Email is Exhibit A

June 10th, 2006

According to a recent article by Darrell Dunn, “more emails are used as evidence in legal suits now, making new tools to better monitor and manage email usage crucial”.

Despite so many highly publicized legal cases involving email, only 35% of companies have email retention policies, and 37% of employees say they don’t know which messages should be retained and which purged, according to surveys conducted by the American Management Association and the ePolicy Institute, a training and consulting firm.

Most companies don’t realize that failure to get a handle on email–and soon instant messages and blogs and other forms of business communications–can cost them a lot of money and their reputation.

“The first thing my clients want to see now is email and email attachments,” says Eric Blank, managing attorney of law firm Blank Law & Technology, which specializes in electronic evidence detection. “Sometimes that’s the only thing they search.” Legal battles involving email can be costly. A good paralegal or attorney can review about four documents per minute looking for evidence, Blank says. If a company has to review millions of pages of email, legal fees of US$300 an hour can quickly add up to hundreds of thousands of dollars.

“A few years ago, many businesses said they should delete [old E-mail], but today the conventional wisdom is to keep it,” says Aaref Hilaly, chief executive of Clearwell Systems. “Once an email is out there, it’s out there, and you can’t guarantee an email has been obliterated. It could always be lurking on some user’s machine or be in the hands of a competitor. Deleting email is like playing poker without knowing what all your cards are. Do we fight or settle?”

The companies may employ specific software to search for particular pieces of data or individual messages. In this case, the ability to dive down into the data, index it, and retrieve it radically simplifies the processing of getting particular content.

Speed is good when hit with a lawsuit or subpoena. But advance planning is better. Businesses are expected to start spending substantially more money on email archiving applications, with sales predicted to jump from US$796 million this year to US$7.8 billion in 2010, according to consulting firm the Radicati Group.

Even companies not facing legal threats need to consider better ways of managing and monitoring email, and they also should review their policies on message retention and archiving. It’s better to deal with these issues in advance than have to confront them on the witness stand.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

Australian police to get password powers

June 10th, 2006

Australian police in Queensland are to be given power to force suspects to hand over passwords and encryption codes.

The legislation, to come into force in July, covers mobile phones, PCs, handhelds and other electronic devices. Non-compliance carries up to 12 months’ jail.

While police have software tools to crack encryption, Queensland Police Minister Judy Spence said the powers, which required a warrant, would save time and resources.

“This law prevents criminals from withholding electronic evidence by forcing them to give police access to data from their computers, mobile phones and other electronic storage devices… As computer technology becomes more sophisticated, so must the safeguards that protect our society.”

Civil liberties groups, however, were concerned the legislation would allow police access to suspects’ digital signatures.

Ironically federal legislation due to come into force shortly is moving in the opposite direction, offering users more protection for so-called stored data such as voicemails and messages stored on mobile phones.

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

Can Single Sign On be Simple Sign On?

June 7th, 2006

An article by David Perry at IT-director.com describes the benefits and shortcomings of single sign-on authentication method:

“Fundamentally, Single Sign On (SSO) is a straightforward idea. You use a proxy device to authenticate a user, and the proxy then manages all the login idiosyncrasies of the applications they want to access”.

“The devil is, of course, in the detail. For example, how do you know how all of your enterprise applications manage their login? Does the proxy do this for you or do you have to write a login script for each one individually? If you deploy the solution and the application decides it wants a password refresh, is your helpdesk buried by calls from angry users who can’t get into the application and do their work?”

The other thing we need to realise is that SSO is not an authentication solution in itself; the connection to the proxy can be as open or tightly controlled as you like. An SSO proxy also needs to be 100% reliable, otherwise it will lock out all users from the system when it fails. Furthermore, security of the SSO solution itself is a big consideration as the proxy necessarily contains the login credentials and access rights of every user on the network.

However, if implemented appropriately, a well-executed SSO solution gives network and security managers a central point for implementing network policies, such as application access rights.

