IDC Offers Insights into SMBs, Unified Communication and Collaboration</h1> <article> <h1>IDC Offers Insights into SMBs, Unified Communication and Collaboration</h1> <p>Stephanie Jordan — Mon, 17 Oct 2011 02:16:33 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/idc-offers-insights-smbs-unified-communication-and-collaboration" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/idc-offers-insights-smbs-unified-communication-and-collaboration" data-url="http://www.messagingnews.com/story/idc-offers-insights-smbs-unified-communication-and-collaboration" data-lang="en">Tweet</a></div><p>Just because a business is small to medium-sized does not mean that the importance of messaging tools is lost to them. According to recent research released last week from <a href="http://www.idc.com">International Data Corporation (IDC)</a>, forward-looking SMBs are selectively using a range of tools including voice-over-IP (VoIP) and unified messaging. Few, however, says IDC have implemented a comprehensive, end-to-end unified communications (UC) system that can deliver connectivity and collaboration capabilities beyond the sum of its separate parts.</p> <p>“Many SMB’s business and IT priorities relate to communication and collaboration,” says Justin Jaffe, research manager for Small/Medium-Sized Business and Remote Worker/Home Business research at IDC. “SMBs are interested in both underlying capabilities and specific UC technologies.”</p> <p>The report authors note that due to the economic downturn underscoring the need for expense management and restrictions on business travel, especially for SMBs, there has been an increase in the popularity of virtual alternatives to in-person meetings. Approximately 45% of medium-sized businesses currently use some type of conferencing technology.</p> <p>Additionally, the paper states that while SMB ownership of mobile resources—from smartphones to notebooks to media tablets—continues to increase along with interest in supporting remote workers, adoption of unified messaging remains modest. The study found, however, that the percentage of firms citing plans to add it in the next 12 months has increased since the previous IDC survey, indicating a keen interest with more than 30% of small firms and 55% of midsize firms acknowledging plans to add at least one UC component in the next 12 months.</p> <p>“The real challenge for vendors is to effectively connect the benefits of unified communications to improved business performance,” believes Jaffe. “Show how UC can make a real difference in productivity and efficiency and SMBs will flock to it.”</p> <p>More information and results can be found in the IDC whitepaper: <a href="http://www.idc.com/getdoc.jsp?containerId=230314">Unified Communications in U.S. Small and Medium-Sized Business, 2011: Growing Demand for Communication, Collaboration, and Connectivity—But Integration Remains Elusive</a> (IDC #230314).</p> </article> <article> <h1>Financial Services, Social Networking, and FINRA</h1> <p>Stephanie Jordan — Thu, 15 Sep 2011 04:41:01 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/financial-services-social-networking-and-finra" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/financial-services-social-networking-and-finra" data-url="http://www.messagingnews.com/story/financial-services-social-networking-and-finra" data-lang="en">Tweet</a></div><p>Last month FINRA (Financial Industry Regulatory Authority) issued <a href="http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf">Regulatory Notice 11-39</a> to provide “guidance on social networking Web sites and business communications” for financial firms and brokers. <br /> <br /> Regulatory Notice 11-39 is intended as a response to growing questions in regards to the application of January 2010 Regulatory Notice 10-06’s rules about communications with the public on social media sites as it pertains to recordkeeping, content requirements, and general compliance. <br /> <br /> Stephen Marsh, founder and CEO of <a href="http://www.smarsh.com">Smarsh</a>, offered his take on the significance of last month’s announcement: “FINRA 11-39 is significant in that it adds more context and detail to FINRA’s approach to social media and personal devices which was originally laid out in 10-06. The biggest takeaway for broker-dealers is that it’s about the message – not the medium. If the message is business-related, then it doesn’t matter if it’s a tweet, a text from your personal BlackBerry or an email from your work computer – you must retain, retrieve and supervise it.”<br /> <br /> According to a recent Smarsh survey, while 70% of respondents reported that their compliance policy addresses the use of email for business purposes, less than half have policies to address other forms of electronic communication, such as instant messaging (45%), text messaging (35%), LinkedIn (47%), Facebook (42%) and Twitter (34%). <br /> <br /> “FINRA 11-39 is just the latest reminder to firms that they need to take a proactive approach to manage their compliance obligations and minimize the risks that come with these new communications channels,” says Marsh.<br /> <br /> Even if your organization is not in the financial services industry, it is well to be aware of these best-practices as set forth by the agency and consider incorporating elements into your company’s communication policies. </p> </article> <article> <h1>Central American Bank Expanding Entrust IdentityGuard Platform for Layered Security with Mobile Capabilities -- Real World Solutions for Mobile Security</h1> <p>Stephanie Jordan — Thu, 18 Aug 2011 05:21:21 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/central-american-bank-expanding-entrust-identityguard-platform-layered-security-mobile-capabil" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/central-american-bank-expanding-entrust-identityguard-platform-layered-security-mobile-capabil" data-url="http://www.messagingnews.com/story/central-american-bank-expanding-entrust-identityguard-platform-layered-security-mobile-capabil" data-lang="en">Tweet</a></div><h3>The Challenge</h3> <p>Grupo Financiero Ficohsa, founded in 1994 and based in Honduras, is taking a proactive stance in securing customer identities by expanding their strong authentication solution to include mobile authentication. An <a href="http://www.entrust.com">Entrust</a> customer since 2007, Ficohsa currently uses the Entrust IdentityGuard versatile authentication platform to manage more than 15,000 custom-branded hardware tokens as part of a layered security approach. Like Ficohsa’s strategy, layering security is proven to help defend against attacks that target token-only schemes, and reduces costs by leveraging mobile devices already owned by banking customers.</p> <h3>The Solution</h3> <p>Mobile applications are increasingly becoming an area of concern for security experts, especially in the banking industry. Ficohsa now expands its mobile security to secure customer identities by utilizing <a href="http://tokentradeup.entrust.com/">Entrust IdentityGuard Mobile</a> software tokens.</p> <p>Adding the additional layer of security will allow Ficohsa’s customers to feel more protected when banking across any channel. The layered-security approach not only helps to defend against attacks, but reduces costs by leveraging mobile devices already owned by banking customers.