IRM Master Class at ILTA>ON

Learn about Information Rights Management – what it is and how it is implemented – on Wednesday, 8/26/2020, at ILTA>ON.

Our CEO and Chief Architect, Seth Hallem, will be presenting an educational Master Class on using Information Rights Management to prevent data leakage at ILTA>ON. Note: this is an educational session, not a promotion of our LINK app.

What You Will Learn

What is Rights Management? This class will dive into what rights management is, how it works, and who the major providers are. The introduction to the class will discuss the goals of Information Rights Management, what specific security problems IRM solves, and some of the major challenges IRM presents, particularly focused on how to navigate the trade-off between protection and practicality with IRM technologies.

Microsoft (Azure) Information Management: We will then spend the second portion of the class diving into Microsoft’s Information Protection (formerly known as Azure Information Protection) technologies, how those are implemented both on-premise and with Azure, and how they work for documents and emails. In this section we will dive into the architecture of Microsoft’s Information Protection, the benefits/disadvantages of this architecture, and how this particular implementation fulfills the security promises of IRM outlined in part 1.

Challenges with IRM: We will also dig into the challenges with IRM, and why IRM has not yet become a standard requirement for a secure enterprise.The class will conclude with a step-by-step outline for how to get started with Microsoft Information Protection. The goal of this section is to provide enough hands-on details to allow the attendees to get started down the IRM path with a clear vision of how it works, how to get started, and how to manage the trade-offs between security and flexibility based on the protection requirements for a particular client or matter.

When: Weds., August 26, 2020 at 11:30 AM – 12:30 PM CT / 5:30 – 6:30 PM BST

Where: ILTA>ON Registrants will join via Zoom

Bonus: All attendees will be entered in our drawing for a $200 Amazon Gift Card.

Recording: If you would like a link to the recording after Aug. 26th, email me at contact@mobilehelix.com or request it via the ILTA>ON platform.

-Maureen

LINK App: New Safari Button

Here is a great new feature in LINK which I use several times a day. When you open a web page in the LINK app using LINK’s browser, you can now tap the familiar Safari button to open the page in the device’s Safari browser.

You can open a link in an email, or in a document, or from an application page, then tap the Safari button to open the page outside of LINK. Here is an example.

Tap on link in Email
Opens in LINK’s browser
Tap Safari Button
Opens in Safari
Tap on “Link” to return to LINK app

I use the Safari button when I receive a link to an uncommon video conference or signature service (we test the popular ones in the LINK browser), or when a page is not rendering correctly. I also use the Safari button when I want to read something, but not now. I open it in Safari. It stays open in Safari. Then I can go back to LINK and continue working.

Sound good? Here are other benefits of the Safari button:

  1. Safari is where you do your personal browsing. If you are logged in to nytimes.com, for example, those cookies are cached in Safari. If you click a hyperlink in Link, your cookies/password manager are not available to you. Better to just browse in Safari.
  2. The LINK browser routes all traffic through your office network. The Safari button allows you to move all personal web browsing into your personal browser. This (a) keeps your work network safe, and (b) prevents web proxies that your company establishes from intercepting and monitoring your traffic. It is a simple matter of employee privacy – you should always have the ability to keep your personal business personal.
  3. Native Safari has special capabilities that LINK does not. In particular, Safari has knowledge of all the apps on your device and many sites will use this capability to automatically launch a mobile app, rather than continuing to view a website in the browser. Safari also has a few important features that are not implemented in LINK’s browser. Chief amongst them is WebRTC, which is a protocol for real-time applications like in-browser video conferencing.
  4. IT can control when Link automatically pushes hyperlinks clicked in email to the native Safari browser. For example, IT can configure Facebook links to automatically open in Safari outside of the LINK container.

Have any questions? Let me know at contact@mobilehelix.com.

-Maureen

Who is putting security at risk? It might be your CXOs…

A new report from MobileIron, “Trouble at the Top,” is eye-popping, although perhaps not surprising to IT professionals. In fact, it might provide very helpful data in making your case for security policies within your organization.

Between February and March 2020 Vanson Bourne interviewed 300 enterprise IT decision-makers and 50 C-level executives in Europe, UK, and the US regarding their organizations’ mobile security protocols.

