinions about possible (and soon after confirmed) stolen LinkedIn passwords. Whenever security breaches such as this one happen—and in the online world in which we find ourselves intrusions to our online privacy is not uncommon—it serves as a reminder that we need to proactively protect ourselves, as we would walking down a darkened street, by staying alert and taking steps to prevent negative situations.</p> <p>A key social media site for professionals, LinkedIn’s network (as of March this year) has 161 million members in over 200 countries and territories. The news of the breach of over 6 million password hashes was caught not by LinkedIn, but steadfast security experts vigilantly on patrol looking for activity such as this. Called to LinkedIn’s attention, the company quickly sprung into action with blogs notices, internal investigations into the compromised accounts and direct communication with those affected by the breach. The recommendations sent from LinkedIn to those breached account holders are good for all of us to hear - again, as they are not new best practices. Their recommendations appear at the end of this post and are worth sharing with your users.</p> <p>Others also had advice to share, like Cisco’s Seth Hanford, one of the first to <a href="http://blogs.cisco.com/security/6-5-million-password-hashes-suggest-a-possible-breach-at-linkedin/">report on</a> the suspected breach. Hanford noted safety tips that users should do, as well as things not to do, such as: do not input passwords into sites on the Internet offering to compute hashes or check for exposure, saying “Determining if your password hash was exposed is interesting, but giving your password away to strangers is never a good idea.” He also recommends that users not rely on common patterns in an effort to improve password security. As evidence, Hanford offered <a href="http://www.cl.cam.ac.uk/%7Ejcb82/doc/BPA12-FC-banking_pin_security.pdf">recent research (PDF)</a> that suggests sets like possible day / month combinations (4 digits starting with “19″ or “20″, or combinations which can be interpreted as day/month values like 0501) are particularly weak.</p> <p>Close to a year ago today, I wrote a piece, <a href="http://www.messagingnews.com/story/national-internet-safety-and-security-month-maawg-and-passwords"><em>National Internet Safety (and Security?) Month, MAAWG, and Passwords</em></a>, that passed along a theory of how to make a strong, memorable password. Seems like a good time to repeat that portion. Here is what I wrote after hearing a talk by Dr. Markus Jakobsson, principal scientist, consumer security with PayPal:</p> <p>“A key point Dr. Jakobsson makes is that users should make passwords from what he calls “fastwords” that boil down a story into three words. These words on the surface seem very random, but to the user these select words are meaningful because they tell a tale, which aids in password recall success.</p> <p>Another password memory recommendation, similar to Dr. Jakobsson’s advice of telling a story, is to come up with a password with which you can make clear associations or phrases. Traditionally, a strong password is one that contains both uppercase and lowercase letters, numbers and symbols. So the example would be if you have this password: Hmkw?Aba4g! A user could remember it by: How many kids won? A boy and 4 girls! These kinds of tricks make remembering passwords much easier, as Dr. Jakobsson points out people hate passwords, mostly because good passwords are hard to remember.”</p> <p>An almost unanimously agreed upon password tip: don’t use the same password in multiple places, even strong passwords are weakened through over use and if compromised, can open up even more information to thieves. One of the priory points given to the compromised LinkedIn members is if the same password used on the social media site is being used elsewhere, change it right away.</p> <p>While the damage of the breach is not fully certain at this point, one thing is known, damage has been done to LinkedIn’s reputation.</p> <h2>Password <a href="http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/">Recommendations from LinkedIn</a>:</h2> <p>Here are some account security and privacy best practices that we recommend for our members:</p> <h3><strong>Changing Your Password:</strong></h3> <ul> <li>Never change your password by following a link in an email that you did not request, since those links might be compromised and redirect you to the wrong place.</li> <li>You can change your password from the LinkedIn Settings <http://www.linkedin.com/settings> page.</li> <li>If you don’t remember your password, you can get password help <http://help.linkedin.com/app/answers/global/id/1167/ft/eng> by clicking on the Forgot password? <http://www.linkedin.com/passwordReset?> link on the Sign in <file://localhost/secure/login> page.</li> <li>In order for passwords to be effective, you should aim to update your online account passwords every few months or at least once a quarter. </li> </ul> <h3><strong>Creating a Strong Password:</strong></h3> <ul> <li>Variety—Don’t use the same password on all the sites you visit. </li> <li>Don’t use a word from the dictionary.</li> <li>Length—Select strong passwords that can’t easily be guessed with 10 or more characters.</li> <li>Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.</li> <li>Complexity—Randomly add capital letters, punctuation or symbols.</li> <li>Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.</li> <li>Never give your password to others or write it down. </li> </ul> <h3><strong>A few other account security and privacy best practices to keep in mind are:</strong></h3> <ul> <li>Sign out of your account after you use a publicly shared computer.</li> <li>Manage your account information and privacy settings <http://help.linkedin.com/app/answers/global/id/66/ft/eng> from the Profile and Account sections of your Settings <http://www.linkedin.com/settings> page.</li> <li>Keep your antivirus software up to date.</li> <li>Don’t put your email address, address or phone number in your profile’s Summary.</li> <li>Only connect to people you know and trust.</li> <li>Report any privacy issues to Customer Service <http://help.linkedin.com/app/ask/path/pi> .