Proofpoint: Security, Compliance and the Cloud

48 posts categorized "Privacy"

November 08, 2011

Check Out the Updated Proofpoint Corporate Website and Our New Brand Video

New-Proofpoint-Website-2011As regular Proofpoint watchers will no doubt have already realized, last week we launched an updated version of the www.proofpoint.com website featuring a new look and feel, completely revised product content, a refreshed resource center (where you can find a wide variety of datasheets, whitepapers and other collateral) and much more. 

A few updated features are still coming, including an updated look for this blog and the return of our "Security, Compliance and the Cloud News" service.  Stay tuned! If you're a recent or frequent visitor to the site, you may need to clear your browser's cache (or shift-click your browser's refresh button) to force your browser to download the very latest versions of files used and display the new site properly.

One of the most interesting new assets on the site is right on the home page:

Proofpoint's new brand video, "Defending the Ever-Changing Now" is a short, evocative (and cool-looking!) spot that explores the theme of how Proofpoint's solutions defend the "ever-changing now" — keeping enterprises safe from inbound threats (such as spam, phish, viruses, malware); guarding against leaks of private and confidential information; archiving information for legal readiness, governance, investigations, compliance and eDiscovery; and securely encrypting email communication.

You can watch it right here... and feel free to share it with your friends and colleagues.

September 20, 2011

Proofpoint and VMware Team-up to Bring Enhanced Email Security and Compliance to VMware Zimbra Users

Vmware_zimbra_cmyk

Today's Proofpoint press release (see, "Proofpoint Delivers Enhanced Security and Compliance for VMware Zimbra Email and Collaboration Solution") announces some exciting new work with VMware in which we've integrated the Proofpoint Enterprise Protection email security and Proofpoint Enterprise Privacy data loss prevention suites with the VMware Zimbra Collaboration Server.

If you're not familar with Zimbra, it's a leading open source email and collaboration solution that offers a collaboration hub for email, contacts, calendars, documents, file sharing, tasks, social media and enterprise applications. The integration offers VMware Zimbra users a whole host of best-in-class email security, regulatory complianceemail encryption, anti-phishing, data privacy and data loss prevention capabilities.

Proofpoint worked with the VMware Zimbra team to create a version of Proofpoint Enterprise that is custom-engineered to integrate to the Zimbra platform. Some of the Zimbra-specific enhancements include: A new secure-send "Zimlet" (Zimlets are new end-user functionality created through a set of open APIs) that allows users to send encrypted messages using Proofpoint Encryption. (This new Zimlet will be available in the next couple of weeks.) And features that automatically quarantine spam by learning from actions taken by end-users.

Special Introductory Offer

As part of this launch, Proofpoint is offering qualified users of the VMware Zimbra Collaboration Server virtual appliance a fully functional, 60-day trial of  Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy. Qualified trial users that purchase a license for Zimbra Collaboration Server can have the trial of Proofpoint Enterprise Protection extended for additional 12 months.

(Yep, you read that right, up to a year of Proofpoint's outstanding email security capabilities for free. And, nope, we've never made this sort of offer available before.)

To register for the free 60-day trial, visit http://www.proofpoint.com/zimbra.

We're looking forward to continuing to work with the VMware Zimbra team. The team-up with Proofpoint is just one of many examples of how Zimbra is workingwith partners to deliver integrated solutions that work with the Zimbra Collaboration Server platform. You can see more in the the Zimbra Gallery and Zimbra Community (currently with more than 45,000 members). Check it out!

September 06, 2011

Email Encryption: New Osterman Research Whitepaper Says Encryption Investments "Pay for Themselves"

Download this Email Encryption White Paper from Osterman Research

Our friends at Osterman Research recently published a new white paper - How Encrypting Content in Transit and at Rest Reduces Liabilities and Costs for any Organization- about email encryption and similar topics. You can get a free copy, compliments of Proofpoint, by following the link or by filling out the form at the bottom of this post.

In this new report, Osterman Research notes that investments in encryption "pay for themselves" through a number of different avenues. As regular readers of this blog are aware, encryption technologies can play a crucial role in regulatory compliance and regulatory fine avoidance. But email encryption and other types of encryption can also enable secure business and deliver other forms of business value, as described in this new paper.

