Bank of China New York (http://www.bocusa.com), the US branch of the world's fifth largest bank, uses Proofpoint to block incoming spam and viruses, prevent exposure of private information and encrypt sensitive outbound emails to achieve compliance with data privacy regulations including the Gramm-Leach-Bliley Act (GLBA).
Last week, I was at Proofpoint's East Coast "Inner Circle" customer event and I had a chance to sit down with Kostas Georgakopoulos, Director of Information Security at Bank of China's US branch and talk with him about how the bank is using Proofpoint. You can view the resulting video embedded in this post.
Writer Penny Crosman at Bank Systems & Technology also spoke with Kostas last week and her article, Bank of China Steps Up Email Securityis also out today. In the article, Kostas says:
"Like other financial institutions, we're targeted by spammers and people who send us spearing attacks... Our concern is to protect the integrity of our data, our customers' confidential information, and the availability of our systems... We needed something that would scale, that would provide additional capabilities, for example to help us meet regulatory concerns such as Gramm Leach Bliley."
If your organization faces similar data protection and regulatory compliance challenges, you'll probably be interested in the Proofpoint whitepaper, Protecting Enterprise Data with Proofpoint Encryption, which you can register to download here:
I shot quite a few more Proofpoint customer videos at last week's event (and hope to this week at our West Coast "Inner Circle" meeting), so stay tuned for more.
As you might already know, Proofpoint exhibited last week at the RSA Conference 2010 in San Francisco. As part of our exhibit (see photo at left), we conducted an electronic survey about email trends that more than 120 booth visitors kindly took the time to fill out.
48% of respondents said their organizations had been the target a "spear phishing" attack. That is, they were targeted by a phishing email designed specifically to compromise their own email users.
59% of respondents said that their organizations have deployed an email encryption solution. An additional 19% intend to deploy such a solution in the future (most in the next 12 months).
43% of respondents said that effectiveness and accuracy is the most important factor when selecting an email security solution, while 20% said that "ease of administration" was the most important factor. 16% cited cost, 11% cited available deployment method (e.g., SaaS vs. appliance) and 6% cited vendor brand/reputation as the most important decision factor when selecting an email security solution.
Survey respondents were also asked about their top email annoyances. It's probably no surprise that spam and phishing emails that get through the organization's spam filter were the top two annoyances (39% and 27%, respectively). But certain types of legitimate email were most annoying for some of our survey respondents:
15% find legitimate email newsletters/marketing emails that are sent too frequently their top email annoyance.
10% find legitimate emails from coworkers or business contacts "that I just don't have time to answer" as most annoying. (Personally, I would fall into this camp!)
7% find social media notifications and other types of legitimate, but non-essential, emails as most annoying.
RSA 2010 was a great show for us with a lot of customers and more than 1000 interested attendees who dropped by the booth. Thanks to everyone who took the time to stop by our booth! As promised, I do have a few video interviews coming soon to the blog. Stay tuned...
A giant thank you to all of the Proofpoint Email Security Blog readers who took the time to vote in SC Magazine's blog awards! We've been named "Best Corporate Security Blog" in the SC Magazine Awards 2010!
Been too busy at the RSA Conference to do much blogging yet this week, but look for a few new videos we taped at the show that we'll be posting over the next couple of days.
And if you're at RSA Conference 2010, please take a moment to visit the Proofpoint booth (#1132) and take our email security survey!
Today, in an announcement issued from our booth at RSA (#1132), Proofpoint introduced the latest update to our SaaS email security and data loss prevention platform, Proofpoint 6.1.
New features in Proofpoint 6.1 include support for mutli-protocol (HTTP, HTTPS) data loss prevention, a new data loss prevention dashboard (pictured at left - click for a larger image), encryption enhancements including an Outlook plug-in for the Proofpoint Encryption solution and a variety of other security and performance enhancements.
You can check out the full press release, which has a lot more detail, here:
RSA Conference 2010 exhibits open tonight and we're looking forward to seeing any of you who are attending! Find Proofpoint at booth #1132. When you stop by, please take a moment to take our quick email security survey and we'll give you one of our classic "Defend Email" t-shirts.
Also, we're giving away a $500 Apple gift card to one lucky visitor, so make sure you drop by and get your badge scanned. See you there!
Our live web seminar series continues on March 24th, 2010 with an important topic that we haven't covered in a while, compliance with PCI (Payment Card Industry) data security standards. If your company handles credit cards and cardholder data, you should be aware of these requirements.
We'll discuss the critical role that email security plays in PCI-DSS compliance. You'll also hear real-world examples of how Proofpoint customers use integrated email encryption and data loss prevention technologies to tackle a wide variety of compliance challenges, securely transmit sensitive data via email and improve the levels of service and convenience they deliver to their customers.