</p> <h3>The Customer Rave</h3> <p>“Our organization is always conscious of new or advanced technology that will better serve, and secure, our valued customers,” says Sergio Stefan VP of Consumer Banking and Small and Medium Business, at Grupo Financiero Ficohsa. “The use of mobile authentication—specifically soft tokens—is a natural fit into our customers’ lifestyles. They’ll be more likely to adopt the authentication method and feel more secure banking with us, regardless of the channel or platform.”</p> <h3>What It Does</h3> <p>Entrust enables organizations to layer security—according to access requirements or the risk of a given transaction—across diverse users and applications. Entrust’s authentication capabilities include smartcards and USB tokens, soft tokens, grid cards and eGrids, IP-geolocation, questions and answers, out-of-band one-time passcode (delivered via voice, SMS or email), and a range of one-time-passcode tokens. In addition, digital certificates are used on mobile devices, in software and on smartcards and USB tokens.</p> <h3>Last Word</h3> <p>Entrust strongly recommends organizations move away from outdated, token-only security to comprehensive, layered security strategies than are proven to stop advanced online attacks. As recent, high-profile breaches have shown, token-only approaches are easily defeated.</p> <p>“More banks and financial institutions should migrate to platform-based authentication to help defend against attacks on token-only security schemes,” believes Entrust President and CEO Bill Conner. “Hardware tokens are still effective as a strong authenticator, but only when used as a single component to a broader, multilayered security strategy.”</p> </article> <article> <h1>The Cloud, Social Media and E-Discovery</h1> <p>Stephanie Jordan — Thu, 14 Jul 2011 22:46:01 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/cloud-social-media-and-e-discovery" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/cloud-social-media-and-e-discovery" data-url="http://www.messagingnews.com/story/cloud-social-media-and-e-discovery" data-lang="en">Tweet</a></div><p>A recent survey published by analyst firm Enterprise Strategy Group (ESG) and <a href="http://www.clearwellsystems.com">Clearwell Systems, Inc.</a> points to increased interest in e-discovery for cloud-based applications and social media. According to the findings, “30 percent of respondents reported cloud-based applications as in-scope for e-discovery in 2010. In 2011, that number is expected to jump to 60 percent, illustrating the pervasiveness of cloud computing as part of corporate IT infrastructure and the need for companies to be in control of their data both inside and outside of their firewalls. Yet despite the rising importance of cloud-based applications in e-discovery, only one quarter of respondents deemed their organization truly prepared to handle e-discovery requests involving the cloud. When asked why they were unprepared to respond to the necessary cloud-related requests, 39 percent stated they had no prior need, while an alarming 37 percent reported their organization had simply no defined policy for discovery of cloud-based applications.”</p> <p> Other key survey findings on e-discovery expectations:</p> <ul> <li>58 percent of respondents expect to manage social media applications as part of e-discovery in 2011, more than double the 27 percent who did so in 2010. </li> <li>With 61 percent of responses, collaboration suites such as SharePoint were cited as the most pervasive cloud computing technology impacting enterprises, followed by cloud-based email at 54 percent. </li> <li>When asked what types of social media applications would be the most relevant for e-discovery, 79 percent named Facebook, followed by Twitter (64 percent) and LinkedIn (55 percent). </li> <li>Over 70 percent of the respondents saw the number of lawsuits and regulatory inquiries increase from 2009 to 2010. Nearly half of those surveyed stated that the number of lawsuits increased by up to 20 percent and approximately 8 percent reported a dramatic increase of 50 percent or more. </li> <li>The expected rise in litigation in 2011 is nearly identical to the rise seen in 2010, with 7 out of 10 companies believing that investigations will continue to increase.</li> </ul> <p>The survey results were based upon responses gathered from more than a hundred Fortune 2000 enterprises and government agencies. ESG’s full <a href="http://info.clearwellsystems.com/wp-esg-research-survey.html">“Trends in E-Discovery: Cloud and Collection”</a> report and analysis is available for download from Clearwell’s Web site .</p> <p> In other Clearwell news, just this week, Symantec Corp. announced that privately-held Clearwell is now part of Symantec. The company completed its acquisition of Clearwell on June 24. The acquisition agreement between Symantec and Clearwell was originally announced in May. Clearwell will join Symantec’s Information Management Group. Symantec plans to offer Clearwell’s e-discovery solution as well as its own Symantec Enterprise Vault.</p> <p> </p> </article> <article> <h1>Spam Dips to Lowest Level Since 2008</h1> <p>Stephanie Jordan — Thu, 30 Jun 2011 02:48:49 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/spam-dips-lowest-level-2008" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/spam-dips-lowest-level-2008" data-url="http://www.messagingnews.com/story/spam-dips-lowest-level-2008" data-lang="en">Tweet</a></div><p>Messaging experts expend a great deal of time and energy following trends and offering analysis. The latest report from <a href="http://www.symantec.com">Symantec</a> states that June spam levels are currently at the lowest level since the November 2008 takedown of McColo, a California based ISP which hosted command and control channels for a number of major botnets. Its <a href="http://www.symanteccloud.com/globalthreats?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011Jun_worldwide_intelligencereport">June 2011 Symantec Intelligence Report</a>, which is the first Symantec report to combine research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report, reveals spam accounted for 72.9 percent of email in June, returning to the same level as in April earlier this year. According to Symantec Intelligence, 76.6 percent of this spam was sent by botnets, compared with 83.1 percent in March.</p> <p> “Despite the decrease in botnet spam this month, they should still be considered a dangerous force on the Internet,” believes Paul Wood, senior intelligence analyst, Symantec.cloud. “Cybercriminals continue to use botnets to conduct distributed denial of service attacks (DDoS), carry out fraudulent click-thrus on unsuspecting Web sites for financial gain, host illegal Web site content on infected computers, harvest personal data from infected users and install spyware to track victims’ activities online.”</p> <p> Wood goes on to say that following the March disruption of Rustock, the largest spam-sending botnet, approximately 36.9 billion spam emails were in circulation each day during April. This number rose to 41.7 billion in May, before falling back to 39.2 billion in June. “Spam remains a huge problem and spam levels continue to be unpredictable,” he states.</p> <p> Other highlights from the report:</p> <p><strong> Pharmaceutical Spam:</strong> In the latest analysis, spam relating to pharmaceutical products accounted for 40 percent of all spam in June 2011, declining from 64.2 percent at the end of 2010. Symantec Intelligence also reports a new spam tactic in use that introduces the “Wiki” name prefix for the promotion of fake pharmaceutical products relating to a new pharmacy brand, WikiPharmacy. The “Subject:” line in these attacks has a lot of randomization contained in the text. The “From:” header is either fake or a hijacked ISP account that gives a personalized appearance to the email.