</li> </ul> </article> <article> <h1>Industry Coordinated Defense Needed to Battle Botnets</h1> <p>Stephanie Jordan — Thu, 31 May 2012 05:59:27 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/industry-coordinated-defense-needed-battle-botnets" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/industry-coordinated-defense-needed-battle-botnets" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/industry-coordinated-defense-needed-battle-botnets" data-lang="en">Tweet</a></div><p>As legislators try to address cybersecurity threats through various bills, the White House yesterday promoted a voluntary set of principles developed by the <a href="http://www.industrybotnetgroup.org">Industry Botnet Group </a>(IBG) to help reduce botnets. The White House event was held to discuss the risk botnets pose to Internet security.</p> <p>In January, IBG was formed as a multi-industry organization to collaborate and encourage efforts to reduce the effectiveness of botnets. Bots are malicious programs installed on a users’ system, usually without their knowledge, that are used by criminals to steal personal identity information, send spam, launch attacks against Web sites and other malicious activities.</p> <p>“Bots are a serious concern for end-users, the economy and the nation,” Michael O’Reirdan, <a href="http://www.M3AAWG.org/">M3AAWG</a> co-chairman for malware, recently stated. “Looking at the significant reduction in spam over the years, we know that cooperative industry action is effective against online abuse.” M3AAWG serves on the IBG steering committee.</p> <p>The new principles are intended to significantly improve cooperation among network operators, vendors, trade associations and other nonprofits working against the malware. At today’s event, everyone in the Internet ecosystem was encouraged to implement the Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace. The principles include:</p> <ul> <li><strong>Share cyber responsibilities</strong> by employing reasonable technologies to thwart the effectiveness of botnets across all phases of the mitigation lifecycle: prevention, detection, notification, remediation, and recovery;</li> <li><strong>Coordinate across sectors</strong> in order to better analyze, prevent, and combat threats;</li> <li><strong>Confront the problem globally </strong>through cross-border collaboration;</li> <li><strong>Report lessons learned</strong> with partners in the Internet ecosystem;</li> <li><strong>Educate users </strong>by making information and resources available to them;</li> <li><strong>Preserve flexibility</strong> for responses by different entities to an ever-evolving threat environment;</li> <li><strong>Promote innovation </strong>to foster technological advances;</li> <li><strong>Respect privacy</strong>; and</li> <li><strong>Navigate the complex legal environment</strong>.</li> </ul> <p>“It takes a global village, with all the suppliers involved, to fight bots,” believes O’Reirdan. “The only way to effectively protect consumers is for the operators, vendors and other participants serving the Internet ecosystem to recognize their shared responsibility in addressing the problem and then integrate the appropriate defenses into their daily business practices. The IBG principals encourage the industry to be assertive and acknowledge the problem, cooperate, coordinate and be flexible in their responses.”</p> <p>While not a new approach to the botnet battle (other calls for collaboration and joint-industry efforts have been done) IBG’s public-private partnership strategy underscores the need for experts from a variety of disciplines to work collaboratively together to address today’s ever-increasingly complex cyber threats.</p> </article> <article> <h1>Is There A Place for Social Networking in Modern Healthcare Delivery?</h1> <p>Stephanie Jordan — Wed, 23 May 2012 18:35:14 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/is-there-place-social-networking-modern-healthcare-delivery" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/is-there-place-social-networking-modern-healthcare-delivery" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/is-there-place-social-networking-modern-healthcare-delivery" data-lang="en">Tweet</a></div><p>I recently reviewed two reports that opined on the role that social networking should (and shouldn’t) play for healthcare providers, which gives food for thought to any professional.</p> <p>The first report,<em> Cooperation, Communication, Coordination: Three Pillars of Collaborative Teamwork </em>from <a href="http://www.idc-hi.com/%20">IDC Health Insights </a>(April 2012), reviews the “transformation of the healthcare delivery model.”<br /><br />Of the “four Cs” of effective teamwork, social networking is listed as a key area for healthcare providers, noting that the medium is useful in “health and wellness, disease management, clinical trial recruitment, maintenance of personal health records, treatment, hospital and physician selection, and other important aspects of healthcare delivery.”<br /><br />The authors, Jan Duffy and Silvia Piai, note that in particular staff shortages, cost constraints and service demands have increased the need for more efficient and effective communications. This led the IDC research team to predict that mobile technology, providing access to data on the go, and social networking among providers to be an essential ingredient to the evolving healthcare delivery model.<br /><br />Where it appears social networking does not belong is between patient and provider. In a <a href="http://www.sophos.com">Sophos</a> <a href="http://nakedsecurity.sophos.com/2012/05/21/doctors-shouldnt-buddy-up-with-patients-on-facebook-or-twitter-hospitals-warn/">blog</a> this week, Lisa Vaas reports on how hospital administrators, concerned about the lack of professionalism and data leakage, are recommending healthcare providers do not set up relationships with patients in social networking sites (in particular she lists Facebook and Twitter).<br /><br />This cautionary approach is echoed by <a href="http://www.ama-assn.org/ama/pub/meeting/professionalism-social-media.shtml">policy guidelines</a> that the American Medical Association drafted this year titled <em>Professionalism in the Use of Social Media</em>. The policy is well thought out and while it does not recommend complete abstinence from social networking, it does offer cautions of how to best use the medium and maintain professionalism. Noting the need for appropriate boundaries, ethics, the need to monitor, and if need be, to have unprofessional content posted by colleagues taken down, these guidelines would be useful to anyone who is in a business-to-client, or to-customer relationship. It is worthy of a read, if only to remind us of our own need to protect our online reputations.