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files containing sensitive data on your network and relocate them if necessary.

Identity Theft’s Reach and Costs

May 30th, 2006

The New York Times published today a survey results on the number of people in the US, who suffered from identity theft: “The ranks of identity theft victims are large… In broad terms — including a thief’s use of existing credit card, bank or other accounts — the number of victims is about nine million a year, or roughly 4 percent of the United States adult population, according to surveys by Javelin Strategy and Research, an independent research firm.” About three million Americans each year fall victim to the worst kind of identity theft, new account fraud.

Although there are no exact figures of the crime’s costs, the Javelin study estimates the average annual cost per stolen identity at $6,300, a 22 percent increase since 2003.

Another New York Times article advises the following 8 steps to avoid identity theft:

  • Get a free credit report once a year and report any suspicious activity.
  • Cancel unnecessary credit cards.
  • Do not carry your Social Security card in a wallet or purse.
  • Use credit cards, not debit cards, for online shopping.
  • Do not leave mail in an unlocked box.
  • Keep tax records and other documents in locked files. Many identity thieves are relatives, colleagues or home visitors or workers.
  • Reduce preapproved credit offers by visiting www.optoutprescreen.com.
  • If businesses ask for your Social Security number, ask to use other identification instead.
  • Identity theives can also steal your identity information from your home PC, or computer at work. In order to secure this data, you need to implement specific technology solutions. But, notwithstanding all these measures, no one can be absolutely sure his identity information is safe.

    This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

    IT Security Breaches Survey

    May 22nd, 2006

    The report released in April, sponsored by the UK Department of Trade & Industry, highlights the fact that most businesses are a long way from having a security aware culture. Although three quarters of UK businesses rate IT Security as a high priority, with protecting customer information becoming increasingly important, worryingly just 1 firm in 8 has IT security qualified staff to put procedures in place.

    Identity theft and fraudulent attacks are ranked as having the most severe impact, with the average ‘worst incident’ ringing in at £12,000, up by £2,000 since 2004. The most obvious and valuable data obtainable from these attacks would be detailed customer information such as credit card and bank details, typically siphoned off by Keylogging software.

    “One of the most malicious and real attacks a company faces is from spyware. This software is most likely to enter a company’s computer network through internet downloads and email attachments; simple logic dictates that a free reign as regards accessing the internet and email will significantly increase the chances of this form of attack.”

    “Staff should be vetted during the recruitment process with full background checks administered. This should be followed up with an education session about their security responsibilities and regular reminders. The possession of USB drives should also be carefully monitored – they can go unnoticed and could ultimately be used to steal your intellectual property.”

    According to IT Voices.

    This blog is run by the authors of FindProtected.
    FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

    Information security matters most

    May 22nd, 2006

    The Financial Express published a report based on the inputs from the CIOs of 149 IT decision-makers. Information security tops the chart of technologies. According to the study, 55% of the respondents consider security as a key technology priority. ERP and servers are the other two top technologies that large businesses are focusing on.

    91% of the respondents still fear viruses and worm attacks the most. The next critical security issue is spam and unsolicited mail, with 67%, followed by Trojans and remote access control.

    Most large businesses agree that 65% of their corporate e-mail traffic is spam. To handle this, it is essential to have an anti-spyware solution implemented on desktops as well as at the gateway. Apart from this, it is imperative to conduct user awareness training.

    This blog is run by the authors of FindProtected.
    FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

    VoIP conversations should be recorded

    May 22nd, 2006

    According to Martin Courtney’s article “Wanted: for crimes against IT”, “The annual policy premium could soon get higher as regulators find new kinds of data to include. Transcripts of voice over IP (VoIP) conversations may be next on the list alongside email and instant messaging chats”.