</p> <p><strong> Adult Spam:</strong> Researchers note that spam subject line analysis shows that adult spam continues to flourish.</p> <p> <strong>Phishing:</strong> In June, phishing activity decreased by 0.06 percent since May 2011; one in 286.7 emails (0.349 percent) comprised some form of phishing attack. South Africa remains the most targeted geography for phishing emails in June, with 1 in 111.7 emails identified as phishing attacks. In the UK, phishing accounted for 1 in 130.2 emails, in the U.S. 1 in 1,270 and in Canada 1 in 207.7.</p> <p> <strong>E-mail-borne Threats:</strong> The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333 percent) in June, a decrease of 0.117 percentage points since May 2011.</p> <p> <strong>Web-based Malware Threats:</strong> In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 70.8percent percent since May 2011.</p> <p> <strong>Endpoint Threats:</strong> The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit[1], a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions.</p> <p> Read the <a href="http://www.symanteccloud.com/globalthreats?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011Jun_worldwide_intelligencereport">June 2011 Symantec Intelligence Report</a> (PDF) for more findings.</p> </article> <article> <h1>Marketers: Repair Poor Reputations to Reach Inbox</h1> <p>Stephanie Jordan — Thu, 30 Jun 2011 02:41:03 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/marketers-repair-poor-reputations-reach-inbox" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/marketers-repair-poor-reputations-reach-inbox" data-url="http://www.messagingnews.com/story/marketers-repair-poor-reputations-reach-inbox" data-lang="en">Tweet</a></div><p>A new report re-confirms that email reputation significantly impacts a marketer’s ability to reach their intended audience. The results of the report, published by <a href="http://returnpath.net">Return Path</a>, encourages email marketers to examine the critical factors impacting email marketing performance in order to ensure their emails are getting into the inbox. While the report targets large email marketers, the findings can be applied to anyone who is responsible for their company’s emailing programs to customers and clients, regardless of size.</p> <p> “If you have a million addresses and 20% of your emails are blocked, you are missing 200,000 messages every time you hit ‘send,’” reminds George Bilbrey, president of Return Path. “This means lost revenue, poor customer experience, increased customer service costs, lost branding opportunities and the inability to advance your message to your marketplace. By understanding the impact email reputation has on email programs, marketers can take immediate and corrective action to ensure higher inbox placement rates.”<br /> <br /> Return Path says there are three critical factors that ISPs and other large-volume mail receivers use to determine whether or not to block emails:</p> <ul> <li>Reputation of a given email server, measured by complaints, spam trap hits, unknown user rates and similar metrics.</li> </ul> <ul> <li>Infrastructure set up which indicates a sender is a “real” mail server and not a botnet or spammer.</li> </ul> <ul> <li>Content associated with complaints, spam trap hits and unknown user rates.</li> </ul> <p> To prepare the report, the researchers relied on complaint rates, spam trap hits and unknown user rates by <a href="http://www.senderscore.org/">Sender Score</a>, the company’s proprietary reputation rank, which is calculated by aggregating reputation performance data from a variety of ISPs, spam filtering and security companies. For its reputation study, Return Path says analysts examined IPs by Sender Score bands on more than 18 million IP addresses, collected from 30 of the world’s top ISPs and other large-volume mail receivers representing over 2.1 billion mailboxes in North America, South America, Europe and Asia. The study shows how reputation factors influence an IP’s Sender Score and how that correlates to Inbox Placement Rates (IPR). <br /> <br /> <strong>Report Findings</strong><br /> Return Path’s research shows that IPs with Sender Scores of between 41-50 have an IPR of 64% which means 36% of their email is blocked or diverted to a junk folder. IPs with Sender Scores in the mid-range between 51-70 already show considerably higher average IPRs with 71% (Sender Score 51-60) and 76% (Sender Score 61-70) respectively. Notably there is a decline in email that is rejected right at the gateway, however, the study shows IPs within this Sender Score band have a high number of emails that are rejected at a point beyond the gateway. Only IPs with the highest Sender Scores have email that is routinely “accepted” into an ISP’s system. The average IPR for IPs with Sender Scores of 91 or greater is about 88%. This is significantly lower than the 99% “accepted” rate that many Email Service Providers (ESPs) claim, Return Path points out, because in their view ESPs measure “delivered” and “accepted” at the ISP gateway, rather than what makes it to the inbox.<br /> <br /> The Return Path research report, <a href="http://www.returnpath.net/landing/reputationfactors/index.php?campid=701000000005fQf ">“The Sender Reputation Report: Key Factors that Impact Email Deliverability”</a> is available for download. </p> <p> </p> </article> <article> <h1>Proposed Copyright Bill Enlists ISPs as Enforcers</h1> <p>Stephanie Jordan — Thu, 16 Jun 2011 09:41:57 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/proposed-copyright-bill-enlists-isps-enforcers" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/proposed-copyright-bill-enlists-isps-enforcers" data-url="http://www.messagingnews.com/story/proposed-copyright-bill-enlists-isps-enforcers" data-lang="en">Tweet</a></div><p>A bill intended to control rogue Web sites that offer material that infringes on copyrights and trademarks made a comeback in May, reports the <a href="http://www.cdt.org">Center for Democracy & Technology</a>. Formally known by the acronym COICA, the new version—S. 968, the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (Its acronym is PROTECT IP Act)—has changes that narrow the bill’s reach, in response to the earlier bill’s critics.</p> <p>“In terms of scope, this year’s bill appears to do a much better job of tailoring its definitions to target true bad actors,” <a href="http://www.cdt.org/protect-ip-act">writes David Sohn</a>, senior policy counsel and director of CDT’s Project on Intellectual Property and Technology. “As a result, there is less potential for the bill to inadvertently sweep in legitimate websites. This is an important improvement, since last year’s definition could have applied quite easily to lots of multi-purpose and user-generated-content sites.”</p> <p>CDT and others oppose provisions of the bill that still enlist ISPs and others as copyright enforcers by ordering them to <a href="http://www.cdt.org/files/pdfs/20110525_public_interet_968_ltr.pdf">block certain domain names</a>. Serious concerns have been expressed as well by <a href="http://cdt.org/files/NC-Letter_on_PRA_on_Protect_IP_Act-4.pdf%3EInternet%20and%20payment%20systems%20companies%3C/a%3E,%20like%20American%20Express%20Company,%20Visa,%20PayPal,%20eBay,%20Google%20and%20others%20and%20by%20%3Ca%20href=">Computer and Communications Industry Association (CCIA), the Consumer Electronics Association (CEA) and NetCoaltion</a>. In addition, technical experts from Verisign, Georgia Tech, Internet Systems Consortium, and others issued a <a href="http://www.shinkuro.com/PROTECT%20IP%20Technical%20Whitepaper%20Final.pdf">paper</a> on the bill’s targeting of the domain name system (DNS), warning that “[m]andated DNS filtering would be minimally effective and would present technical challenges that could frustrate important security initiatives.”