<br /><br />Vaas also points to <a href="http://www.quantiamd.com/q-qcp/doctorspatientsocialmedia.pdf%20">a study (PDF)</a>, published last August by QuantiaMD, an online community for physicians, that upon surveying over 4,000 clinicians concluded that over 65% of physicians are using social media for professional purposes. <br /><br />I suspect that number will grow rapidly over the next few years. Last summer, the Pew Internet & American Life Project conducted a study called, <em><a href="http://www.pewinternet.org/Reports/2011/Technology-and-social-networks.aspx">Social Networking Sites and Our Lives</a></em>. The report was authored by Keith Hampton and revealed that more people are using social networking sites. Hampton says “the figure is now 47% of the entire adult population, compared with 26% that was measured in our similar 2008 survey. Among other things, this means the average age of adult social networking site users has shifted from 33 in 2008 to 38 in 2010. Over half of all adult social networking site users are now over the age of 35.”<br /><br />As with many trends, the bleed over from personal life to professional life will mean that social networking will continue to rise in the professional realm as people become more and more comfortable with the medium.<br /><br />Social networking may be a road to enhanced patient care, but it may not be a primary element in patient-provider communications.</p> </article> <article> <h1>Measuring Social Media Success</h1> <p>Stephanie Jordan — Tue, 01 May 2012 04:31:28 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/measuring-social-media-success" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/measuring-social-media-success" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/measuring-social-media-success" data-lang="en">Tweet</a></div><p>While social media as a messaging medium has become a mainstay, e-marketers are still learning how best to incorporate this latest channel into marketing practices and to define what success looks like. The <a href="http://www.e-tailing.com">E-tailing Group</a> offered a synopsis of its recent Annual Merchant Survey in its whitepaper <a href="http://www.baynote.com/resource/metrics-therapy-paper/"><em>Metrics Therapy—Details, Dashboards and Diligence</em></a> authored by E-tailing Group President Lauren Freedman and sponsored by Baynote. The section on social media success was of particular interest.</p> <p>The survey included responses of 147 merchants and how they are thinking of metrics today and how those metrics are used to drive business decisions. The no-brainer metric is the number of Facebook fans or Twitter followers. But according to the findings, retailers are looking for ways to measure social beyond engagement. There are other metrics being used like click-through rates to retail site from social media, growth rate year-over-year for pre-determined KPIs, number of YouTube views, sales from social networks, improved SEO, PR and media exposure, and video sharing rates.</p> <p>“Interactivity seemed to be of greater interest for retailers to clarify how wide a net was being cast in the social stratosphere,” writes Freedman. “This moved beyond the number of fans to the levels of conversation and how much they were promoted and shared. Interest in growing social as a communication tool means monitoring the conversations and jumping in to bolster activity.”</p> <p>Another merchant advocated not counting the number of fans, but rather count the number of comments on posts, returning views and overall time spent using the social media channel.</p> <p>Freedman also notes that, “More sophisticated players are attempting to track the cost to acquire a new fan and understand where and when they convert in order to put necessary social resources in place.” Another metric to consider: tracking who is signing up for emails from social locations and tracking subsequent engagement with the company.</p> <p>Additional areas Freedman says to pay attention to:</p> <ul> <li>Referral sources (blogs, Facebook, Twitter)</li> <li>Where traffic is derived from</li> <li>General onsite sharing tools (share, like)</li> </ul> <p>When considering what is successful with e-marketing today, it is not just about transactions anymore. Interactions with the company and building relationships is the real value social media can bring, at a relatively low cost. This is true for B2C markets, but also holds true for B2B.</p> </article> <article> <h1>Google Takes on Competitors, Privacy Issues, Makes Google Drive Core Service</h1> <p>Stephanie Jordan — Fri, 27 Apr 2012 04:54:06 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/google-takes-competitors-privacy-issues-makes-google-drive-core-serv" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/google-takes-competitors-privacy-issues-makes-google-drive-core-serv" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/google-takes-competitors-privacy-issues-makes-google-drive-core-serv" data-lang="en">Tweet</a></div><p>The long awaited Google Drive made its debut this week amid a flow of commentary both pro and con for the product. In theory the product is late to the cloud party with rivals such as Dropbox, Microsoft’s SkyDrive, Apple’s iCloud among others firmly underway. Cloud-anything has been hot for some time now, and many Google users have eagerly awaited the ability to sync files between smartphone, tablet and computer.</p> <p>Google’s motives for the product, believes some, go way beyond a cool product feature set. Mark Little, principal analyst at <a href="http://www.ovum.com">Ovum</a>, for one, says “With Google Drive, Google has recognized the potential of shared cloud storage as a consumer hub or open platform that can be central to developing third-party apps such as video editing, sending faxes, and creating websites, with potential for a far greater range of applications from its busy community of third-party developers.”</p> <p>Little thinks the platform potential of Google Drive is of strategic importance, leveraging “Google’s developer strengths and competitive pricing (50% cheaper than Apple’s iCloud in some cases) to drive penetration of its cloud offering via both consumer and enterprise channels.”</p> <p>As with many of the cloud offerings, security and privacy are of concern to IT administrators tasked with maintaining compliance and content care. Earlier this year, Google announced a controversial consolidating of its privacy policies from more than 60 down to one main <a href="http://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html">privacy policy</a>. The policy took effect March 1, even as it was being contested by users, privacy advocates and countries (most notably France, which has very strict privacy requirements.)</p> <p>Privacy advocates are trying to nail down just what Google can do with the content once users upload their content to Google Drive. The new privacy policy is making what Google does across its offerings and what is shared a bit muddy. There has been much talk about sensitive data and whether or not it should be uploaded to Google Drive at all.</p> <p>Privacy is not a new problem for Google. Recently the FTC has undertaken an investigation into Google’s bypass of the default privacy settings of Apple’s Safari browser for Google users. (The company contends that the change in default settings for Safari browsers were necessary to allow the “+1” button connected to its Google+ social network to work with Apple’s browser.) This current FTC investigation is happening just after Google was fined $25,000 for “allegedly blocking” a federal privacy investigation into a 2010 privacy breach.</p> <p>Though Google is late to the cloud storage party, there is a twist to the offering. Observes Little, “Google Drive is a major challenge to Apple’s iCloud and others whose propositions are selling cloud storage as a useful ancillary to using its applications. The Google Drive proposition is the other way around, offering cloud storage as a core service from which users can access an ecosystem of highly useful applications.”</p> <p>Google Drive will be even more powerful once the Apple iOS mobile operating system version becomes available, especially given Apple’s earnings release this week that showed ever-increasing demands for the products with 35.1 million iPhones and 11.8 million iPads sold during the company’s fiscal 2012 second quarter.</p> </article> <article> <h1>Popular Web Sites Found to Host Malicious Content</h1> <p>Stephanie Jordan — Sun, 01 Apr 2012 02:31:50 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/popular-web-sites-found-host-malicious-content" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/popular-web-sites-found-host-malicious-content" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/popular-web-sites-found-host-malicious-content" data-lang="en">Tweet</a></div><p>Just because a Web site has been around a while and has enjoyed a solid reputation, it cannot be assumed that the site is safe to surf. A case in point: it was recently found that 58 of the Web sites ranked among <a href="http://www.alexa.com">Alexa’s</a> most popular sites have served up drive-by download exploits in the month of February.<br /><br />Though the sites might be consumer oriented, as we all know with the “always on” world that we live in, what is viewed at home using mobile or laptop devices can easily be brought into the workplace network. And of course there’s also employees using company resources, on company time, to do some personal Web browsing. So here is one more case to share with employees as part of awareness training. <br /><br />This conversation started during RSA conference last month with an interesting discussion with Paul Judge, chief research officer and head of <a href="http://www.barracudalabs.com/">Barracuda Labs</a>. Judge shared with me some early findings that are expected to publish on April 2. The folks at Barracuda Labs have intentionally been mimicking typical Web browsing behavior to review the most popular Web sites as listed by Alexa Internet, Inc, which offers information about Web sites including top sites, Internet traffic stats and the like.<br /><br />At this point, thanks to user education programs, many users are aware of certain site types to avoid. But infections in today’s Web are not so easily avoided, because cyber bad guys are infiltrating sites that are otherwise trustworthy. This is not necessarily new, as legitimate sites have been targeted and taken hostage over the last few years. But it seems that the practice of infecting “good” sites may be growing. Judge notes that of the Alexa sites the Labs found hosting malicious content, nearly half (43 percent) of the infected sites were hosted here in the U.S. <br /><br />From the investigation that Barracuda Labs conducted, it also appears that while the malicious content is not served up each day, it is served in an almost continuous on-going fashion. For a quick glimpse of which sites were found to host, and other interesting details, take a look at Barracuda Labs’ research <a href="http://www.barracudalabs.com/infographics/trusted_sites/">infographic</a>. </p> </article> <article> <h1>Study Reviews TCO of Public vs. Private Cloud Messaging and Collaboration Deployments</h1> <p>Stephanie Jordan — Thu, 29 Mar 2012 03:49:11 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/study-reviews-tco-public-vs-private-cloud-messaging-and-collaboratio" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/study-reviews-tco-public-vs-private-cloud-messaging-and-collaboratio" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/study-reviews-tco-public-vs-private-cloud-messaging-and-collaboratio" data-lang="en">Tweet</a></div><p>As we have said for some time now, not all “clouds” are created equal. An interesting report was released today from <a href="http://www.azaleos.com">Azaleos Corporation</a>, a provider of managed email, collaboration and unified communications and <a href="http://www.ostermanresearch.com">Osterman Research</a> that studied the TCO of public cloud vs. private cloud when it comes to deployments of messaging and collaboration systems.<br /><br />The study looked at the total cost of ownership (TCO) when implementing enterprise configurations of the Microsoft Unified Communications stack of applications—Exchange, SharePoint and Lync—on premises, using a public cloud, such as Office 365, and using a private cloud model where “servers and software are all dedicated per customer and located in a secure third party data center, but the infrastructure is managed remotely by a service provider for a fee per user per month.”