If you're looking for help in creating a business case for deploying an encryption solution (such as the Proofpoint Encryption email encryption solution), this 15-page report can be extremely helpful. It includes a good summary of the various US state laws that govern security breach notification (or that may require or imply encryption) as well as the many US and international regulatory obligations (such as GLBA, PCI-DSS, FINRA, HIPAA, the UK DPA, Canada's PIPEDA) that imply similar requirements.

To read a copy of the complete Osterman Research report, register at the following link — How Encrypting Content in Transit and at Rest Reduces Liabilities and Costs for any Organization — or simply complete the form below:

 

June 27, 2011

Microsoft Data on Phone Phishing Scams: No, Security Engineers from Legitimate Companies Won't Call & Request Your Credit Card Number

Our partner Microsoft recently published results of a survey revealing a new kind of internet scam that involves criminals calling people at home to tell them their computers are not fully protected from security threats.  The callers request remote access to users’ computers and credit card information by posing as computer security engineers from legitimate companies.

And, of course, once granted access to that information they "run through a range of deception techniques designed to steal money," according to Microsoft's announcement.

Out of 7,000 users surveyed in the U.K., Ireland, U.S. and Canada, 15 percent received a call from scammers and 3 percent fell for the scam.  The average amount of money stolen was $875 and the average cost of repairing damaged computers was $1,730.

Richard Saunders of Microsoft says, “Criminals have proved once again that their ability to innovate new scams is matched by their ruthless pursuit of our money.” 

The line between legitimate calls and malicious schemes can be blurry at times as we often give out credit card information over the phone to pay for bills and order products.  This is especially true with older generations that may not be technically savvy enough to distinguish the difference. 

Microsoft offers some tips on how to protect yourself:

  • Be suspicious of unsolicited calls related to a security problem, even if they claim to represent a respected company.
  • Never provide personal information, such as credit card or bank details, to an unsolicited caller.
  • Do not go to a website, type anything into a computer, install software or follow any other instruction from someone who calls out of the blue.

You can also protect yourself online by following Proofpoint's “seven simple rules for staying safe online.”

 

June 16, 2011

Was Your Email Address Leaked by LulzSec?

LulzSec recently released 62,000 emails and passwords to the public through the group’s Twitter account.  The tweet was shortly deleted but many have already downloaded the list. 

Gizmodo.com developed a simple tool that allows you to check whether your email was part of the leak. 

Our friend at F-Secure, Mikko H. Hypponen, tweeted that the emails and passwords might have originated from writerspace.com:

"Why writerspace.com? Well, the most common passwords include these: mystery, bookworm, reader, romance, library, booklover and..writerspace."

As a friendly reminder, change your passwords often and use passwords with special characters and numbers.

See my previous blog post on LulzSec.

May 04, 2011

Learn About 2011's Top Five Email Security and Collaboration Risks in Healthcare in Our May Webinar

Proofpoint's live web seminar series continues on Wednesday, May 18th with "Healthcare Privacy 2011: Top 5 Messaging and Collaboration Risks." Proofpoint data loss prevention expert Rami Habal will discuss:

  • How hospitals, HMOs and other medical providers can manage email and social media content in compliance with privacy regulations
  • How advances in policy-based email encryption can greatly simplify administration, reduce costs and improve usability for both desktop and mobile email recipients
  • The impact of regulations—including HIPAA/HITECH—on data privacy and retention policies in the healthcare industry
  • Recommendations for taking a proactive approach to archiving email and other communications in the event of litigation or regulatory investigation
  • Trends in inbound threats that could compromise your email and messaging infrastructure, and expose private data
  • How other leading healthcare organizations have tackled today’s critical messaging and collaboration challenges, while improving patient care.

To register, follow the link above, or simply fill out the form in this blog post.

April 14, 2011

Video: Password Security Tips from Proofpoint Customer Tony Hildesheim, Redwood Credit Union

Recently, Proofpoint customer Redwood Credit Union was kind enough to host me at their headquarters in sunny Santa Rosa, California, where Senior Vice President of IT, Tony Hildesheim took time out of his busy schedule to talk with me about how his organization uses Proofpoint to keep both employees and credit union members secure.

As part of that interview, Tony talked about some of the most serious threats that he sees to his members' security. In this excerpt, Tony gave some terrific advice about one of the most important things that web users can do to protect their safety: Use best practices for passwords.