Find more details and register by visiting the link below:
Earlier this week, the US Department of Health and Human Services (HHS), which is now charged with enforcing the US healthcare privacy laws known as HIPAA and HITECH, began posting a list of organizations that have notified the HHS about breaches of unsecured health information that affected more than 500 individuals (as required by section 13402(e)(4) of the HITECH Act, which requires the Secretary of the HHS to "post a list of breaches of unsecured protected health information affecting 500 or more individuals.")
The editors of HealthcareInfoSecurity.com (which is an awesome resource, BTW) have a good summary in their article, "Breach Reports: We've Only Just Begun."
You can find the HHS's list of reported breaches here:
Causes for these breaches run the gamut from thefts of paper printouts, hacks and misdirected email messages to losses or thefts of laptops and mobile devices (which would seem to be the most common problem from my cursory scan of the list).
From the "It's an Honor Just to be Nominated" category, the Proofpoint Email Security Blog has been nominated by the US editors of SC Magazine as one of the "Best Corporate Security" blogs. The winner will be determined by votes at the SC Magazine site (http://www.scmagazineus.com).
The poll itself is right on the SC Magazine US homepage (see illustration at left) and it only takes a second to vote.
So, if you like this blog, won't you please take a moment to vote for us as "Best Corporate Security Blog"? Just click the graphic at left or this link to visit the SC Magazine site and vote.
All of the blogs nominated in the different categories are really great and it really is an honor to be included in this list. Thanks, SC Magazine!
Polling closes on Friday, February 26th at 11:00 AM ET, so do cast your vote now.
We issued a press release today about Proofpoint customer University Hospital of Zurich (aka USZ), about their deployment of Proofpoint Messaging Security Gateway email security appliances to protect 7000 email users at the hospital from spam, viruses and other inbound email risks.
Additionally, the hospital uses Proofpoint Secure File Transfer as a way to transfer large files, or files that require enhanced security/encryption, "out of band" from their SMTP email system. Like healthcare organizations in the US, University Hospital of Zurich wants to ensure that confidential, personal healthcare information isn't improperly exposed. Proofpoint Secure File transfer lets staffers send information such as patient data, medical test results, insurance information and other sensitive info in a secure fashion.
Jens Grundtvig, the manager of network security for University Hospital of Zurich says that the hospital chose Proofpoint because of a combination of ease of administration, security and cost reasons.
“The combination of an easy-to-deploy appliance, ability to enforce policies for individual users and groups, the price-performance ratio and the option for secure file transfer gave Proofpoint a strong advantage over the other four suppliers [that the hospital considered],” says Grundtvig.
You can read the full press release at the Proofpoint site here:
In the wake of their recent announcement about online scams becoming an increasingly common occurance in the UK, the British Office of Fair Trading has now received £4.3 million, which will be invested in helping to stop online scams. In a CIO article on the story, it's reported that the new enforcement team enabled by the funding will track Internet fraudsters behind online scams with an emphasis on scams offering fraudulent tickets for music and sporting events as well as the sale of fake goods (which, as you know are commonly hawked via spam email).
In other OFT news, the agency also issued a warning to Britons about a rise in the number of "work from home" and employment scams. The OFT says that their statistics show that one in four UK adults has at some point in their life been contacted by work from home scammers. These scams are attempts to swindle money by offering so-called profitable business opportunities or start-up advice. Their data also shows that 17 per cent of the adult population has been targeted in the last 12 months, and the incidence of such scams is rising.
'We are seeing an increasing volume of work from home and business opportunities scams," said Heather Clayton, senior director of the Office of Fair Trading's Consumer group. "People who are struggling financially may be particularly vulnerable to these types of scams. Genuine work from home schemes should tell you in writing exactly what you will be expected to do, how much you will be paid and how and when you will be paid."
I've reported in this sort of job scam activity in the US extensively in the past and have some tips to help keep consumers from being victimized by job scams:
Remember, first of all that any offer presented to you that sounds too good to be true usually is—whether it's presented via email, phone or direct mail.
Simply do not respond to these sorts of solicitations. Especially do not click links presented in such emails (which may lead to fraudulent websites that attempt to install malicious software on your personal computer). Note that the latest job scam emails do not include links, asking job seekers to respond to a generic webmail account (like a gmail or Yahoo mail account).
Keep in mind that anyone can place an online ad, send you an email, or post a "lure" in otherwise legitimate online forums.
Never pay a company to hire you. If the employment process involves sending the employer money, it's almost definitely a scam.
Do not wire money (which is the same as sending cash) to individuals unknown to you or to firms that have supposedly hired you.