</p> </article> <article> <h1>Web Trends Thus Far for 2011 Include Outdated Plug-ins, Social Media Policy Struggles, Facebook Domination and Botnets</h1> <p>Stephanie Jordan — Wed, 25 May 2011 20:51:17 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/web-trends-thus-far-2011-include-outdated-plug-ins-social-media-policy-struggles-facebook-domi" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/web-trends-thus-far-2011-include-outdated-plug-ins-social-media-policy-struggles-facebook-domi" data-url="http://www.messagingnews.com/story/web-trends-thus-far-2011-include-outdated-plug-ins-social-media-policy-struggles-facebook-domi" data-lang="en">Tweet</a></div><p>Attackers are no longer targeting web and email servers, contends <a href="http://www.zscaler.com">Zscaler</a>, instead they are attacking enterprises from the inside out, by first compromising end-user systems and then leveraging them to gain access to confidential data. The company announced that its Q1 security research report, State of the Web – Q1 2011, is available this week. In the report, the company published the following findings: <br /> <br /> <br /> · <strong>Outdated Browser Plug-ins a Tempting Target for Attackers</strong>: more than 25% of corporate users are running old, insecure versions of popular browser plug-ins — such as Java, QuickTime, and Adobe Reader — creating an easy target for attackers.<br /> <br /> · <strong>Facebook Dominates Web 2.0 Traffic</strong>: even in corporate environments, Facebook accounts for most Web 2.0 application usage at 52.40% (up from 47.65% in Q4 2010).<br /> <br /> · <strong>US and China Have High Malicious Content Concentration</strong>: when considering where malicious content originates from as a percentage of overall content, both USA and China have about 2x more malicious traffic than would be expected based on overall traffic volume.<br /> <br /> · <strong>Botnet Nation</strong>: America hosts the majority of botnet Command and Control (C&C) servers at 42.48% (up from 38.20% in Q4 2010); Germany takes second place at 32.8% (up from 6.46% in Q4 2010).<br /> <br /> · <strong>Are Browsers Dying?</strong> Non-browser Internet traffic stemming from third-party applications continues to rise, accounting for nearly a quarter of all web traffic.<br /> <br /> · <strong>IE6 Continues its Exit</strong>: the outdated and insecure browser continues to wane, at only 8.43% of all browser traffic (down from 11.43% in December, 2010); however, it’s still the third most prevalent browser used, behind IE 7 (27.05%) and IE 8 (24.97%).<br /> <br /> · <strong>Enterprises Struggle with Social Networking and Policy</strong>: 7 in 10 enterprises block at least some web content based on category, with social networking being the most common category blocked. However, enterprises are still struggling to define policies on how social networking can be used in the workplace. A vast majority have no policy in place, and those that do choose to block all access to social networking sites.<br /> <br /> · <strong>AV Landscape</strong>: more than half of threats identified by Zscaler AV were delivered by web content (HTML, Javascript) as opposed to standalone binary executable files, highlighting the changing threat landscape. And 31.8% of viruses identified are those that attempt to load or redirect the user to malicious content, often on legitimate web sites.<br /> <br /> The <a href="http://www.zscaler.com/pdf/industryreports/state_of_the_web_q1_2011.pdf">full report</a> is available through the company’s site. </p> </article> <article> <h1>Electronic Communications Compliance Gaps Found in Financial Services Industry, Especially for Social Media, Mobile</h1> <p>Stephanie Jordan — Wed, 25 May 2011 20:38:02 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/electronic-communications-compliance-gaps-found-financial-services-industry-especially-social-" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/electronic-communications-compliance-gaps-found-financial-services-industry-especially-social-" data-url="http://www.messagingnews.com/story/electronic-communications-compliance-gaps-found-financial-services-industry-especially-social-" data-lang="en">Tweet</a></div><p>At FINRA’s 2011 Annual Conference this week, new survey results of compliance professionals in the financial services industry found extensive compliance gaps exist in electronic recordkeeping and supervision, particularly for new communication tools such as social media and mobile messaging. <br /> <br /><a href="http://www.smarsh.com"> Smarsh</a>, the company behind the survey, believe the results reaffirm the challenges that compliance officers face in today’s demanding regulatory environment. The results of the survey revealed the growing burden of compliance on firms, with nearly 70 percent of respondents reporting that the resources (both time and money) spent on electronic communications-related compliance increased in the past year and 98 percent expecting those resources to increase or stay the same in the next 12 months.<br /> <br /> “We conducted this research to better understand what compliance officers really think about their electronic communication compliance practices and examination experiences,” says Stephen Marsh, CEO and founder of Smarsh. “Whether it’s managing the obligations from new regulations like<a href="https://www.smarsh.com/prinsite/nr/default2.asp?siteid=12&webpageid=543"> </a>Dodd-Frank and FINRA Regulatory Notice 10-06 or dealing with the growing consumerization of IT, compliance officers must keep pace, or else leave their firms open to a myriad of risks.”<br /> <br /> <strong>New Messaging Channels<br /> </strong>When asked, respondents demonstrated an accurate understanding of their compliance obligations related to electronic communications; however, a gap exists between what they need to do to comply with these regulatory requirements and what they are actually doing. This disparity was particularly evident with new communications channels, including social media, where policies and systems to monitor and preserve messages from social networking web sites like Twitter, LinkedIn and Facebook were significantly less prevalent than those for email. For example, while three-quarters of respondents (75%) acknowledged their regulatory obligation to preserve and monitor social media communications, less than half (42%) had a policy in place and less than one-third (32%) actually retained and supervised those messages. <br /> <br /> The company notes that the impact of this gap is reflected in the level of confidence respondents have when it comes to demonstrating compliance. Eighty-seven percent of respondents were mostly or completely confident in their ability to provide requested emails within a reasonable time frame. In contrast, less than half (46%) had minimal or no confidence in their ability to provide requested social media and mobile messaging data. <br /> <br /> The <a href="https://www.smarsh.com/prinsite/nr/default2.asp?siteid=12&webpageid=553">full survey report</a> is available for download.