C-Suite executives are highly targeted for cybersecurity attacks, including phishing.

Yet “76% of C-level executives admitted to requesting to bypass one or more of their organization’s security protocols” during the last year, per the findings.

In a note of irony for IT professionals, “Almost three in four (72%) IT decision-makers also claimed the C-suite is the most likely to forget or need help with resetting their passwords,” writes ZDNet, quoting from the MobileIron study.

MobileIron’s overall point is that employees need the right tools to be secure and productive at the same time. Or, as we would say, security measures cannot afford to impair usability or people will conjure up a way around them.

There is much more in the study. You can register for the download of MobileIron’s “Trouble at the Top” report here.

-Maureen

Protect Your Data in a Remote Work Environment – ILTA Educational Webinar

Working remotely became a neccessity almost overnight. But were firm architectures ready? Two common entry points to system hacks, social engineering and network vulnerabilities, threaten the security of remote working. In this session, Mobile Helix CEO and Chief Architect, Seth Hallem, will describe these vulnerabilities and propose practical and actionable ways to address these weaknesses using safe browsing, network proxies, authentication, authorization, and DLP. These mitigations apply to both desktop and mobile devices.

This is an ILTA Educational Webinar. It is free to members as well as to non-members as part of ILTA’s COVID-19 content. Non-members may register for a free login-in.

WATCH THE RECORDED WEBINAR HERE

Outline:

I. Social engineering: Phishing, “Water Hole,” SIM card swaps

   Mitigations including:

    A. Safe browsing

    B. No SMS

    C. Web filtering via proxying

    D. Data Loss Prevention (DLP): printing, recipient checking, metadata filtering

II. Network vulnerabilities

    Mitigations including:

    A. Layered security

    B. Filter – proxy

    C. Authenticate the source – certificates, IP fencing, DoS defense

    D. Authenticate the user – AD credentials, complex passwords, SSO

    E. Authorize – manage email attachments

III. Example of a secure architecture

We welcome you and your questions on June 10th.

Write to us at: contact@mobilehelix dot com.

-Maureen

Okta Sees a COVID-19 “Zoom Boom”

If you have an office job, you likely now WFH (work from home). The odds are that you have found yourself on at least a handful of video teleconference calls in the past four weeks. There is no question that video conference services have been the backbone of the information workforce during this month of “stay-at-home”. Teachers, students, courtrooms, and television shows are going live from homes all over America.

In the process of doing research, I happened to find this April 8th post by Hector Aguilar, Okta’s President of Technology, How COVID-19 Is Changing the Way We Work: Zoom Boom + MFA is the Way. Okta is a leader in identity management and Multi-Factor Authentication. Therefore, Okta has a unique and vast window into the usage of cloud services.

We all know anecdotally that Zoom usage has been rocketing. This is the first data that I have seen comparing Zoom to other video conference services.

Percentage Increase in Unique Daily Users of Zoom, Cisco WebEx, and Ring Central from 2/24/2020 to 3/27/2020
Source: Okta

From February 28 to March 27, Cisco’s WebEx and Ring Central’s unique daily users were up about 50%, but Zoom’s were up 200%.

Zoom’s adoption has been nothing short of incredible. From yoga teachers to grandparents, people are thrilled with its ease of use. I have used quite few of the video conferencing services. Out company tried Zoom over two years ago and never looked back. Both the ease of use and the pricing were  a world apart from the other services.

Zoom has had a challenge-laden couple of weeks as the onslaught of users and attention by security analysts have exposed vulnerabilities. Some, such as “Zoom-bombing,” where intruders disrupt a session, can be managed with existing policies. Others are more serious. Zoom is reporting fixes weekly. They report that they have removed the use of the Facebook SDK in their iOS app, which was sending user data to Facebook.

School districts have banned usage of Zoom. There are three class-action law suits against Zoom.

Zoom announced yesterday that they have formed a CISO Council and an Advisory Board to look at ways to address Zoom’s security and privacy issues, with CISOs from VMware, HSBC, NTT Data, Netflix, and more participating. In what would appear to be a major coup for Zoom, Alex Stamos, former CSO at Facebook, now at Stanford, tweeted on April 8th that he will join Zoom as an outside advisor.