 Check out this short video and feel free to share it with your friends, staff, users, etc.

In this short video, Tony explains how phishing attacks (and variations like vishing and smishing) attempt to get users to give up account credentials by appealing to greed, fear and/or charity.

Using best practices for your passwords can help protect you from these attacks. Tony recommends the following: Use strong passwords (that combine alpha, numeric and special characters), change them often and always use different passwords for different accounts.

Great advice, especially in light of some of the big security breaches we've seen in 2011 (for more on this topic, see my posts State of Texas Exposes Personal Information on 3.5 Million Residents - More Serious than Epsilon Breach? and Stay Safe from Email Threats in the Wake of Epsilon Email List Breach).

I've got more video with Tony talking about how his organization uses Proofpoint, too. Will post those to the blog shortly, but you can also go see them right now at http://www.proofpoint.com/youtube(along with many other interesting Proofpoint videos).

April 12, 2011

State of Texas Exposes Personal Information on 3.5 Million Residents - More Serious than Epsilon Breach?

Regular readers of this blog realize that inadvertent exposures of personal and/or confidential data and violations of regulations (and best practices) for data protection are far from rare (see our annual statistics about data loss, for example), but lately we've seen some huge ones.

In the wake of the recent Epsilon data breach — which exposed only email addresses — comes news of a potential data exposure at the State of Texas involving the email addresses, physical mailing addresses, Social Security Numbers and possibly dates of birth and driver's license numbers of 3.5 million residents.

Kevin Fogarty over at ITworld has a great summary in a blog post from late yesterday (see, "Texas Security Gaffe Dwarfs Epsilon Data Breach"). In short, the Texas state comptroller's office discovered that the records in question had been inadvertently placed on a publicly-accessible server — completely unencrypted — and had been there for as long as a year before being discovered.

As Fogarty notes in his post, this exposure is potentially much more serious than the Epsilon breach, since so much more personally identifiable information was exposed — potentially making those residents prime targets for identity theft, phishing attacks or other forms of fraud. He writes:

"Lost data is often, as with Epsilon, only partial - emails, street addresses or whatever.

Putting full employment and retirement records on a public server, with all the relevant data an identity thief would need to clone and reuse you, and leaving them there for a year?

Texas wins this one hands down over Epsilon. (Although, serendipitously, Epsilon is based in Irving, Texas.)"

As reported by Reuters (see "Private Records of 3.5 Million People Exposed by Texas"), Texas State Comptroller Susan Combs said that there was no indication that any of the information had yet been misused. However, all affected people are being sent letters this week, notifying them of the potential breach.

"I deeply regret the exposure of the personal information that occurred and am angry that it happened," said Combs. "I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered, and was then moved to a secure location."

See my previous post on the Epsilon breach for a recap of Proofpoint's "Seven Simple Rules for Staying Safe Online."

February 24, 2011

Kids, Privacy and SSNs: Why Children are a Top Target for Identity Theft

Over at the Huffington Post this week, there have been a couple of posts about Google having collected partial Social Security Numbers of children as part of the entry requirements for the company's "Doodle-4-Google" contest. (Helpful to start with Larry Magid's post today, "Why Google Stopped Collecting the Last 4 Digits of Kids' Social Security Numbers" which is a follow-up to Bob Bowdon's article, "Why Has Google Been Collecting Kids' Social Security Numbers Under the Guise of an Art Contest?").

As Bob Bowdon pointed out, collecting even partial SSNs can be a pretty big data security and privacy issue since the complete, accurate SSN can often be guessed based on other data such as the person's city and year of birth (which, apparently, Google was also requesting). See this Datamation article, "Social Security Numbers Easy to Hack", which talks about some really interesting research about predicting social security numbers from publicly-available data.

Apparently what the Google contest organizers were trying to do is use partial SSNs as a way of uniquely identifying contest entrants and "de-duplicating" duplicate/multiple entries. Yeah, probably a bad idea on several levels and I won't belabor that point.

Of course, there are many organizations that do have to collect and ensure the security of private identity, healthcare and financial information about children. Recently, I had the chance to interview Proofpoint customer Matt Johnston,who is the senior security analyst for Children's National Medical Center, a leading pediatric hospital based in the metro Washington DC area.