<br /> <br /></p> </article> <article> <h1>Email Deliverability Challenges Addressed With Solution to Avoid Spam Complaints and Hard Bounces</h1> <p>Stephanie Jordan — Thu, 19 May 2011 05:49:23 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/email-deliverability-challenges-addressed-solution-avoid-spam-complaints-and-hard-bounces" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/email-deliverability-challenges-addressed-solution-avoid-spam-complaints-and-hard-bounces" data-url="http://www.messagingnews.com/story/email-deliverability-challenges-addressed-solution-avoid-spam-complaints-and-hard-bounces" data-lang="en">Tweet</a></div><p>This week <a href="http://www.messagesystems.com">Message Systems</a> announced enhancements to its Adaptive Delivery application. Originally launched in 2009, Adaptive Delivery helps companies optimize online marketing campaigns by automatically monitoring and tuning delivery parameters in real time.</p> <p>“Despite best practices and top-tier infrastructure, our deliverability rates were often less-than-stellar,” says customer James Thompson, email systems manager at Infusionsoft. “Now with Adaptive Delivery, we’re steadily above 99 percent. We’ll always need to have a deliverability specialist on hand, but now we’re able to focus on other projects.”</p> <p>According to Message Systems, Adaptive Delivery can capture, interpret and act on data, sending alerts when a mailing encounters a block, high bounce rates or other issues, and summarizes actions that can be readily reviewed and initiated to resolve problems. </p> <p>A distinguishing feature of Adaptive Delivery is how email systems managers can segregate and manage mail streams by different types of email or sender, customer segment, domain or other criteria. This makes it possible to segment higher-risk mail streams from lower-risk ones, making it easier for ISPs on the receiving end to determine and assign each mail stream’s unique reputation.</p> <p>The enhancement announcement is the added availability of Smart Threshold Management, which allows companies to suspend mailings or throttle down traffic based on different threshold rules, and those rules are configurable to their specific requirements.</p> <p>“It has helped us streamline email operations and improve our reputation,” acknowledges Thompson of the solution. “It has also helped us increase throughput and keep up with our team’s aggressive sales goals.”</p> </article> <article> <h1>New York City Unveils Public Safety System: Enabled Mobile Devices to Receive Emergency Alerts</h1> <p>Stephanie Jordan — Thu, 19 May 2011 05:55:44 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/new-york-city-unveils-public-safety-system-enabled-mobile-devices-receive-emergency-alerts" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/new-york-city-unveils-public-safety-system-enabled-mobile-devices-receive-emergency-alerts" data-url="http://www.messagingnews.com/story/new-york-city-unveils-public-safety-system-enabled-mobile-devices-receive-emergency-alerts" data-lang="en">Tweet</a></div><p>Last week NYC Mayor Michael Bloomberg, Federal Emergency Management Agency Administrator Craig Fugate, Federal Communications Commission Chairman Julius Genachowski, executives from AT&T, Sprint, T-Mobile and Verizon among others convened at the World Trade Center site to announce PLAN—the Personal Localized Alerting Network.</p> <p>The idea behind PLAN is to give customers with an enabled mobile device geographically-targeted, text-like messages alerting them of imminent threats to safety in their area. The service will be available in New York City by the end of this year, a full two calendar quarters before the rest of the nation.</p> <p>“Given the kinds of threats made against New York City at the World Trade Center, Times Square, and other places popular with visitors and tourists, we’ll be even safer when authorities can broadcast warnings to everyone in a geographic area regardless of where they came from or bought their phone,” believes New York City Mayor Michael Bloomberg. </p> <p>As emergency situations in the past have proved, mobile phone networks can get overloaded. According to the U.S. Department of Homeland Security press office, PLAN will ensure that user congestion will not stall emergency alerts. Authorized government officials will be able to send messages that participating wireless providers would then push using their cell towers to enabled mobile devices in a targeted geographic area.</p> <p>“Following the devastating tornadoes in the Southeast, we are witnessing yet again the critical role the public plays as part of our nation’s emergency management team. Making sure that they get useful and life-saving information, quickly and easily, right on their mobile phones, will help more people get out of harm’s way when a threat exists,” says FEMA Administrator Fugate. “This new technology could become a lifeline for millions of Americans and is another tool that will strengthen our nation’s resilience against all hazards.”</p> <p>When PLAN is operational, customers in an area affected by an emergency who have a PLAN-capable mobile device will receive an alert of ninety characters or less. Consumers will receive three types of alerts from PLAN: </p> <ol> <li>Alerts issued by the President; </li> <li>Alerts involving imminent threats to safety of life; and </li> <li>Amber Alerts.</li> </ol> <p>Participating carriers may allow subscribers to block all but Presidential alerts.</p> <p>“Communications technology—and in particular mobile broadband—has the potential to revolutionize emergency response,” said FCC Chairman Genachowski. “Our communications networks need to be reliable and resilient in times of emergency. The FCC is working with carriers to ensure that they are.”</p> <p>While some may grumble about invasion of privacy or other big brother complaints, in 2006, Congress passed the Warning, Alert and Response Network (WARN) Act, requiring carriers that choose to participate to activate PLAN technology with the FCC-determined deadline of April 2012. AT&T, Sprint, T-Mobile, and Verizon will offer PLAN in New York City to 90 percent of New York subscribers who have a PLAN-capable mobile device. PLAN has also been known as CMAS (Commercial Mobile Alert System).</p> <p>More information on PLAN is available at <a href="http://blog.fema.gov/2011/05/plan-another-part-of-publics-emergency.html">http://blog.fema.gov/2011/05/plan-another-part-of-publics-emergency.html</a>.</p> </article> <article> <h1>Newest Messaging Malware Targets Facebook and Twitter</h1> <p>Stephanie Jordan — Fri, 06 May 2011 17:23:57 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/newest-messaging-malware-targets-facebook-and-twitter" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/newest-messaging-malware-targets-facebook-and-twitter" data-url="http://www.messagingnews.com/story/newest-messaging-malware-targets-facebook-and-twitter" data-lang="en">Tweet</a></div><p>With millions of users adopting Facebook and Twitter, it is not unexpected to see cybercriminals moving towards the mediums as a rich source of users to target. This week <a href="http://www.fortinet.com/">Fortinet</a>, a network security provider, released its latest Threat Landscape report, which details two new malware variants aimed toward Facebook users. <br /> <br /> The malware, which is intended to look as though its coming from Facebook, claims that the users’ Facebook passwords have been reset. An attachment is included that has the “new” password. Clicking on the attachment can lead to immediate infection. <br /> <br /> “The Facebook malware variants we examined are botnet loaders, which, upon execution, connect to a command and control server to download and display a document that reveals a bogus password in an effort to look legitimate,” says Derek Manky, senior security strategist at Fortinet. “Afterwards, the botnet continues to run in the background and requests files to download and execute, one by one.”