I’m optimistic that they will resolve most of these issues. Zoom has a lot to gain by doing so.

-Maureen

April 9, 2020

We’re an official NetDocuments ISV Partner!

We’ve been a NetDocuments partner for years. Recently, with Leonard Johnson heading up their partner ecosystem, NetDocuments have formalized their NetDocuments ISV Partner Program. We have used their REST APIs to give NetDocuments users access to their documents and their email in the same encrypted container app, LINK. NetDocuments is committed to the platform approach wherein both Independent Software Vendors and NetDocuments customers can develop solutions for optimizing their workflows using the REST APIs.

It’s easy to review, compare, annotate, file, and email documents all within our LINK app. LINK also offers a managed integration with the Microsoft Office apps for editing on an iPad or smartphone.

Continue reading

ILTA LegalSEC Summit 2019 Redux

We are back from a busier than ever ILTA LegalSEC Summit. People attend LegalSEC to genuinely learn how they can keep their law firms protected. This is no easy feat because cybersecurity is a moving target. While Big Law firms participate, there is great value for small and medium sized firms where there might not be a CISO. The Director of IT or network engineer might be the security department. The two or three days at LegalSEC are packed with information.

This year the well-received keynote by William R. Evanina, Director of the National Counterintelligence and Security Center, was recorded. Another popular session was “Leverage These Free Resources to Up Your Security and Governance Game.” Both of these and several other LegalSEC 2019 sessions can be heard at no cost by ILTA members, here.

Heads up, save the date. Next year’s LegalSEC Summit 2020 will be June 1-3 and the location…San Antonio at the Marriott Riverwalk. If you have visited the Riverwalk you know that this is a fantastic location. Hope to see you there.

Mobile Helix LINK at ILTA LegalSEC Summit 2019, June 3-5

We love LegalSEC!

and we are a sponsor again this year. We will be at Table number one showing LINK’s latest mobile DLP features.

Stop by to say hi and to see a LINK demo. Our LINK app’s encryption, containerization, and authentication provide strong security for your documents and data. Now LINK offers key word and metadata filtering, recipient checking, and restriction on emailing files from classified workspaces.

This year’s keynote speaker is William R. Evanina, Director of the National Counterintelligence and Security Center.

Register here

ILTA LegalSEC Summit 2019 Keynote Speaker William R. Evanina

LegalSEC Summit 2019 is designed for technology professionals at every level who manage security, information governance and data privacy tech projects and initiatives in support of the practice of law. This exciting two-day Summit offers premier learning and a connected networking environment to focus on information security challenges faced by the legal industry.

Is Your Email Vulnerable? Ask the Chinese Military

Image: ribkhan, Pixabay

I’m a current events junkie. I’ll admit it. And I work with law firms. Thus, my favorite podcast? “Stay Tuned with Preet.” Yes, this is Preet Bharara, the former U.S. Attorney for the Southern District of New York. Check out an episode. Preet takes a few questions about the law at the beginning of each episode. Then he has a guest. Preet is not only smart, but surprisingly personable. It’s a fast-moving hour.

A recent guest was John P. Carlin, former Assistant Attorney General for the National Security Division at the Department of Justice and Chief of Staff to Robert Mueller at the FBI. He is currently a partner with Morrison & Foerster. Carlin is an international cybersecurity expert.

One of the things which caught my attention in this episode was Carlin’s story of the US subsidiary of a German company whose data was stolen by hackers in the Chinese military. The company, SolarWorld, in Hillsboro, Oregon, made solar energy components.

How was the data stolen? Email. Carlin said, “Email. It is the least protected part of the system, usually. Not like Intellectual Property which is encrypted or where special measures are taken to protect it. They stole email traffic.”

Continue reading

ILTA Webinar: Mobile, Secure NetDocuments Workflows: NetDocuments® DMS + LINK Encrypted App

Do you use NetDocuments® DMS today or are you evaluating NetDocuments? If you are looking for an encrypted container app approach for mobile NetDocuments DMS, our LINK app may provide that extra client-side security that you are looking for.

Date and time: Monday, February 11, 2019, Noon EST

Watch a recording of the demo here

Continue reading