2 is a constant. is everywhere. is something few of us could live without. Billions of messages are sent each month, and countless hundreds are received every week, often every day by your end users. And each of these missives could be a vector of attack, a container of malware, or a way to destroy your company s very business. It would be easy to stop attacks if there was just one way hackers use to bring your shop to its knees. Unfortunately, is vulnerable in myriad ways and hackers have nearly unlimited ways to attack. And it gets worse literally every second. You must protect your network from these incursions. One way is to go back to basics, and make sure you are taking all the traditional steps to fortify your . At the same time, there are new attack techniques and you must be on guard for these as well. So you must implement traditional best practices and move ahead to the future to ward off attacks on your shop s , as well as your own. Don t believe it? How many times have you gotten bogus s from friends or colleagues because their address books were hacked? And because they are from people you trust, how easy is it for a security novice to fall for these ploys and, say, click on an infected link? Meanwhile this entire threat is organized, international, criminal, and ever growing in sophistication. In this paper, we ll lay out the problem, and then give 10 solutions to this increasingly dangerous problem. Why is so vulnerable? can be an insanely easy way for attackers to get into your network, and once they re in, they truly have the keys to the kingdom. Not only can they gain higher level access to the network, especially if they launch an elevation of privilege attack, they now can see all the targeted user s content, and at the same time can impersonate that user by taking over their identity. And is far too vulnerable. Not only are passwords commonly weak, but users are easy prey for social engineering, and controlling a user s address book is a bot s delight. What harm can hackers do via ? We sometimes think of certain attacks as an annoyance. So what if Aunt Betsy s Gmail got taken over by a bot and we got a bogus message? Even if you sidestepped the danger of Aunt Betsy s bogus , not everyone did. And those who fell for it probably harmed other users, including those in your own corporate or personal address book.
3 The evil beauty of these attacks is the user sometimes only knows they were compromised once they get back from their contacts asking about suspicious mail. And if the is taken over just to spread spam, the victim only knows if their performance slows to a distinct crawl. And these attacks may be the least of your worries. There is far more to fear, and battle. Traditional style viruses are still a massive problem. This threat was really brought to the fore with a little nasty virus named Melissa back in Far from sweet, Melissa used to bring systems to their knees simply by overloading them. The virus spread by tricking users into opening an attachment hoping to get free pornography by offering up a list of supposed passwords. The attack was finally beaten back after much harm was done, but that didn t mean the virus was done for the good. To the contrary, Melissa proved to hackers what was possible, and those creeps took the Melissa code and propagated new versions. This is one of the biggest drivers for hack attacks. The bad guys share code, and these days even a programming dunce can relaunch an existing attack with just a few tweaks. These clowns are known as script kiddies, and with a slight bit of knowledge and a penchant for social dysfunction can indeed wreak havoc. With Melissa, the hacker gloves were off, and was suddenly prime game. Attacks broaden and worsen Hackers love easy pickings and they more so love a target that is ubiquitous. This is why Microsoft software has long been the biggest target, and fits the same exact profile of near-total commonality. And the typical user is regularly confronted by phishing, malicious links, elevation of privilege exploits, and address book attacks. The rise of makes it a bigger problem: today users have corporate , but they likely also have multiple web mail accounts, multiplying the attack vector. The very use case of makes it vulnerable. For most all of us, is the app we still spend the most time with. It is hard to keep up with the volume of legit mail, never mind the spam. So when malicious mail masquerades as legitimate, even seasoned users can fall victim. is the perfect conduit for worms, a form of malware that multiplies and spreads largely through distribution. And with script kiddies, these worms never die: they are simply tweaked and turned into more dangerous entities. Take Win32/Brontk, which has been around for years. This is a classic worm with proliferates through mass mailing. In typical fashion, this worm mails itself off with an innocent-looking attachment, and finds addresses by hijacking end user address books. To make things worse, worms like Win32/Brontk can