<br /> <br /> Manky warns users to always beware of file attachments, never disclose information generated by an unsolicited request, and attempt to confirm identities of those who contact them.<br /> <br /> The lesson for this particular malware to pass along: simply try your original Facebook password to see if it has indeed been changed. <br /> <br /> <strong>Twitter Attacks<br /> </strong>Twitter, one of the newest messaging channels, is not immune to malware as proved recently with the Unfollowed Me rogue application spreading virally. According to Graham Cluley of <a href="//nakedsecurity.sophos.com/2011/04/19/unfollowed-me-rogue-application-spreads-virally-on-twitter/>">Sophos</a>, thousands of Twitter users have been tricked into clicking on links that promise to reveal how many people have “unfollowed” the user. <br /> <br /> Once users agree to authorize a third-party application access to their Twitter accounts, the third-party can tweet messages in a user’s name and send messages to the user’s followers. In this instance it appears the end game is scammers making money on completed surveys. <br /> <br /> The lesson to pass along: don’t allow applications access to your account.<br /> <br /> <br /></p> </article> <article> <h1>Email Supply Chain & Integrity Is Under Attack--Can You Trust Your Email? OTA Email Authentication Training to Equip Public & Private Sectors</h1> <p>Stephanie Jordan — Thu, 07 Apr 2011 10:44:45 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/email-supply-chain-integrity-is-under-attack-can-you-trust-your-email-ota-email-authentication" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/email-supply-chain-integrity-is-under-attack-can-you-trust-your-email-ota-email-authentication" data-url="http://www.messagingnews.com/story/email-supply-chain-integrity-is-under-attack-can-you-trust-your-email-ota-email-authentication" data-lang="en">Tweet</a></div><p>The recent breaches of leading email service providers reinforces the need for security process, procedures and operational discipline among all cloud service providers. As users, businesses and governments increasingly rely on email, these events further undermine the confidence of the email channel. Today 85% of email sent is spam. In January 2011, the White House and FDIC were both targeted with over 90% of the email purporting to come from their domains was forged. Left unchecked this spoofing significantly undermines consumer trust in the brands, the ability of ISPs and corporate networks to block malicious email while impeding the delivery of the legitimate email to the inbox.</p> <p>Email exploits are increasingly targeting business and government agencies seeking to obtain confidential and classified information. Unfortunately, these efforts have been successful, obtaining log-in credentials of the supply chain of numerous ad networks, certificate authorities and email service providers, compromising millions of users’ email addresses.</p> <h2>A Proven Countermeasure: Authentication</h2> <p>While there is no silver bullet, email authentication is a proven countermeasure. Today 84% of leading ecommerce sites and 92% of social media sites have adopted one of more of the leading email authentication protocols. Unfortunately adoption by the Fortune 500 and leading government sites is below 50% and email marketer’s adoption is inconsistent.</p> <p>In an effort to restore trust in email, <a href="https://otalliance.org/">Online Trust Alliance</a> (OTA) has developed a comprehensive full-day email authentication training program for email administrators, security professionals and interactive marketers to help prevent and detect email spoofing, phishing and brand exploits. Now in its third year, the OTA Academy is delivering in-depth training, supporting international standards for email authentication including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Author Domain Signing Practices, (ADSP). The curriculum is taught by industry experts providing an in-depth review of the technology, implementation, operational and managerial requirements. Training materials and exercises are supported by real world implementations from leading brands and email providers. This program will provide hands-on learning to accelerate the development of a comprehensive plan and successful implementation of email authentication.</p> <h2>Register Today</h2> <p>Attend this training to be sure your organization is protecting your domains and brands, is compliant with industry standards, while also improving the effectiveness and deliverability of your transactional and marketing communications. Email Authentication refers to a framework of IETF standards and industry best practices and is recommended by the Federal Trade Commission, White House, and Department of Homeland Security along with industry working groups including APWG, the DMA and MAAWG.</p> <p>The OTA Academy is scheduled for May 2nd in Chicago and June 10th in San Francisco. For more information visit <a href="http://otalliance.org/events/Academy/emailauth.html">http://otalliance.org/events/Academy/emailauth.html</a>. Register by April 18 and save.</p> <p>Hope to see you in Chicago. Together we can put trust back into email and help protect users from online fraud and deception.</p> </article> <article> <h1>Understanding Hidden Threats: Corrupted Software Files</h1> <p>Stephanie Jordan — Thu, 10 Mar 2011 01:10:33 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/understanding-hidden-threats-corrupted-software-files" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/understanding-hidden-threats-corrupted-software-files" data-url="http://www.messagingnews.com/story/understanding-hidden-threats-corrupted-software-files" data-lang="en">Tweet</a></div><p>Today <a href="http://www.us-cert.gov">US-CERT</a> (United States Computer Emergency Readiness Team), which is the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), re-issued a basic overview of threats including a recommendation to take precautions when opening files. It is a good reminder for non-technical users that malicious code is not always hidden in Web page scripts or unusual file formats.</p> <p>Author Mindi McDowell’s Cyber Security Tip ST06-006 might be worth forwarding to your end-users, especially in light of the number of employees that toggle back and forth between work and personal files at home and in the office.</p> <p>—</p> <blockquote> <p>What types of files can attackers corrupt?</p> <p>An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a web site. Depending on the type of malicious code, you may infect your computer by just opening the file.</p> <p>When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files (such as a particular piece of software running on a particular operating system) or only affects certain versions of a software program.</p> <p>What problems can malicious files cause?