Who is putting security at risk? It might be your CXOs…

A new report from MobileIron, “Trouble at the Top,” is eye-popping, although perhaps not surprising to IT professionals. In fact, it might provide very helpful data in making your case for security policies within your organization.

Between February and March 2020 Vanson Bourne interviewed 300 enterprise IT decision-makers and 50 C-level executives in Europe, UK, and the US regarding their organizations’ mobile security protocols.

C-Suite executives are highly targeted for cybersecurity attacks, including phishing.

Yet “76% of C-level executives admitted to requesting to bypass one or more of their organization’s security protocols” during the last year, per the findings.

In a note of irony for IT professionals, “Almost three in four (72%) IT decision-makers also claimed the C-suite is the most likely to forget or need help with resetting their passwords,” writes ZDNet, quoting from the MobileIron study.

MobileIron’s overall point is that employees need the right tools to be secure and productive at the same time. Or, as we would say, security measures cannot afford to impair usability or people will conjure up a way around them.

There is much more in the study. You can register for the download of MobileIron’s “Trouble at the Top” report here.

-Maureen

Protect Your Data in a Remote Work Environment – ILTA Educational Webinar

Working remotely became a neccessity almost overnight. But were firm architectures ready? Two common entry points to system hacks, social engineering and network vulnerabilities, threaten the security of remote working. In this session, Mobile Helix CEO and Chief Architect, Seth Hallem, will describe these vulnerabilities and propose practical and actionable ways to address these weaknesses using safe browsing, network proxies, authentication, authorization, and DLP. These mitigations apply to both desktop and mobile devices.

This is an ILTA Educational Webinar. It is free to members as well as to non-members as part of ILTA’s COVID-19 content. Non-members may register for a free login-in.

WATCH THE RECORDED WEBINAR HERE

Outline:

I. Social engineering: Phishing, “Water Hole,” SIM card swaps

   Mitigations including:

    A. Safe browsing

    B. No SMS

    C. Web filtering via proxying

    D. Data Loss Prevention (DLP): printing, recipient checking, metadata filtering

II. Network vulnerabilities

    Mitigations including:

    A. Layered security

    B. Filter – proxy

    C. Authenticate the source – certificates, IP fencing, DoS defense

    D. Authenticate the user – AD credentials, complex passwords, SSO

    E. Authorize – manage email attachments

III. Example of a secure architecture

We welcome you and your questions on June 10th.

Write to us at: contact@mobilehelix dot com.

-Maureen

ILTA LegalSEC Summit 2019 Redux

We are back from a busier than ever ILTA LegalSEC Summit. People attend LegalSEC to genuinely learn how they can keep their law firms protected. This is no easy feat because cybersecurity is a moving target. While Big Law firms participate, there is great value for small and medium sized firms where there might not be a CISO. The Director of IT or network engineer might be the security department. The two or three days at LegalSEC are packed with information.

This year the well-received keynote by William R. Evanina, Director of the National Counterintelligence and Security Center, was recorded. Another popular session was “Leverage These Free Resources to Up Your Security and Governance Game.” Both of these and several other LegalSEC 2019 sessions can be heard at no cost by ILTA members, here.

Heads up, save the date. Next year’s LegalSEC Summit 2020 will be June 1-3 and the location…San Antonio at the Marriott Riverwalk. If you have visited the Riverwalk you know that this is a fantastic location. Hope to see you there.

Mobile Helix LINK at ILTA LegalSEC Summit 2019, June 3-5

We love LegalSEC!

and we are a sponsor again this year. We will be at Table number one showing LINK’s latest mobile DLP features.

Stop by to say hi and to see a LINK demo. Our LINK app’s encryption, containerization, and authentication provide strong security for your documents and data. Now LINK offers key word and metadata filtering, recipient checking, and restriction on emailing files from classified workspaces.

This year’s keynote speaker is William R. Evanina, Director of the National Counterintelligence and Security Center.

Register here

ILTA LegalSEC Summit 2019 Keynote Speaker William R. Evanina

LegalSEC Summit 2019 is designed for technology professionals at every level who manage security, information governance and data privacy tech projects and initiatives in support of the practice of law. This exciting two-day Summit offers premier learning and a connected networking environment to focus on information security challenges faced by the legal industry.

Is Your Email Vulnerable? Ask the Chinese Military

Image: ribkhan, Pixabay

I’m a current events junkie. I’ll admit it. And I work with law firms. Thus, my favorite podcast? “Stay Tuned with Preet.” Yes, this is Preet Bharara, the former U.S. Attorney for the Southern District of New York. Check out an episode. Preet takes a few questions about the law at the beginning of each episode. Then he has a guest. Preet is not only smart, but surprisingly personable. It’s a fast-moving hour.

A recent guest was John P. Carlin, former Assistant Attorney General for the National Security Division at the Department of Justice and Chief of Staff to Robert Mueller at the FBI. He is currently a partner with Morrison & Foerster. Carlin is an international cybersecurity expert.

One of the things which caught my attention in this episode was Carlin’s story of the US subsidiary of a German company whose data was stolen by hackers in the Chinese military. The company, SolarWorld, in Hillsboro, Oregon, made solar energy components.

How was the data stolen? Email. Carlin said, “Email. It is the least protected part of the system, usually. Not like Intellectual Property which is encrypted or where special measures are taken to protect it. They stole email traffic.”

Continue reading

Our CEO in CSO: Ripped from the headlines – are your messages secure in these encrypted apps?

In the investigations of Paul Manafort and Michael Cohen, the FBI has retrieved messages from Signal, Telegram and WhatsApp. While there are weaknesses inherent in all of these apps, the question remains: What does a good data protection scheme look like?

 

A few days ago, the FBI revealed that Michael Cohen’s messages sent with Signal and WhatsApp are now available as evidence in the on-going investigation into his various dealings. While thousands of emails and documents have already been recovered from Cohen’s devices, home, hotel room, and office, the recovery of data from messaging apps that promise end-to-end encryption is surprising. One would presume that end-to-end message encryption should ensure that those messages are unrecoverable without assistance from Mr. Cohen. However, clearly that is not the case.

Continue reading

In the aftermath of yet another Meltdown, no secrets are safe – Seth Hallem

Meltdown and Spectre reveal that perfect information protection comes at an increasingly steep cost.

In the field of data security, 2018 began with a jolt. The revelation of the Meltdown and Spectre security vulnerabilities has taught us that in 2018 (and beyond), nothing is sacred.

Speculative execution, the architectural concept that is exploited in the Spectre vulnerability, has been in use by mainframe processors since the mid-1970s. It is taught in Computer Architecture 101 in universities around the world. And yet, it turns out that the security implications were never fully understood until about seven months ago.

Out-of-order execution, the culprit in the Meltdown vulnerability, is also a ubiquitous concept, although Meltdown is easily avoided with a better implementation of the concept.

Continue reading