4 shut off your defenses such as anti-virus software and even use the hijacked to launch denial of service (DoS) attacks. One new clever, near diabolical attack is a variant of the Nigerian scams. In one example, Mrs. Bridggie William from Kenya writes that her husband died after a Cardiac Arteries Operation, leaving behind over $10 million. As Bridggie herself is dying of cancer, she wants the recipient to provide a safe place for all this money. Instead of an address to respond to, Bridggie was kind enough to include an Outlook meeting invitation. Acknowledging such invites can open you up to serious attacks. Of course, these meeting requests must be deleted immediately, and not just moved to your junk folder. And just as you ought not to respond to spam, do not decline the invite as this is akin to a response. Having multiple accounts that employees use at work multiplies the threat. It is best to restrict user to the corporate system while they are on the corporate network that hopefully is equipped with defense-in-depth protection tools. Unprotected accounts are a major source of data leakage, worms, and other malware. On the other hand, if users do a lot of web surfing and sharing, it may make sense for you to help support these web clients. They can use these accounts for non-business purposes, but still need to make sure they are protected since they can ultimately impact the company. trying to lure you to buy bogus wares, but want your information, your address book, and to use your connection to elevate their privileges and attack your company s network. Even worse, with newer attacks, you don t need to open an attachment to be compromised, nor do you need to click a link. The 2013 Microsoft Security Intelligence Report laid this out with precision. More than 75 percent of the messages sent over the Internet are unwanted. Not only does all this unwanted tax recipients inboxes and the resources of providers, but it also creates an environment in which ed malware attacks and phishing attempts can proliferate. providers, social networks, and other online communities have made blocking spam, phishing, and other threats a top priority, the report said. There is far more to it than that. Spam wastes productive time as your workers pore over their inboxes and sift through the garbage. And spam is not going away. While not exploding as in years past, spam isn t exactly disappearing either. At the same time, it is getting more dangerous and laden with malware and phishing attacks every day. Spam still a problem, maybe more than ever Spam, is often seen as a pure annoyance. Our inboxes are daily flooded with junk, and we are exposed to often offensive messages. But spam is a main conduit for hack attacks, be it malware or phishing. And spam is more dangerous than ever. The bad guys are not just
5 The new ThingBot threat When we think of hack attacks, we imagine some jerk behind the keyboard with nothing better to do than cause problems. But most attacks are now automated, such as with worms. But there is a new threat. More and more small devices and even appliances are now IP devices and communicate with each other and our networks. This is known as the Internet of Things (IoT) and machine-tomachine (M2M). The problem is that the number of devices that can attack are greatly multiplying. Playing off the IoT term, these new attacks are called ThingBots and they use these newfangled devices to launch botnet attacks. In fact, a single botnet last year took control of over 100,000 of these small devices to spread its attack. This resulted in over 750,000 spam and phishing messages being sent out in just two short weeks. Many types of attacks can be launched this way including malware, and the spreading of inappropriate content and spam which comes with its own litany of troubles. It s not just smart refrigerators and intelligent thermostats, but our mobile phones, home routers, and consumer electronics that can now attack our . It s time to fight back Your company s network, applications and data are the lifeblood of your business. Compromised a little and you are seriously damaged. Compromised a lot, and you may be down for the count. Protection is of the essence, and this protection must be deep and rich. Here are 10 top tips and an action plan to lock down for good. 1. Demand passwords 2. Stop data leakage with content filtering 3. Stop spam before it really stinks 4. Stop breaches with content filtering 5. Make malware go away 6. Block breaches 7. Consider compliance 8. Training and best practices 9. Fight phishing 10. Implement defense in depth 1. Proper passwords What is s first and often only layer of defense? It is often a password. And since users generally use one password for multiple apps, if that password is cracked that exposure is compounded. Unfortunately, passwords are usually far too weak, as easy to crack as a freshly-laid egg. Even many shared accounts set by IT have insanely simple passwords. How many times has someone told you to key in password, admin, or guest. Maybe if the admin is sneaky they ll have you enter password123, admin123, or guest123. Like that will stop a motivated hacker!
6 USERNAME Another good practice is to have different passwords for different and other accounts, so if one gets discovered, the others aren t found out as well. And if you decide to go with just one master password, make sure it has a high level of complexity and is changed regularly. Making matters worse, is not just any more. It often has integration and links to Facebook and other social media, and at the very least notifications from services such as LinkedIn, Amazon or ebay that can reveal a lot about the user. If a hacker is in your , the first thing they will do is see if your password works with these other services. If it does, they know enough about you to make identity theft a breeze, or use this information to launch false personal attacks and create other mischief. These attacks can easily come from people you know. If they have your address and know you love Harley-Davidson motorcycles, they might figure out after a few attempts that your password is harley1234 or something similar. Jilted lovers are just example of those who would do such a thing. Trustwave, a security consultancy, looked at millions of passwords that had been compromised and founds that in most cases the passwords were far too weak. Half of these passwords had low level security, but in many cases had at least a number combination and upper and lower case letters which isn t horrible. Close to 90 percent of the passwords had no special characters. Even worse, the most popular password today remains Password1, which is almost as bad as admin or guest. 2. Block data leakage Data leakage is a huge and growing problem. Confidential corporate data is leaked out, as are credit card numbers, social security numbers and sometimes medical information. What you really need is a policy that dictates that this information, under no circumstances, should be sent out without explicit management approval. And you need a tool that checks for keywords that would indicate that inappropriate data is going out the door. This keyword scanning should apply to both the themselves (social security and confidential are two examples of terms to look out for), as well as Your users need complex passwords that are changed regularly. Even more so, they need a safe way to store passwords, as complex passwords are easy to forget. Having them in an encrypted file is best. And please, make sure they never write them a on a Post-It note and stick it to their computer or shove it in their top drawer. We tend to think that it is end users that are the real risk, but a 2013 survey by Ping Identity found that 83 percent of security pros use one password to use multiple applications.
7 attachments. You don t want your Q4 numbers sent out to a broker before they are announced, do you? And these attachments all too often carry viruses which can be spotted with good content scanning tools. The scanning really needs to be configurable to search deep into the messages, such as scanning the subject line, message body, headers and content. And like spam and anti-malware where you want multiple engines, you want a content tool that employs a variety of pattern matching techniques. Data leakage comes in three main forms inadvertent, on purpose by the end user, and on purpose by a hacker. In any of these cases confidential data can be compromised. Competitors can get your financials or intellectual property, and thieves can get customer s personal information. 3. Stop spam before it really stinks Did you know that over 3 percent of spam messages contain some form of malware, and that spam levels are not predicted to decrease in 2014? Spam is not just a nuisance, but a real danger to your business. Spam is a huge productivity waster, so the ROI on getting rid of it is fast and large. Ferris Research took a look at this issue, and in one analysis assumed the end user got five spams a day, and spent just 30 seconds on each message. That is 15 hours a year. Shops without proper anti-spam protections can be pretty much assured of getting a multiple of this amount of spam every day, and consequently will waste far more employee time. Data leakage can be just as dangerous as an overt outside hack. Sometimes your end users will inadvertently confidential data. Sometimes they misuse distribution lists and mail private information to dozens, perhaps hundreds, of recipients. Other times, the employee leaks data on purpose, and the biggest conduit is the easiest most ubiquitous form of communication . Let s face it, no one is going to text confidential company plans, it just isn t workable. The 2013 Verizon Data Breach Investigations Report shows that 14 percent of all breaches come from insiders, and because these insiders have company knowledge and already have network access, they can do more damage than a hacker. This includes skimming and distributing credit card information, selling private medical data, giving employee lists to recruiters, or selling confidential plans and results. Other spam costs include the price of bandwidth to transmit these worthless messages and disks or online storage to hold them. So what do you do to stop this scourge? Some of it is technical and some is policy-based or accomplished through training.
8 One technique is to keep addresses under a tight lid. Don t have end users give them out willy-nilly and post them on any website that comes down the pike. It might make sense to have a corporate policy that restricts where addresses can be posted. Have users take maximum advantage of spam filters and be careful of how they deal with the messages in the junk mail folder. And be sure they never ever open or respond to spam. By opening them, you are inviting a malware or phishing attack. And by responding you are simply proving that your address is valid, and that you are a good target. Finally, make addresses complex enough that they are difficult to guess at. 4. Controlling content via filtering and monitoring IT and upper management know that data that is perhaps their most precious resource, and some more precious than others, such as financials, client data, unreleased products, strategies all of which are all games changers if purloined. On the other hand, inappropriate content is another risk. While many believe the only real security threat comes from outside hackers, the insider threat can be more insidious and dangerous. And with , your end users don t even always know they are causing such as problem. Some of these problems are the inadvertent spreading of malware or exposing corporate data by falling prey to phishing. Another problem has to do with employee misbehavior and here content monitoring and control can be a lifesaver. There are myriad ways these bad deeds can bite you; data leakage, criminal complaints if is used to break the law, and lawsuits if an employee, for instance, uses to sexually harass someone. More and more often, courts are ruling that organizations are responsible for what happens on their systems, including . content monitoring can help solve most of these problems, keeping your company out of hot water by blocking inappropriate messages. content security tools can stop data leakage, but also helps put an end to unproductive work such as spending all day on online gambling or fantasy football. And it can help insure that compliance regulations are met. Frost & Sullivan studies this market, and recently did a survey of 12,396 security pros which informed its Analysis of the Global Web and Content Security Market report. One key is for vendors to integrate content with other security tools, easing management and licensing. As common intellectual property for content security is spread across communication channels like
9 web, and social media, vendors will be driven to offer a unifying suite of content security products with a single point of interface. As such, market consolidation will reduce complexity for customers and decrease administrative overheads for security professionals, said Frost & Sullivan Network Security Industry Principal Frank Dickson. The need for this kind of tool is driving the market to grow from $3.07 billion in 2013 to $3.35 billion in Make malware go away Malware of all shapes and sizes isn t going away, but instead is getting more vicious and numerous. And new attacks are coming out all the time. Not only do you have to beat back the thousands of exploits already out there, you also have to protect yourself from zero-day exploits. Just like with spam, you need multiple antimalware engines for true protection. Content filtering is another way to fight zeroday attacks. Good filtering will recognize and block the types of attachments likely to carry a viral payload. 6. Block breaches Every year Verizon studies breaches in its Data Breach Investigations Report. One disturbing finding is that attacks are being used more and more for espionage, and these can be launched by criminals or state-supported organizations. Some attacks, often launched from or built in China, are in the form of a phishing that once clicked on downloads even more malware onto the end user s computer. The goal is to let the hacker gain domain level access which it can do by capturing credentials, installing a key logger or other technique. Throughout this process, attackers promulgate across the systems within the network, hiding their activities within system processes, searching for and capturing the desired data, and then exporting it out of the victim s environment, Verizon said. Verizon further finds that remains the most popular way to launch social attacks, with phishing being the most frequent. 7. Compliance All these issues are more serious for those companies covered by compliance regulations where you must beyond a shadow of a doubt prove that your , and the data it contains, is safe. Here, you must protect all aspects of your mail and insure that your key corporate data, be it credit card numbers, personal information, or financial information. Fortunately, the same basic protection techniques that serve those ordinary shops can also protect those that fall under compliance.
10 Compliance isn t just a guideline, but a mandate. Take the Health Insurance Portability and Accountability Act of 1996 (HIPAA), for example. Here violating compliance rules can mean real dollars. These fines can start out relatively small, but are nonetheless painful. For instance, in Idaho, a hospice had a laptop pilfered. Despite all the hospice s good deeds, it was still fined a stinging $50,000. And insecure cost a small Phoenix medical practice a cool $100,000. That s the small potatoes. In Boston, a misplaced physicians laptop just that one computer netted a $1 million fine. And even state government isn t immune. The Alaska State Health Department lost just one backup drive, which cost them $1.7 million. creates this kind of compliance exposure thousands of times a day, especially when it becomes a source of data leakage. For instance, an employee of The Regional Medical Center in Memphis mistakenly sent out with patients private medical information. Even though an accident, the center had to warn hundreds of people of the compromise. No big deal? Close to 1,200 patients had their records compromised, and that data included not just medical history but also personal information such as social security numbers, a hacker s goldmine. 8. Training and best practices IT is used to deploying technology to solve technical problems, so they implement firewalls, anti-malware and other devices. Unfortunately, these defenses aren t always rich or deep enough. Just as large an issue is end-user behavior. All these the defenses in the world can t defend against an easily fooled employee who may be tricked into giving a hacker full network access. Training clearly pays off, especially in blocking phishing, and perhaps no one knows this better than famed hacker Kevin Mitnick who now works for security training company KnowBe4, LLC. This company spent a year studying 372 shops representing some 291,000 endpoints. Before training kicked in, nearly 16 percent were prone to falling for phishing attacks. After training, that fell by a factor of 12, down to just 1.28 percent. KnowBe4 believes the real weak security link is end users. The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies Internet security efforts, Mitnick said. In most cases, their involvement is unintentional they unknowingly allow access to corporate networks simply because they don t know what to watch out for A properly trained employee, on the other hand, can act as what Mitnick calls a human firewall.
11 Training tips and tricks Never click a link in an you aren t 100 percent certain is legit. Never respond to spam. Never open an attachment unless you asked for it or know precisely what it is. And don t be fooled because it looks like a Word doc or some other seemingly innocent file. It is a piece of cake to change an.exe extension to.doc. Never interact with an from a business you weren t expecting. Even if a message seems to come from your bank, ignore it and use the website, protected by your password and user name to see if there is anything you need to tend to. Use professional-grade spam filters, and make sure the settings and quarantine policies meet your needs. One phishing technique is to lure you to an actually legitimate site, but once you get there, a malicious dialog pops up asking for personal information. Resist the urge to fill in any data. Activating your browser s pop-up blocker might help. If you think you clicked a bad link or did something else to launch an attack, either start a scan immediately or shut down the machine and immediately get help from an IT professional before the problem spreads. Set up your anti-malware to run regularly, keep it updated, and do a full scan immediately if you suspect trouble. Be wary of public Wi-Fi. Try to keep to trusted providers, and take immediate steps if you sense your computer has been compromised. Hackers often use network sniffers to study your connection, and nab user names and passwords. Consider a separate, non-corporate account for personal use, but treat this with the same respect as you do corporate , and try to not to use it while on the corporate network. Be wary of sharing your address by posting it on forums, blogs, and websites as hackers can scrape these sites and add you to their spam list. If you feel you must share, use a personal address rather than your corporate account. Keep applications and apps updated and patched. Use legitimate (non-pirated) software. Make sure an attachment is legit before you open it. Don t open unusual messages, even from friends, family, and colleagues. Report phishing and other attacks to key vendors and security firms. If you get an unexpected calendar invite, delete and contact the sender, if you know them, to see if was legit. If so, have it resent. Never respond to these invites. Some scams never die because they are so darn enticing that they just keep on working, and not enough users are trained to avoid them. Most by now can at least spot the old Nigerian scam. But the lure of money keeps lottery scams going and here the trusted names of Microsoft and Google are often used. And instead of Nigeria which raises immediate suspicions, these messages want users to contact someone in England or another industrial country. Microsoft in particular is keen to stop these scams, so if you get one of these messages, by all means contact Microsoft. In fact, Microsoft is one of many vendors that work closely with law enforcement to hunt down and punish criminals.
12 9. Fight phishing Recently, there was a major phishing scam where hackers sent out fake bills supposedly from Pacific Gas and Electric Company. The bills include fraudulent account numbers and malicious links, and so looked authentic. This is only the tip of the iceberg and phishing is on the rise. In the last couple of years, nearly 40 million users were hit by phishing, and this is a nearly 90 percent increase from the two years prior. Phishing all too often works, and that s why the bad guys are so persistent in sending it. In fact, even if the first attempt doesn t work, there is a good chance the second or third will, according to findings by Verizon. Referring to research from ThreatSim, running a campaign with just three s gives the attacker a better than 50 percent chance of getting at least one click. Run that campaign twice and that probability goes up to 80 percent, and sending 10 phishing s approaches the point where most attackers would be able to slap a guaranteed sticker on getting a click, Verizon said. Training to spot phishing is one half of the prevention equation. The other half is strong tools that can spot and block phishing messages. The Microsoft Security Center wants users to avoid phishing, and gave this annotated phishing example to help. Things to look for include bad grammar and incorrect spelling, something especially found in phishing messages from China and Eastern Europe. And, of course, links in the can be another tell-tale sign. Even more telling are messages that threaten to close your account or take some other form of action if you don t respond. 10. Implement defense in depth Training users to spot malicious mail and social engineering attacks is critical, but even more so is having proper technical defenses. That means protections against all forms of intrusion and data leakage. And that means having: Anti-virus/anti-malware Spam protection Content filtering And it is best if all these tools are integrated, and offer the choice of running them in the cloud or on premise. On the malware and spam protection front, you also want to make sure that there are multiple engines that are updated frequently so that nothing gets through. The return on investment (ROI) on security isn t a precise measurement, but it is assuredly positive and fast. And if you block just one major attack, which you certainly will, the ROI is off the charts. And you have to ask yourself, how much is your business worth?