<br /><br />The interesting approach of evaluating cloud vs. cloud led research analyst Michael Osterman to find “the private cloud model of delivering and managing enterprise grade services using the Microsoft stack is less expensive than the public cloud because of two primary factors. First, the base price for public cloud provider services is higher than the fully amortized price of the hardware. Next, when deploying an enterprise scale system, some of the additional features like adding voice functions to Lync or extra bandwidth in an Exchange environment are much more expensive in the public cloud than in a private cloud scenario.”<br /><br />While prudently acknowledging that “developing cost models for offerings as complex as those discussed in this white paper requires some level of interpretation and judgment” and that “some readers may disagree with aspects of the cost model we have developed,” the general finding held the private cloud TCO was cheaper by 26% once enterprise grade capabilities were factored in. The public vs. private comparisons did take into account the recently announced price reductions of Office 365.<br /><br />One key myth that Osterman points out is that the cloud is not just for smaller organizations. Writes Osterman, “Contrary to the beliefs of many decision makers, the cloud is not just for small organizations. Although Microsoft says that 90%+ of Office 365 deployments are with companies under 50 seats, and even though only about 5% of the total market today is using the cloud for Exchange, our findings clearly demonstrate that cloud-based offerings – whether public or private—are less expensive than on-premise solutions even in large organization deployments.” <br /><br />Of course the primary myth the paper tackles is that public clouds are cheaper than private. “While there’s a general perception within the IT industry that public cloud services are always the cheapest alternatives, this study pokes a number of holes in that argument,” observes Scott Gode, vice president of product management and marketing for Azaleos. “Osterman Research’s findings clearly demonstrate that for medium to large sized organizations the public cloud is still not ready to compete with private cloud alternatives in terms of cost of ownership. When you factor in the added functionality and security benefits, the advantages provided by private cloud deployments of Exchange, SharePoint and Lync are very compelling.”<br /><br />The paper, “Cloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds” was made available today and can be <a href="http://www.azaleos.com/whitepapers/signup/Cloud-vs-Cloud-Comparing-TCO-of-Office-365--Private-Clouds">downloaded through Azaleos</a>. It’s a thought-provoking read.</p> </article> <article> <h1>MAAWG Alters Name to Better Reflect Concentration Areas: M3</h1> <p>Stephanie Jordan — Tue, 28 Feb 2012 06:20:38 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/maawg-alters-name-better-reflect-concentration-areas-m3" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/maawg-alters-name-better-reflect-concentration-areas-m3" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/maawg-alters-name-better-reflect-concentration-areas-m3" data-lang="en">Tweet</a></div><p>In an effort to bring the messaging industry even closer together, the <a href="http://www.maawg.org">Messaging Anti-Abuse Working Group</a> (MAAWG), which held its 24th General Meeting in San Francisco last week, announced a name change to better articulate the group’s focus.<br /><br />Long known for its holistic approach to messaging abuse, the organization was originally founded in 2004 to specifically address the issue of spam. But overtime, the group has broadened to include abuse on any messaging platform. This month’s official announcement of the name change from MAAWG to M3AAWG – also known as M3 for Messaging, Malware and Mobile – demonstrates the groups hope to create a tighter circle around messaging security professionals. <br /><br />“Messaging, Malware and Mobile, those are the places that the bad guys continue to push,” explains Jerry Upton, M3AAWG Executive Director. “We decided we would go with this M3 description of our work activities to make it easier for people to understand what our focus is. Fundamentally, we have been doing a lot of this work for a number of years. Now it’s more of a public statement.”<br /><br />M3AAWG leadership also hopes that a better understanding of the group’s charter, will mean an even more collaborative approach to messaging abuse will result. As an example, Upton notes the organization has focused on bots since 2008, “We are just becoming more public around the additional areas we have been working on for a while in the hope that it makes it easier for our members to send their malware teams, and mobile teams, along with messaging teams.” <br /><br />Michael O’Reirdan, in his fourth term as M3AAWG Chairman, puts it this way: “A quick online search produces over 14 million links to references connecting messaging and malware, yet in reality abuse professionals in these fields usually work autonomously. This isolation keeps companies in the dark and bestows a ‘divide and conquer’ advantage to the cybercriminals. M3 is the path forward because cooperative efforts among all these experts – messaging abuse, malware and mobile security professionals – is the only way to win this war.” <br /><br />The need to focus on mobile is understandable, now that smartphones are so pervasive today. “It used to be in the mobile world you didn’t have to worry because there was 2,000 different platforms,” says Upton. “But today, the number of platforms is much smaller and the targets are much bigger. So now you have a computer that you carry, with more personal information than you put in your laptop, and it is connected to the Internet with a broadband pipe. All that makes you a great target. Bad guys spend an enormous amount of money going after the targets now.”<br /><br />O’Reirdan believes people have not fully grasped the potential danger. “The psychology is that it’s a phone and phones are safe, but that is not the reality. The Apple infrastructure is pretty well protected, but you have this whole other Android thing where there is a little more scope for naughtiness. Google is doing some stalwart work to deal with it, but you do have a much more open platform. There is a lot of virtue in openness, as we know, but at the same time it comes with some degree of risk.”