One of the most interesting things that he told me is that children are one of the top targets for identity theft. I hadn't really thought about this before, but it makes sense.

As Matt told me, children have new or "clean" records. They don't have established credit histories and outside of core identifiers like a social security number and birth record, there aren't many other public records associated with a child's identity. This makes that data easier to use in identity theft/fraud and, as a result, personal identity information about children fetches a premium on the black market.

So organizations like Children's National Medical Center have to take privacy protection and data security extremely seriously. As a healthcare organization, CNMC has to comply with HIPAA healthcare privacy regulations, but as Matt explained to me, they go to great lengths to protect their patients' data not just because its required by law but because its part of their core mission of protecting and caring for children.

Matt talks about these issues, how his organization uses Proofpoint's SaaS email security and email encryption solutionsand why he chose Proofpoint (and why deploying those solutions in the cloud was the right decision for CNMC) in this short video:

My thanks once again to Matt for graciously taking the time to share his insights with us!

February 22, 2011

Email Security & Compliance for Healthcare: Customer Case Studies, HIMSS 2011 Conference

Proofpoint-Email-Security-and-Compliance-Healthcare-Case-Study-Scottsdale-HealthcareRegular Proofpoint followers and readers of this blog are familiar with the many email security and compliance concerns around private healthcare information ("PHI").

Ensuring compliance with the data security and privacy rules of HIPAA (and the more recent "HITECH" updates to the HIPAA regulation) is critical for healthcare organizations, obviously, but these rules also apply to many other organizations that also handle healthcare information.

Today's Proofpoint press release, "Demand for Proofpoint’s Security and Compliance Cloud Solutions Grows in Healthcare" highlights three healthcare industry customers who use Proofpoint's SaaS security and compliance solutions to secure inbound email, detect and protect (or encrypt) private healthcare information in outbound email and archive email to meet compliance and eDiscovery requirements.

Proofpoint is (not coincidentally) also exhibiting this week at the HIMSS 2011 conference (the leading healthcare IT conference and exhibition) in Orlando, Florida. If you're attending that event, do visit the friendly and knowledgeable staff at Proofpoint's booth (#4001) to learn more about how Proofpoint can help your organization with HIPAA/HITECH compliance and data security.

For example, our announcement today explains how Scottsdale Healthcare, a not-for-profit healthcare system based in Arizona, uses Proofpoint's SaaS solutions for anti-spam as well as for email encryption, ensuring that HIPAA-regulated healthcare information is protected in outgoing email. Scottsdale Healthcare is also the subject of a new case study (PDF format), which you can download via this link: "Case Study: Scottsdale Healthcare Relies on Proofpoint to Cure Spam and Email Encryption Challenges."

Mike Gleason, director of information services at Scottsdale Healthcare, explains, “For our organization, if any information in the body of an email or an attachment contains a social security number, a credit card number, patient identifier, or other sensitive data, it will be captured and secured. These types of data are automatically encrypted, and then forwarded on, which helps us avoid sending out emails that contain sensitive information or patient privacy data to domains outside our organization.”

Another organization, Kelsey Seybold Clinic of Houston, Texas, is moving its deployment of the Proofpoint Enterprise Protection email security solution from an on-premises deployment to Proofpoint's cloud-based (SaaS) offering.

Martin Littmann, director IT systems for Kelsey Seybold Clinic, says, “After comparing costs between different deployment types, we were convinced that moving Proofpoint’s protection solution to the cloud would save us time and money, and that our resources would no longer be stretched.”

And at Community Memorial Health System (Ventura County, California), Proofpoint's entire suite of SaaS security and compliance solutions guards against inbound threats, ensures patient privacy and  archives email for 2000 mailboxes.

Explaining his organization chose Proofpoint, Thomas Kniss, CMHS's director of clinical information systems, noted that, “Proofpoint has a very impressive list of current healthcare customers, and it was important that our vendor have experience and a successful track record of providing security solutions to healthcare organizations. Proofpoint’s knowledge and capabilities of smart identifiers and HIPAA dictionaries was a key deciding factor as well.”

Another good resource for healthcare organizations is the Proofpoint whitepaper, HIPAA and Beyond: An Update on Healthcare Security Regulations for Email (click the link to register).



Archives

Blog Search

Email Security Gateways, 2012

Magic Quadrant

Tweets

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption