A new malware outbreak spread quickly this fall, due at least in part to its clever delivery mechanism. Imagine receiving an email from one of your colleagues entitled “FW: Daily Report.” A compressed document is attached, but because the email came directly from your coworker’s email you extract the file immediately. After all, that daily report might contain information you need! The outbreak then infects your machine, and sends out more emails with the malicious attachment, usually masked as a .src file, to everyone in your address book.

Since this was a new virus, most antivirus engines were not able to instantly detect the threat or update their definitions quickly enough to at least flag the email attachment as suspicious. In order to track the detection of this threat, we used OPSWAT’s anti-malware multi-scanning tool Metascan® Online. On November 13^th only three of Metascan® Online’s engines detected the threat as malicious, but five days later twenty-eight correctly identified the threat!

Day One – Metascan Online

Day Five – Metascan Online

According to security experts, spear phishing and other types of socially engineered malware attacks are expected to increase in frequency and severity in 2015, so increasing defenses against this type of attack is essential. No single anti-malware engine can detect 100% of threats 100% of the time. Using OPSWAT’s Metascan® multi anti-malware scanning technology alongside an email security solution like Policy Patrol Mail Security can significantly increase an organization’s defenses against targeted attacks and socially engineered malware.

The post Faster Protection Against New Threats with Multi-AntiMalware Scanning appeared first on Policy Patrol.

Policy Patrol Mail Security provides you with advanced protection against email borne threats as well as ensuring compliance with industry regulations, offering anti-spam, anti-phishing, email content checking, attachment blocking, email reporting, mail backup and multi anti-malware scanning with Metascan.

Compared to other email security solutions, Policy Patrol Mail Security offers the following benefits:

• Multi Antivirus Scanning (free Metascan online subscription)
• Document Sanitization and Spoofing Protection
• Email Content Checking
• Easy Quarantine Management
• Advanced White Lists
• Check Internal Emails
• Email Usage Reports
• Email Backup
• Consolidate signatures and email security in one solution

Policy Patrol Mail Security Upgrade Promotion

Order before January 31st 2015, and get a 20% discount on your Policy Patrol Mail Security upgrade, or buy Metascan and get the Policy Patrol Mail Security upgrade at no cost! Find out more.

Policy Patrol Mail Security 30-Day Trial

Request your 30-day evaluation serial number and try out Policy Patrol Mail Security; no strings attached. To trial Policy Patrol Mail Security you just need to enter your trial serial number, no reinstallation is necessary! If you decide not to upgrade, just enter your Policy Patrol Disclaimers serial number back into the program and your configuration will still be intact.

The post Policy Patrol Mail Security Upgrade Promotion appeared first on Policy Patrol.

Metascan can use between 4 and 30 anti-malware engines from vendors like Symantec, ESET, McAfee, and many others. Because Metascan uses multiple anti-malware scanners, detection rates for all types of malware are significantly increased without the hassle of licensing and maintaining multiple antivirus engines. Engines integrated into Metascan are optimized to scan simultaneously for fast, high performance scanning.

In addition to malware scanning, Metascan can prevent advanced threats by converting potentially dangerous attachments to a different file type (e.g. DOC to PDF), eliminating any embedded threats. Metascan can also perform file verification and block email attachments with spoofed file type extensions, preventing for instance .exe files posing as .txt files from entering your organization. By sanitizing potentially dangerous file types and performing file type verification, Metascan can thwart zero-day and targeted attacks that might be missed by anti-malware engines.

Metascan is available as an add-on for Policy Patrol Mail Security.

The post Advanced Threat Protection for Exchange Server with Metascan appeared first on Policy Patrol.

The DBIR analyzes data breaches in 2013 from 27 countries and shows that nobody is immune. Government, commercial companies and large financial institutions, they have all reported important data breaches in the last year.

The report investigates espionage attacks; how they are conducted and how they can be prevented. The DBIR findings indicate that:

• 75% of attacks are opportunistic, they do not target a specific individual or company and 90% of them are financially motivated.
• 50% of the data breaches were committed by former employees who took advantage of old accounts or backdoors that weren’t disabled.
• Over 70% of IP theft cases were committed by internal staff and took place within 30 days of them announcing their resignation.
• 69% of breaches were spotted by an external party.
• The attacks often rely on relatively simple techniques; 95% of all state-affiliated espionage attacks relied on phishing in some way.
• 41% of the cases of misuse were due to unapproved hardware accounts.
• 66% of the breaches took months or even years to discover.

The report also includes recommendations to avoid data security breaches. Read the full report. 

The post Verizon’s 2014 Data Breach Investigations Report appeared first on Policy Patrol.

IDG reports that hackers accessed some of the FTP servers to upload malicious files, as well as files to advertise work-at-home schemes and similar scams. Spammers then included links to the files in spam emails. Since the links pointed to ftp sites with URLs of known company names, the links looked genuine, giving a false sense of security. The credentials are likely to have been obtained through malware or phishing emails.

In light of this breach, users need to be even more vigilant when clicking on links, even if the URL seems to point to a legitimate company domain. 

The post More than 7,000 FTP Servers Compromised appeared first on Policy Patrol.

In the never-ending rush for mobility and speed, businesses can sometimes overlook data security and in doing so put themselves at risk of data breaches. In 2013 we have seen many data breaches where personal information of a company’s clients, contacts or employees was inadvertently exposed, with the recent Target breach topping the list. Whether small or large, data breaches are damaging to the company and at best, worrying for their customers and business partners.

To help you protect your company from data security breaches, we have come up with a ‘Data Security Wish List’ for 2014:

#1: Know What To Protect: Firstly you must know what sensitive data your company stores and where it is kept. If some sensitive data is being kept unnecessarily, make sure it is destroyed properly and timely.

#2: Have a Data Security Policy: Have a document that guidelines how data security is implemented in your company: List sensitive data, where it is stored, how it is protected and the processes used for maintaining security of the data. Make sure that you regularly update this document when new systems are put in place.

#3: Educate, Educate, Educate: Train your employees about safe practices, for instance never to send sensitive information over unprotected email and to use a secure file transfer system instead. It is also important that your employees understand how to identify phishing and scam mails so that they will not mistakenly provide their account details and let hackers into your systems.

#4: Implement & Maintain Secure Systems: Maintain firewalls & anti-virus software (on desktops, mobile devices, and mail servers), deploy email security systems (for instance to prevent emails with social security numbers or credit card numbers being sent out). If you are using FTP: stop using FTP and replace it with a managed file transfer system.

#5: Be Alert: Be on the look out for anything suspicious. Check access and event logs, be on the lookout for unusual processes and services running on servers and computers. Run vulnerability scans on a regular basis.

Wishing you a safe and secure 2014!

The post Corporate Data Security Wish List For 2014 appeared first on Policy Patrol.

State officials responded by asking the unintended recipients to delete the email, and offered those affected free credit-monitoring services.

While human errors can happen, if the Georgia Department of Labor had implemented an email filter on their mail server, the Social Security Numbers could have been detected in the attachment and the email would have been blocked.

As the old saying goes: “Prevention is better than the cure”. If your company is currently not filtering outgoing email for sensitive information such as Social Security Numbers or credit card information, now would be the right time to look into deploying an email filter.

Email filtering software can be used to content check emails and apply email policy rules to prevent many email security risks, including legal liability resulting from email content, confidential data leakage, unsafe work environments, privacy breaches, and damage to reputation.

The post Department of Labor Accidentally Exposes Personal Data of More Than 4,000 Georgians appeared first on Policy Patrol.

A LabMD spreadsheet containing personal information of more than 9,000 consumers was found on a P2P network and other documents with personal information of at least 500 consumers were found in the hands of identity thieves. These documents contained sensitive information such as names, social security numbers, dates of birth, and health insurance information.

P2P applications allow users to exchange files with other network members. Although P2P networks allow users to easily share files, they carry considerable risks because they do not provide any encryption or file management. When employees use P2P networks to share files, companies essentially lose control over the files since they cannot be centrally managed.

If companies do not offer an easy way to exchange files securely with external contacts, employees will often resort to P2P networks since they are freely available and get the job done. For this reason it is important that companies educate employees about the dangers of sending sensitive files through P2P networks, ftp, and email and offer a safe, easy-to-use system to transfer large and confidential files.

If LabMD had used a managed file transfer solution for sharing their files, the spreadsheet would have been encrypted, the recipient would have been authenticated and the file would automatically have been removed after it was downloaded.

Read about the Ten Best Practices For Keeping Your Data Safe.

The post P2P Network Exposes Sensitive Information of 10,000 Consumers appeared first on Policy Patrol.

“Policy Patrol MFT allows us to transfer critical business files instantly and securely, ensuring that our business processes run smoothly with less complexity and cost. Policy Patrol MFT also helps us gain central visibility into company-wide file transfers, allowing us to meet auditing and management requirements,” says Policy Patrol client Devrim Kalmaz of Finansbank. “The integration with Bitdefender now provides the essential security needed to ensure that all data being transferred from and to the company is virus free before it is uploaded to the system.”

The cooperation between Red Earth and Bitdefender comes amid growing threats to corporate IT security, which has become an increasing risk-based focus for companies in the US and abroad.

“Bitdefender is pleased to have its industry-leading anti-malware technology integrated into Red Earth’s cutting edge file transfer software,” says Peter Laakkonen, Bitdefender’s General Manager of OEM and Technology Licensing. “The partnership between Red Earth and Bitdefender allows corporate users to collaborate and share files with confidence, without fear of malware infections and other cyber threats.”

The post Policy Patrol MFT Bolsters Security With Bitdefender Anti-Virus appeared first on Policy Patrol.

According to a report by the California Attorney General’s Office, 2.5 million Californians had personal information put at risk through an electronic data breach in 2012. More than 1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network. The report also states that although 55 percent of the breaches were intentional intrusions, 45 percent were the result of inappropriate security measures.

The Data Breach Report recommends that companies encrypt digital personal information when moving or sending data out of their secure network and states that the Attorney General’s Office will make it an enforcement priority to investigate breaches involving unencrypted personal information.

The report further underlines the need for companies to review their data security practices and in particular the safe handling of sensitive data in transit. If your company is still sending confidential data through unencrypted email or using wide-open ftp servers to transfer sensitive data, now is a good time to consider using a managed file transfer solution.

Managed file transfer solutions ensure that files can be safely exchanged with external contacts using encryption in transit and at rest. Senders can request recipient authentication and files can automatically expire after a specified number of days or downloads, ensuring that sensitive information is removed timely. If integrated into your email system, managed file transfer solutions can also automatically replace certain email attachments with secure download links, ensuring that email attachments are sent with the appropriate safeguards without requiring user intervention.

Read more about how managed file transfer can help your company.

The post Californians At Risk From Unencrypted Data appeared first on Policy Patrol.