<br /><br />Last week’s General Meeting featured panels on smartphone threats, discussions on how mobile platform abuse will affect senders, current malware trends, and a report on following malware money, among other sessions during the three-day, multi-track event.<br /><br />Also announced during the week was the ambitious project to be the first program to report the number of bots logged by ISPs and network operators. Organized by M3, the bot metrics report effort is a part of a voluntary joint industry-government council under the U.S. Federal Communications Commission. The project is being developed in conjunction with the CSRIC Botnet Remediation Working Group 7, also chaired by O’Reirdan, as part of the FCC’s private industry-government cooperative to enhance online security.<br /><br />“The botnet stuff is proving to be really interesting for a number of reasons,” says O’Reirdan. “There are a lots of ways to gather the data. The work that is going on at M3 is to establish a point where you can compare apples to apples.” <br /> <br />O’Reirdan explains that various ISPs and service providers are gathering bot metrics one way, while others are doing it another way. O’Reirdan says that a lot of the work going on with M3 bot metrics program is to get into a position to deal with the problem and be able to compare data and overcome the challenge of data derived from unlike sources and technologies. “It may well be very, very difficult,” acknowledges O’Reirdan. <br /><br />The new CSRIC-requested report will measure the number of bot-infected users each quarter and participation is voluntary. Exactly when the first report will be available is unknown. “Predicting when a regular report might come out is still premature. It is going to be a multi-tiered effort with a number of organizations and a variety of different parts of the Internet doing different things.” All in all, O’Reirdan says, “It is quite a long term and complex project.”<br /> <br />The ultimate goal of M3AAWG name change is to build awareness that the messaging industry has to move beyond a siloed approach to better protect end-users. “Please refer to us as M-Cubed not M3, as we are not a BMW,” quips O’Reirdan. “Although we do move quickly.”</p> </article> <article> <h1>Mobile Worker Population Continues Boom, Cherry on Top for Ice Cream Sandwich Android</h1> <p>Stephanie Jordan — Thu, 09 Feb 2012 02:54:28 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" data-lang="en">Tweet</a></div><p>For those with Android 4.0, this week’s Chrome beta release is exciting and for some long awaited. Anticipated since 2008, Google is offering the latest browser direct from the Android Market, alleviating users from the wait for an operating system upgrade from handset makers.</p> <p>The Chrome for Android beta is based on Chrome 16.0.915.75. Unfortunately for some this version is only for devices running Ice Cream Sandwich (namely Samsung’s Galaxy Nexus smartphone and Motorola’s Xoom tablet). Google is asking users to <a href="http://code.google.com/p/chromium/issues/entry?template=Android%20Issue ">file bug reports</a>. The company is also making a plea to the developer community and launched <a href="http://code.google.com/chrome/mobile">a new developer site</a> specifically for those that might be interested in working with Chrome and Android. </p> <p>Mobile web is quickly becoming a hot area with makers trying to mimic the desktop experience with a mobile device and being able to sync between the two. Firefox mobile browser and now Chrome for Android are clear steps in that direction.</p> <p>Much of the demand for a seamless experience while surfing comes from consumers and mobile workers alike. The BYOD (bring your own device) trend has now reached critical mass in many organizations. Last month analyst organization IDC stated that by 2015 the world’s mobile worker population will reach 1.3 billion, representing 37.2% of the total workforce. This growth is enabled not only by the ease of use and increasing functionality of smartphones, but also the sheer penetration of smartphones into different markets in a range of price points.</p> <p>All over the Net this week readers are seeing articles quoting a report from analyst organization <a href="http://www.canalys.com">Canalys</a> that found more smartphones were shipped by vendors than client PCs in 2011, even with pads, notebooks, netbooks and desktops in the client PC category.</p> <p>“In 2011 we saw a fall in demand for netbooks, and slowing demand for notebooks and desktops as a direct result of rising interest in pads,” explains Chris Jones, VP and principal analyst for Canalys. “But pads have had negligible impact on smart phone volumes and markets across the globe have seen persistent and substantial growth through 2011. Smart phone shipments overtaking those of client PCs should be seen as a significant milestone. In the space of a few years, smart phones have grown from being a niche product segment at the high-end of the mobile phone market to becoming a truly mass-market proposition. The greater availability of smart phones at lower price points has helped tremendously, but there has been a driving trend of increasing consumer appetite for Internet browsing, content consumption and engaging with apps and services on mobile devices.” </p> <p>Even as the Android market grows, and Chrome for Android will only accelerate it, Apple, according to Canalys, had an amazing 2011. “Apple’s impressive end to the year resulted in it becoming the leading smart phone and client PC vendor in Q4 2011, with shipments of 37.0 million iPhones, 15.4 million iPads and 5.2 million Macs. It also smashed the record for the most smart phones shipped globally by any single vendor in one quarter, beating Nokia’s previous record of 28.3 million shipped in Q4 2010. Moreover, Apple’s performance meant that it displaced Nokia, for the first time, as the leading smart phone vendor by annual shipments. Apple shipped 93.1 million iPhones in 2011, representing growth of 96% over 2010. The iPhone 4S benefited from pent-up demand resulting from the launch coming in October rather than June, but Apple’s overall volume was also buoyed by continued shipments of the now more aggressively priced iPhone 4 and 3GS models.”