    It’s fair to say that rules to make corporate executives more accountable were long overdue, if only to ensure that shareholders’ cash and employee pension schemes are less likely to fall into a big, black, financial hole. But though security experts always point out that it makes sense to calculate the extent of any potential risk before spending time and money implementing systems to protect against it, the legislators and industry bodies responsible for corporate governance rules and guidelines don’t appear to have been listening.

    Recording, indexing and archiving employees’ VoIP calls so they can be retrieved at a moment’s notice when a nosy auditor comes your way would be difficult enough in itself. But what is more worrying is where the precedent of keeping such information could lead.

    Because once you take the view that every internal conversation between employees for which there is no written record needs to be noted and stored, where does the line between what should and should not be included begin and end? Does a furtive tête-à-tête in the toilets, a sotto voce exchange in the lift, or a talking heads session by the coffee machine, qualify, for instance? What about the conversations between employees when they are not on company premises and perhaps not even on company time?

    More crucially, how do IT managers actually collect this information in the first place without extending their remit to covert surveillance (and would they suffer consequences for any failure to carry out their duties)? “The future looks less corporate security, and more Ceausescu Securitate, it seems”.

    This blog is run by the authors of FindProtected.
    FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

    Measure and control IT security with Balanced Scorecard

    May 17th, 2006

    Implementation of IT security metrics enables the organizational management to analyze the IT systems technical, operational, and management controls performance.

    AKS-Labs has released a version 1.3 of Stategy2Act Balanced Scorecard software. Stategy2Act is a Windows program that supports a balanced score card conception, allows to connect strategy to action. The new version includes IT security metrics.

    Strategy2Act is a Balanced Scorecard (BSC) support software. It is designed to help build a Balanced Scorecard. The new version 1.3 includes new metrics necessary to measure and control IT Security. New groups are “Risk Management”, “Contingency Planning”, “System Life Cycle”, “Personnel Security”, “Data Integrity”. The new scorecard allows to learn strong and weak points of organization IT security and suggest possible ways to solve security problems.

    Read more at Strategy2Act home page


    This blog is run by the authors of FindProtected.
    FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

    Avoiding the electronic discovery trap

    May 14th, 2006

    With e-mail dramatically increasing the sheer volume of electronic information stored and disseminated on a daily basis, your organization can ill-afford the consequences of not being prepared to deal with the evolving legal landscape of electronic discovery.

    Business organizations should consider the following steps in order to avoid the potential perils of electronic discovery:

    1. Establish a written, comprehensive record retention and destruction policy.

    2. Develop a preservation/litigation hold policy. A comprehensive litigation hold policy must effectively advise employees of their obligation to preserve records relevant to anticipated litigation.

    3. Create a litigation hold team. Team members may include people from the legal department, (including outside counsel to oversee compliance), a paralegal or project manager responsible for day-to-day supervision of the collection and production of electronic discovery materials, a records management person, senior management, and a member of the IT department (who may assist counsel in gaining familiarity with your retention policies and data preservation architecture).

    4. Identify all sources of potentially relevant information.

    5. Continually follow up and improve items 1, 2 and 3.

    See original article.


    This blog is run by the authors of FindProtected.
    FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

    Colleges prime target for identity theft

    May 14th, 2006

    People ages 18-29 make the most reports of identity theft in the US, according to the Identity Theft Data Clearinghouse, a division of the Federal Trade Commission.

    According to the experts, colleges and universities are a prime target for electronic data thefts because of their wide use of names, addresses and Social Security numbers. “The reason is simple. Colleges have a tendency to use information, like Social Security numbers, for student IDs,” said Jay Foley, executive director of the Identity Theft Research Center.

    In the past year, security issues have been reported in Kent State, Miami and Cleveland State universities, as well as the Ohio State University. Some have been computer thefts or hacking, while in other cases personal information was accidentally posted online. Many of the schools are updating their computer security systems and urging students to be careful when storing personal information.

    See original article.

    This blog is run by the authors of FindProtected.
    FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.