</p> <p>There are various types of malicious code, including viruses, worms, and Trojan horses (see Why is Cyber Security a Problem? for more information). However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including</p> <ul> <li>interfering with your computer’s ability to process information by consuming memory or bandwidth (causing your computer to become significantly slower or even “freeze”)</li> <li>installing, altering, or deleting files on your computer</li> <li>giving the attacker access to your computer</li> <li>using your computer to attack other computers (see Understanding Denial-of-Service Attacks for more information)</li> </ul> <p>How can you protect yourself?</p> <ul> <li>Use and maintain anti-virus software—Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.</li> <li>Use caution with email attachments - Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first (see Using Caution with Email Attachments for more information). Not only is it possible for attackers to “spoof” the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads attachments, check your settings to see if you can disable this feature.</li> <li>Be wary of downloadable files on web sites—Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate (see Understanding Web Site Certificates for more information). If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.</li> <li>Keep software up to date—Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.</li> <li>Take advantage of security settings—Check the security settings of your email client and your web browser (see Evaluating Your Web Browser’s Security Settings for more information). Apply the highest level of security available that still gives you the functionality you need.</li> </ul> </blockquote> <p>—</p> <p>As a public-private partnership, US-CERT offers reports, tips, and alerts as part of its work to provide response support and defense against cyber attacks. Geared primarily for the Federal Civil Executive Branch, the information sharing is a valuable resource.</p> </article> <article> <h1>Twitter Stands Up to Court Order</h1> <p>Stephanie Jordan — Thu, 27 Jan 2011 03:38:47 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/twitter-stands-court-order" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/twitter-stands-court-order" data-url="http://www.messagingnews.com/story/twitter-stands-court-order" data-lang="en">Tweet</a></div><p>Last week, in its <em>Tech Policy Download</em>, the <a href="http://www.cdt.org">Center for Democracy and Technology</a> posted the entry: “What Do the Twitter ‘Subpoenas’ Mean?” The piece offered some interesting clarifications surrounding the federal government’s demand that Twitter disclose information about a number of subscribers associated with WikiLeaks. A key point made by CDT is that it was not a subpoena, as some had reported, but rather a court order that was issued.</p> <p>The CDT post also makes a note that we need to keep in mind that subscriber identifying information, transactional logs, and daily online activities are available to government investigators and all they need to do is ask service providers to reveal such information.</p> <p>But here is the piece that is worth passing on: according to the CDT, this case shows that companies do not have to immediately comply with every government request. In this instance Twitter’s court directive came with a gag order to prevent Twitter from letting users know that the government was asking for their data.</p> <p>Many times companies simply accept such orders, turn over the data, without ever telling their customers. “In this case, to its great credit, Twitter asked the judge to lift the gag order,” notes the post. The judge did and Twitter was able to notify its subscribers, so that they in turn could oppose the disclosure.</p> <p>CDT has long held the belief that the Electronic Communications Privacy Act, which sets the standard for government access to Internet records, needs updating.</p> </article> <article> <h1>Securing Messaging: Beyond User Education</h1> <p>Stephanie Jordan — Thu, 30 Dec 2010 04:03:03 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/securing-messaging-beyond-user-education" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/securing-messaging-beyond-user-education" data-url="http://www.messagingnews.com/story/securing-messaging-beyond-user-education" data-lang="en">Tweet</a></div><p>With messaging technology and devices being driven into IT, instead of the former state of out from IT, how does IT get a handle on security? Without the option of locking down employees, which truly is not an option with so many IT literate employees these days, many say a best practice is to stress user education.<strong></strong></p> <p>Ian Moyse, channel director for <a href="http://www.webroot.com/En_US/index.html">Webroot Software, Inc.</a> is wary of any messaging policy that puts too much emphasis on user education, when it comes to securing an organization’s data and messaging systems. “What I have seen recently is a number of articles, which I disagree with, that say this is about user education. I do think there is an element of user education you can do in a business as duty of care, showing examples of the bad things that can happen on Facebook, but it is very hard to change people’s behavior.” He draws an analogy to speeding in a car. “You can’t get them to not speed on the road, even with road safety campaigns, police, etc, it still happens. You cannot rely on just educating users, especially when things change so quickly. Facebook wasn’t even around a few years ago. Definitely educate them, but how often can you do it? Monthly? The technology moves so quickly now.”</p> <p>Start with an acceptable use policy, Moyse recommends. Define, update and maintain a good acceptable use policy. Communicate it electronically. Preferably as a link that can be easily updated, and that lets you, as a business, take action if an employee does something wrong. That is number one.</p> <p>Next, have some sort of education, but understand that it has limitations within the business. “Tell them you can’t use Facebook in this way, show them examples of the horror stories that have happened.”</p> <p> Finally, Moyse believes organizations need some technology in place to police what is going on. “Get the balance right, you can’t be big brother to users, because it will have a negative impact on your technical team, everyone will hate working for you because of everything they can’t do. But you need to have some limitations, so it might be ‘you can go to certain Web sites, you can view the content, but you can’t download executables or movies. So we aren’t taking away everything from you totally, but there is an element of you can’t do everything’. The trick is striking the balance, take some away, but not all.” </p> </article> <article> <h1>Quarterly Threat Report Found Malware Peak in August</h1> <p>Stephanie Jordan — Mon, 22 Nov 2010 08:56:30 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/quarterly-threat-report-found-malware-peak-august" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/quarterly-threat-report-found-malware-peak-august" data-url="http://www.messagingnews.com/story/quarterly-threat-report-found-malware-peak-august" data-lang="en">Tweet</a></div><p>Last week, <a href="http://www.cisco.com">Cisco</a> offered its latest <em>Global Threat Report </em>for the period of July to September. The report reveals that enterprise users experienced an average of 133 Web malware encounters per month, peaking at over 140 during the month of August. Approximately 10 percent of Web malware was encountered via search engine traffic and/or services. During 3Q10, 7 percent of all Web malware encounters resulted from Google referrers, followed by Yahoo! at 2 percent. </p> <p>According to the report, if you are in the Pharmaceutical & Chemical vertical, you were most at risk for Web malware encounters in 3Q10, experiencing a heightened risk rating of 372 percent. Other higher risk verticals in 3Q10 included Energy & Oil (209 percent), and Agriculture & Mining (169 percent). The vertical least at risk during the quarter was Aviation & Automotive. </p> <p>“We can also report that spam volumes were highest in August 2010 compared to the remainder of the quarter,” says Mary Landesman, market intelligence manager at Cisco. “The Rustock botnet was the most frequently encountered event handled by Cisco Remote Operations Services (ROS) peaking in late August. This botnet is believed to be one of the largest purveyors of spam and has been most predominantly affiliated with sending pharmaceutical and counterfeit watch spam, often in the form of a breaking news alert, a tactic first popularized by the Storm botnet.” </p> <p>The report also shows that during the course of the largest LinkedIn spoofing in mid-September, the malicious LinkedIn email comprised a significant 31.26 percent of all spam for that period.</p> <p>For more on the <a href="http://blogs.cisco.com/security/cisco-3q10-global-threat-report/">Global Threat Report</a>, visit Cisco’s website.</p> </article> <article> <h1>G-20 Summit Subject Lines Used for Targeted Attacks</h1> <p>Stephanie Jordan — Thu, 11 Nov 2010 04:15:30 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/g-20-summit-subject-lines-used-targeted-attacks" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/g-20-summit-subject-lines-used-targeted-attacks" data-url="http://www.messagingnews.com/story/g-20-summit-subject-lines-used-targeted-attacks" data-lang="en">Tweet</a></div><p>The G-20 summit between leaders of the world’s biggest economies being held this week in Seoul has been the focal point for messaging exploits, says <a href="http://www.symantec.com">Symantec Hosted Services</a>. Since October, attacks being monitored by the company have increased to at least three per day.</p> <p>According to the Symantec/MessageLabs Intelligence’s Mathew Nisbet, these attacks “claim to have some kind of invitation, or report attached. The attachment is usually a compressed archive that contains a document with an exploit that will be activated as soon as the recipient attempts to open it.”</p> <p>Some sample subject lines:</p> <p> “G20 services”</p> <p>“Seoul Summit Development Issue Report”</p> <p>“Key info for G20 Seoul Summit”</p> <p>“[G20] Draft Communique of the FMM&CBG meeting in Gyeongju”</p> <p>In <a href="http://www.symantec.com/connect/blogs/upcoming-g20-summit-increases-targeted-attack-levels">Nisbet’s blog</a>, he offers some examples of what the emails look like noting that senders are usually “a made up a persona, complete with email address and job title at a well-known global news organization, to give a more human and therefore more believable edge to the mail. At first glance it may seem quite genuine, but a little investigation is all that is needed to know something is not right.”</p> <p>Events such as the G-20 Summit are often used to great success, because during such times people are more likely to receive unsolicited mail with attachments, or be following the topic with deep interest increasing the likelihood of opening the document.</p> </article> <article> <h1>Ipswitch Enhances Product with Commtouch Zero Hour</h1> <p>Stephanie Jordan — Thu, 04 Nov 2010 02:58:53 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/ipswitch-enhances-product-commtouch-zero-hour" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/ipswitch-enhances-product-commtouch-zero-hour" data-url="http://www.messagingnews.com/story/ipswitch-enhances-product-commtouch-zero-hour" data-lang="en">Tweet</a></div><p>Last week,<a href="http://www.ipswitch.com"> Ipswitch</a> Messaging Division, the maker of IMail Server and Ipswitch Hosted Email, announced the release of its IMail Server v11.03. Geared towards small and mid‐sized businesses, IMail v11.03 now offers the availability of Commtouch Zero Hour Virus Outbreak Protection. </p> <p>According to the company, “Zero Hour offers real‐time virus protection to bridge the early hour vulnerability gap between when an outbreak first occurs and when traditional anti‐virus solutions are able to issue a virus update. While traditional anti‐virus solutions are still crucial for known viruses, Zero Hour focuses on new and variant virus protection.”</p> <p>Along with the addition of Zero Hour, Ipswitch has made a number of enhancements for this release, such as archiving on multiple levels including users, lists or aliases. SMTP connection checks were also enhanced to allow IMail users to reject messages based on spam/virus classifications prior to a message being accepted – minimizing backscatter.</p> <p>Also included in the new release is additional mobile synchronization support for email, contacts and calendar events for the HTC Incredible, Motorola Droid X and Motorola Droid A855 devices.</p> <p>“Security is top of mind for our customers, “ says Tripp Allen, president of the Ipswitch Messaging Division. “With the landscape of malicious attacks changing so often, being able to stay on top of new viruses is critical. It is a necessary addition to any traditional anti-virus program.”</p> <p>For <a href="http://docs.ipswitch.com/_Messaging/IMailServer/v11.03/ReleaseNotes/">more details on the release</a> go to the company’s Web site. </p> </article> <article> <h1>The Role of Messaging Infrastructure Today</h1> <p>Stephanie Jordan — Thu, 28 Oct 2010 03:38:39 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/story/role-messaging-infrastructure-today" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/story/role-messaging-infrastructure-today" data-url="http://www.messagingnews.com/story/role-messaging-infrastructure-today" data-lang="en">Tweet</a></div><p>A new research report from the <a href="http://www.irg-intl.com/">Internet Research Group</a> (IRG) is out this month entitled <a href="http://www.irg-intl.com/whitepaper/2010-Messaging-Fabric.html">A Messaging Fabric: The Case for a Messaging Infrastructure Layer</a>. This is an interesting read, as it explores the role of messaging infrastructure in “the quickly evolving landscape of IT”.</p> <p>As the authors—John Katsaros and Peter Christy—describe it, messaging infrastructure “is the infrastructure that runs between the outside world and the systems that provide mailboxes internally—all big companies have it in some form. It seems to us that with the changing demands on email (e.g., compliance, DLP) and the evolving email alternatives (e.g., malware filtering in the Cloud or even mailboxes in the Cloud) this infrastructure layer could play an even more important role in the future orchestrating all the pieces.” </p> <p>IRG provides market research and market strategy services, and in their opinion the new product category they call “Messaging Fabric” is an emerging product area that should be seriously contemplated by large enterprises, especially those “considering the business-critical importance of email, the compounding impact of regulatory compliance and security, and the value of preserving an agile email system that can respond quickly both to structural changes (e.g., acquisitions, divestitures and partnerships), as well as changing external demands (e.g., regulatory compliance and security).” </p> <p>The report is free and available on the IRG Web site.</p> </article> </main></body></html>