</p> <p>The growth in smartphone and other devices, and the BYOD trend, has prompted the organizers of <a href="http://www.rsaconference.com/">RSA Conference 2012</a> to introduce a mobile security breakout track this year. (The show takes place later this month.) The description of the track says, “Sessions focus on managing employee-owned devices, smartphone/tablet security, and mobile security policies. In this track you’ll find information on, mobile malware, handling eDiscovery on employee-owned devices, mobile application threats, managing consumerization, and emerging threats to mobile devices and mobile workers.”</p> <p>As we have seen in the past, where the people are, malware writers are not far behind. Mobile security features, at least from an IT department’s perspective, just might be the future driver of BYOD recommendations.</p> </article> <article> <h1>Next Up, Social Media Law</h1> <p>Stephanie Jordan — Tue, 31 Jan 2012 03:23:54 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" data-lang="en">Tweet</a></div><p>More and more today, for the corporate user, social networking is giving way to social business, and along with it, experts predict, will be specific social media law and regulations.<br /><br />A recent eWeek article,<a href="http://www.eweek.com/c/a/Enterprise-Applications/IBM-Goes-Social-25-Examples-of-Big-Blue-Becoming-a-Social-Business-601979/?kc=EWKNLEDP01202012A"> IBM Gets Down to Social Business</a>, points to how “Social networking, and its social-business offspring, has become a fashionable field of study at universities. Student projects often focus on using social networks to solve everyday and business-related problems.” The story notes how students are using social-business projects for their master’s thesis.<br /><br />As social networking becomes more tightly woven into business processes, it is no surprise that greater regulation is anticipated. Well known legal firm <a href="http://www.mofo.com">Morrison & Foerster</a> (MoFo) recently launched a new blog called <a href="http://www.sociallyawareblog.com"><em>Socially Aware</em></a>, “to help companies understand the legal implications of social media use – including privacy protection for workers’ Facebook musings, securities laws governing blog postings, or the confidentiality of instant messaging.”<br /><br />This blog may sound familiar, as it is a companion to the firm’s <em>Socially Aware</em> newsletter. While it is still emerging, social media law is a high interest area for Fortune 500 companies. Morrison & Foerster’s Social Media Practice Group says it advises companies and financial institutions across industry sectors on social media law, regulation and policy affecting privacy, data security, intellectual property, employment, securities, advertising, defamation, online contracting, user-generated content and use of social media in the workplace.<br /><br />According to the blog, there will be “an explosion of employment law disputes involving social media this year.” John Delaney, a founding editor of <em>Socially Aware</em> and co-chair of Morrison & Foerster’s Social Media Practice Group, believes everyone from Fortune 500 companies to mom-and-pop neighborhood stores are rushing to embrace social media, and says the medium is perhaps the greatest tool for reaching customers since the creation of the World Wide Web. <br /><br />Delaney warns however, “Corporate users of social media need to be aware of emerging intellectual property, privacy, employment law and other legal risks associated with social networks. This is an area where implementing a few protective measures today will help a company avoid expensive legal headaches in the future.”<br /><br />In 2012, companies that have been slow to adopt social media, MoFo expects, will begin to do so. Notes a blog entry, “We will see even the most conservative Fortune 500 companies adopting internal, company-wide social media platforms of the type offered by Jive, NewsGator and SocialText. In 2013 and beyond, we’ll be seeing a new generation of privacy, employment, defamation and other legal claims arising out of these enterprise social platforms.”<br /><br />It won’t be just companies that will experience an increase in social media law activity. MoFo says that regardless of Facebook’s recent settlement with the FTC over its data collection practices, the firm anticipates still further privacy law headaches for social media companies. “Many social media providers, anxious to justify astronomical valuations, are undoubtedly feeling pressure to make more aggressive use of personal information collected from customers.” MoFo predicts we will witness much more in 2012, especially by European regulators.<br /><br />Even though social media law is not “new” — just look at the blog’s interesting <em>Key Moments in Social Media Law</em> that begins with an entry for 1984 — it is clearly building in complexity, especially as it pertains to privacy and content ownership rights.</p> </article> <article> <h1>SMBs Need Email Archiving Too, Five Common Mistakes to Avoid</h1> <p>Stephanie Jordan — Wed, 30 Nov 2011 18:37:08 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" data-lang="en">Tweet</a></div><p>Increasing regulation and litigation mean that email archiving is becoming essential for companies of all sizes and in all industries—not just for finance, health care, and government. Deborah Galea, COO and co-founder of <a href="http://www.policypatrol.com/email-archiving-exchange.htm">Red Earth Software</a> recently shared with me five common mistakes that SMBs make when thinking about email archiving<br /><br /><strong>Mistake One:</strong> Thinking small companies do not need an email archiving solution. Civil litigation can hit any company at any time, and if you cannot provide emails during the eDiscovery process, you could get hit with major financial sanctions. It’s also important to archive emails in the event of any sort of employee dispute, such as a layoff or a firing. Protect your company and make sure to have an email retention policy in place.<br /><br /><strong>Mistake Two:</strong> Putting off implementing an email archiving system to save on costs. Although there are certainly a lot of expensive email archiving systems out there, more cost effective solutions are now becoming available. Cost is really no excuse anymore for not having an email archiving solution in place.