13 Integrated tools Fortunately GFI Software has integrated tools that offer this defense in depth and work either on premise, in the cloud, or in a hybrid fashion where some pieces of software are in-house and some in the cloud, working together. On-premise solution On the on-premise side, GFI offers GFI MailEssentials, which has three versions ranging from full-on unified protection with anti-virus/anti-malware, and spam protection; an anti-spam/anti-phishing edition; and a pure anti-virus/anti-malware tool. On the malware side, GFI MailEssentials can offer five powerful anti-virus engines which scan your s for potential exploits. In addition, GFI MailEssentials can sanitize, or in other words cleanse the HTML code of malicious scripts in before it is transmitted, possibly causing an infection. Users should also know how to protect themselves, which is where training from IT comes in. GFI adds to that tools that let end users manage spam quarantines, whitelists and blacklists. Even better, the GFI tool catches more than 99 percent of all spam messages. And don t worry about your legitimate messages not getting through. GFI MailEssentials is regularly awarded the VBSpam+ award for its 0 percent false positive rate. And all this management is eased for IT through a web console, which includes powerful integrated reporting. Finally, the software is only installed on the server, with no need to install client applications. The cloud answer On the cloud side, GFI also offers GFI MailEssentials Online which provides protection in a way that leaves less for IT to manage, and offers some unique features such as continuity. GFI MailEssentials Online can spot even the newest viruses with its zero hour protection, as well as employing multiple signaturebased engines. Meanwhile, the spam filtering is highly accurate, and by blocking spam before it even gets to your network, you save on bandwidth and boost network performance. And because all this is in the cloud, you can still get even if your primary service is disrupted by maintenance, software issues or a hardware crash. Finally, GFI MailEssentials Online has an archiving option which is great for shops that fall under compliance regulations, or anyone that wants to safeguard important information. Tracking content and enforcing policies is also critical, and here GFI MailEssentials lets IT set policies based on groups or users, and rules can be based on headers, keywords or attachments.
14 About GFI GFI Software develops quality IT solutions for small to mid-sized businesses with generally up to 1,000 users. GFI offers two main technology solutions: GFI MAX, which enables managed service providers (MSPs) to deliver superior services to their customers; and GFI Cloud, which empowers companies with their own internal IT teams to manage and maintain their networks via the cloud. Serving an expanding customer base of more than 200,000 companies, GFI s product line also includes collaboration, network security, anti-spam, patch management, faxing, mail archiving and web monitoring. GFI is a channel-focused company with thousands of partners throughout the world. The company has received numerous awards and industry accolades, and is a longtime Microsoft Gold ISV Partner. About GFI MailEssentials and GFI MailEssentials Online GFI MailEssentials and GFI MailEssentials Online are leading security solutions for small to mid-sized businesses. They make managing business easy and efficient by protecting your network against -borne junk, viruses, spyware, phishing and other malware. For more information about these products please visit the web pages for GFI MailEssentials and GFI MailEssentials Online. For more information about GFI s network and security solutions, visit our website: security and anti-spam software for SMBs Download your FREE 30-day trial Cloud-based security and spam filtering service Download your FREE 30-day trial
15 GFIOS apr14 GFI Software, 4309 Emperor Blvd, Suite 400, Durham, NC 27703, USA Tel: +1 (888) Fax: +1 (919) For a full list of GFI offices/contact details worldwide, please visit: Disclaimer GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out-of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.
10-step action plan for the ultimate email protection 1 Contents Why is email so vulnerable? 4 What harm can hackers do via email? 5 Attacks broaden and worsen 6 Spam still a problem, maybe more than ever
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
BYOD and multivendor networks raise the vulnerability ante: 10 ways to fight back! The problem: The security wars rage on. Attacks which were once performed manually, are now being fully automated, while
Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches
BYOD policy roadmap: Directions you can t ignore Bring your own device (BYOD) is both an IT blessing and a curse. It s great to be productive and at the same time connected to personal contacts, apps and
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
Email Security Guide Introduction No organization can afford to operate without an email security strategy. The risk landscape is constantly changing with new threats surfacing every day. This white paper
Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
GFI White Paper Social networking at work: Thanks, but no thanks? Millions of people around the world with access to the Internet are members of one or more social networks. They have a permanent online
GFI Product Comparison GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange GFI MailEssentials Trend Micro ScanMail Suite Microsoft Exchange Server 2003/2007/2010/2013 Integration Option
V8.3 E-MAIL FILTERING FAQ COLTON.COM Why? Why are we switching from Postini? The Postini product and service was acquired by Google in 2007. In 2011 Google announced it would discontinue Postini. Replacement:
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
GFI White Paper Email security: The performance, protection and choice SMBs deserve Contents Overview 3 Common email security roadblocks 3 The email security checklist 3 Complete protection, day in and
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
GFI Product Comparison GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.0 GFI MailEssentials Symantec Mail Security for Microsoft Exchange 7.0 Supports Microsoft Exchange Server 2003
GFI White Paper: GFI FaxMaker and HIPAA compliance This document outlines the requirements of HIPAA in terms of faxing protected health information and how GFI Software s GFI FaxMaker, an easy-to-use fax
Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
2000 Linwood Ave Suite 19J Fort Lee, NJ 07024-3012 What Spammers Don t Want You To Know About Permanently Blocking Their Vicious E-mails Following Last Year s Hack Attack At Epsilon, You May Be Overwhelmed
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
Contents Paul Bunyan Net Email Filter 1 What is the Paul Bunyan Net Email Filter? 1 How do I get to the Email Filter? 1 How do I release a message from the Email Filter? 1 How do I delete messages listed
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
FAQ V8.3 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks
GFI White Paper How Web Reputation increases your online protection Contents Introduction to Web Reputation 3 Why use Web Reputation? 3 The value of using Web Reputation and antivirus software 3 The value
Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security
GFI White Paper Email security Cloud vs. On-premise solutions Choosing whether to put your email security in the cloud or host it on premise is a major decision. Hopefully this white paper will help. Contents
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
GFI White Paper How to keep spam off your network What features to look for in anti-spam technology A buyer s guide to anti-spam software, this white paper highlights the key features to look for in anti-spam
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
2001 2014 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks are hereby acknowledged. Microsoft and Windows are either registered
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
GFI White Paper The importance of an Acceptable Use Policy In an ideal world, employees would use the computers and Internet access provided their employer solely for business use. It is however, sadly,
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
You re not as safe as you think Think for a moment: Where do you keep information about your congregants or donors? In an Excel file on someone s desktop computer? An Access database housed on your laptop?
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.
WHITE PAPER: FINDING EMAIL SECURITY IN THE CLOUD Finding Email Security in the Cloud CONTENTS Introduction 3 I. Why Good Enough Security is Never Good Enough 3 Mind your security gaps 4 II. Symantec Email
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
Internet Security Why is a strong password important? Identity theft motives: To gain access to resources For the challenge/fun Personal reasons Theft methods Brute forcing and other script hacking methods
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
FAQ V8.3 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
Symantec Protection Suite Add-On for Hosted Email and Web Security Overview Your employees are exchanging information over email and the Web nearly every minute of every business day. These essential communication
Trend Micro Hosted Email Security Stop Spam. Save Time. How it Works: Trend Micro Hosted Email Security A Trend Micro White Paper l March 2010 Table of Contents Introduction...3 Solution Overview...4 Industry-Leading
GFI White Paper Why Bayesian filtering is the most effective anti-spam technology Achieving a 98%+ spam detection rate using a mathematical approach This white paper describes how Bayesian filtering works
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal
GFI White Paper Understanding data backups: why SMEs need them Data is the lifeblood of every organization, yet many either fail to back up their data or they are not doing so properly. Losing data can
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
Internet Security Strategy for SMEs Small and medium-sized enterprises (SMEs) need a comprehensive Internet security strategy to be able to protect themselves from myriad web-based threats. Defining and
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,
In-House Vs. Hosted Email Security 10 Reasons Why Your Email is More Secure in a Hosted Environment Introduction Software as a Service (SaaS) has quickly become the standard delivery model for critical
Energy reduction Email Security: a huge challenge for companies - a practical guide on email threats - Whitepaper Achieve more with less Internet and email security flaws Layered approach while defending
Best Practices Top 10: Keep your e-marketing safe from threats Months of work on a marketing campaign can go down the drain in a matter of minutes thanks to an unforeseen vulnerability on your campaign