<br /><br /><strong>Mistake Three:</strong> Having only one employee knowledgeable about the system. Employees come and go and you don’t want only one person, such as a lone IT manager, knowing how to update and troubleshoot the system. Make sure all employees are aware of the email retention policy and make sure more than one person is able to use it effectively.<br /><br /><strong>Mistake Four:</strong> Not having a data map. It is important to know what kind of electronic data your company has, where it is located and how to access it. Any company, large and small, should have an eDiscovery data map (<a href="http://www.policypatrol.com/docs/ediscovery-data-map.xls">view sample data map</a>) to ease eDiscovery requests and to help meet retention guidelines.<br /><br /><strong>Mistake Five</strong>: Not regularly testing or updating the system. An email archiving solution is useless if it has any downtime or is out-of-date. Make sure that the system is spot-checked regularly and remember that this is not a “build it and forget it” project.<br /><br />As Galea notes: “Even just a few years ago, many companies had no idea what email archiving entailed. Fast forward a few years and most companies know that they need to have an email archiving solution in place.” <br /><br />Whether you are moving from knowing you need an email archiving system to actually implementing one or if you already have one, these five common mistakes are good review for us all.</p> </article> <article> <h1>User Education Key Element in Messaging Security Strategy</h1> <p>Stephanie Jordan — Thu, 17 Nov 2011 02:15:14 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:messagingnews" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" data-lang="en">Tweet</a></div><p>Do your users take IT security seriously? A recent poll would indicate many workers do not. This trend is not exclusive to the U.S with the poll including respondents from around the globe. What the poll reflects is that employees look to IT to be the responsible ones, and in today’s climate of sophisticated attacks, speed and connectivity, it really should be in every employee’s job description to adhere to security policies and be a part of protecting the company from outside threats.</p> <p>The poll was conducted earlier this fall by <a href="http://www.avira.com">Avira</a>, a German antivirus software company and published last week. The company asked three questions under the heading of: How careful are you when it comes to IT security in your company? There were 991 respondents with the majority (717) of the respondents being either German, English or Russian speaking.</p> <p>1) We have strict and detailed policies for IT security and the entire company takes care to follow all the policies in order to protect the company - 38.95 percent of the respondents who answered this question agreed.</p> <p>2) We have security policies, but I don’t think anybody cares if we follow the policies or not - 35.42 percent of the respondents who answered this question agreed.</p> <p>3) I don’t think about IT security at all; our system administrators are responsible for security so it’s not my concern. - 25.63 percent of the respondents who answered this question agreed.</p> <p>The employee attitude of question two and three is essentially saying to IT, “it’s not my job.” This is where the need for employee education becomes more critical. </p> <p>Hopefully, most organizations these days have published messaging policies that cover everything online - from mobile, to social media, to email and Web. Providing that is in place, making sure that employees are more aligned toward that question one camp (“… the entire company takes care to follow all the policies in order to protect the company”) takes effort.</p> <p>“When we see that less than 40 percent of workers take IT security seriously while at work, we know there is more to be done when it comes to educating people about IT security,” said Sorin Mustaca, data security expert at Avira. “Holding regular employee sessions to address the importance of staying vigilant while at work to make sure nothing happens to the corporate or small business network is equally important.”</p> <p><strong>Recommendations for Employee Education</strong></p> <p>Mustaca believes that using recent scary statistics of all the bad things out there to try to make employees get on board is not the best tactic. As he thinks the impression would be fleeting and soon forgotten. </p> <p>Instead Mustaca says, “I can imagine some live sessions demonstrating how malware gets into computers and how users like themselves get infected (the attack vectors). We have malware today that comes via email, gets dropped by simply visiting a web site, gets transmitted via Instant Messaging or gets transmitted because of a vulnerability in a software. It is important to show them also the effects of such an infection. Many malware these days steal or encrypt documents, install keyloggers, steal banking information and so on.”</p> <p>Phishing is another area that employees need to better understand. Mustaca recommends describing how many methods to get phished exist. “Any user should be able to identify a phishing web site, because this can affect them also when they are home.”</p> <p>Big company-wide sessions are not ideal believes Mustaca. He recommends that educational sessions be small so that employees are able to concentrate on the facts and ask questions. He also thinks it is very important that the sessions have mixed participation from people with various backgrounds. “This way it can be seen that anyone can be hit if he or she doesn’t pay attention.”</p> <p>Today, employees are expected to perform tasks at heightened speeds. This has created a daily routine that means employees may take more risks with company information and simply be too busy just getting through their day to pay much attention to company policy or IT security. </p> <p>Mustaca notes that while he understands people see computers as tools to do their jobs, “I am disappointed to see that a quarter of the users who took the survey are completely ignoring the importance of IT security. If all who access the Internet would fulfill some minimum security requirements then the online world would be a much safer place.”</p> <p>Unfortunately, many outside of IT do not take messaging security seriously, but perhaps with ongoing user education and smaller-sized training sessions, progress can be made toward enlisting every employee to follow IT security policies.</p> </article> </main></body></html>