Selling Your Old Smartphone? Not Smart

It has become standard practice to upgrade to a newer device, and people often sell, donate, or discard the old one. Or maybe you’ve received a new computer or mobile phone as a holiday gift and need to get rid of the old one. You consider selling them so you can get some money back—maybe to purchase your newest device, but is this really worth it?

After what I’ve seen, I don’t think so. I conducted a test where I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on the devices. I found a startling amount of personal data including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we were safe if we did a factory reset on our mobile device, we also need to remember to remove or wipe any media like internal drives, SD cards, and anything else that stores data really should be destroyed. And for Android phones, even though some of the phones had done a factory reset, I was still able to find data on them. Furthermore, after having spent a few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

So whether you destroy your smartphone with a sledgehammer, use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist. Yes, this will not provide much help for resale value, but you’ll have some fun and know that your information is safe.

By Robert Siciliano

It’s A Small World After All

With approximately 50 million new small to medium businesses starting globally each year—which is more than 125,000 per day—is it any wonder why the SMB market continues to be the fastest growing market in the IT industry?

According to a recent SMB study, global IT spending by SMBs was up 15% year-over-year in Q1 2012. Combine this with the fact that most SMBs lack the IT staff to adequately protect themselves from today’s sophisticated cyber attacks and you start to understand why McAfee has strategically invested in protecting the SMB market with:

•     The industry’s broadest SMB security portfolio: we recently updated our dedicated SMB TSA, TSB and STP SaaS products with new features
•     Incentives to fuel SMB sales: we doubled our McAfee Rewards payout to partners offering $2 per node on our TSA, TSB and STP products
•     Training focused on going after the SMB market: we recently launched a new video-based partner enablement platform on the PARC called SMB TV
•     Marketing resources to drive SMB demand: in June we are re-launching SMARTmarketing, an e-commerce marketing portal that provides partners, quick and easy access to the right SMB marketing tools, resources and advice

 We aren’t talking about our plans to go after the SMB market, we are going after the SMB market and together with you, our partners, we are delivering results. Here are just a few Q1 2012 SMB highlights:

•     We surpassed the 2,000 SMB Specialized partners milestone
•     We saw a 45+% Q/Q increase in SMB deals registered
•     70% of our SMB registered deals were approved in less than 30-minutes
•     Our Partner Acceleration Resource Center (PARC) surpassed the 30,000 unique visitor milestone and more importantly 2/3 of the PARC visitors are returning
•     We more than doubled our McAfee Rewards per node payout on select SMB products, the result, partner claims on these products tripled Q/Q

The great thing about McAfee’s SMB go-to-market strategy is that it is 100% partner-led, which means if you don’t succeed we don’t succeed. So let us know how we are doing by commenting on this blog. And, if you are interested in learning more about becoming a McAfee partner to boost your SMB profitability go to: http://www.mcafeepartners.com/parc.nsf/html/SMB+Specialization+Program

By Lang Tibbils

How Do I Protect Myself When Using Wi-Fi?

Wi-Fi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, even airplanes.

Wi-Fi wasn’t born to be secure; it was born to be convenient. Wireless networks broadcast messages using radio and are therefore more susceptible to eavesdropping than wired networks.

Today, with criminal hackers as sophisticated as ever, if you are using an open unsecured network on your mobile device, you risk exposing your data. There are many ways for hackers to see who’s connected on a wireless connection, and to gain access to your information including passwords, emails, and all the data on your device.

To protect yourself and your data when using Wi-Fi, you should:

1.     Turn it off: the most secure Wi-Fi is one that is turned off. Disabling the Wi-Fi signal on your device prevents anyone from seeing your device and prevents your mobile from randomly connecting to just any available Wi-Fi.
2.     Limit your use of hotspots: When you’re away from your home or work network, use a 3G or 4G data connection instead since most mobile phone providers encrypt the traffic between cell towers and your device.
3.     Use a Wi-Fi connection is protected: Make sure you don’t see the message you are “connecting to an unsecured network.” You may also need a password or code to get access to the Wi-Fi connection.
4.     Use a VPN: a Virtual Private Network (VPN) is one set up with encryption to protect your data from unauthorized access. A VPN may be available through your workplace or at home. A quick search in your mobiles application store will quickly result in numerous free and paid apps to go online in a VPN.
5.     Only use https: Hypertext transfer Protocol (http) with Secure Sockets Layer (SSL, hence the S) is a more secure option set up by a website that knows security is essential. Look for https:// in the address bar signifying it’s a secure page. Even on an open unsecure wireless connection https is more secure.

If you do use public Wi-Fi, make sure not shop online or access your personal and financial sites. And remember to keep in mind that potentially anything you are doing online can be accessed by someone.



By Robert Siciliano

Get Your Arms Around Big Security Data

The more data you have, the more insight and knowledge you possess, right? But what happens when your data stores grow so large that securing and managing them effectively is no longer in the cards? A few extra gigabytes here and terabytes there, and before you know it, you’ve got a big security data problem. Every new security control that’s put in place to protect data adds administrative burden—increasing the security event data that must be monitored, logged, shared between security components, analyzed, and reported on.

Security information and event management (SIEM) systems were invented to help IT security teams within financial services companies, health care providers, defense contractors, and governments address the growing volumes of information security data. An onslaught of well-publicized data breaches followed by public outrage and a surge of regulatory mandates quickly made SIEM must-have technology.

The point product feeding binge

As corporate security officers scrambled to address these issues, virtualization bred even more data and applications that had to be secured and reported on. Companies added new security products—each bringing its own instrumentation and logging requirements. The volume of security data and real-time data streams grew exponentially until SIEM solutions bogged down. Some security teams started turning off SIEM data feeds in an effort to preserve performance. Unfortunately, each disabled data feed created another vulnerability and exposed the enterprise to greater risks.

Time for a big security data fitness plan

So how do you deal with big security data even as your business tightens its belt?

Today you need more relational information about the source, asset, user, and data to provide greater security context and situational awareness. You also need real-time correlation of this information with event flows—including scalable architecture that can keep pace with big security data’s growth.

Add Muscle, Lose Fat

Legacy SIEM solutions don’t have the power to handle big security data. Today, you need a SIEM that includes high-performance architecture to handle reams of security data and easily scales to handle future growth. In other words, you need McAfee Enterprise Security Manager (formerly NitroView). This SIEM powerhouse is specifically built for big security data with a powerful database, appliance options, and the processing power to quickly correlate billions of events and flows.

Boost Your SIEM IQ

The next generation of SIEMs must go beyond simple event analysis to share security intelligence among security components and quickly deliver actionable information. McAfee Enterprise Security Manager achieves this by immediately collecting and analyzing contextual information on events, users, and data, creating and sharing situational awareness among solution components.

    McAfee Global Threat Intelligence further strengthens dynamic threat visibility, providing around-the-clock reputation-based threat intelligence and sharing this insight through integration among solution components.
    McAfee Risk Advisor uses this shared information to help you quickly pinpoint attacks and implement countermeasures.

Achieve Balance and Agility
Big security data requires security tool integration and enterprise-wide visibility. Two-way integration with McAfee ePolicy Orchestrator (ePO) software extends visibility and control across your entire security and compliance environment.

Just like any fitness plan, SIEM requires effort and dedication. It gets easier over time and results become an excellent motivator.

By Eric Schou

The Big Picture: Taking a Holistic Approach to Email Security

Email is the most common form of communication in business today. Every IT manger and CIO knows they need to block spam and viruses from entering their network via email – a real no-brainer these days. We even have world-class products and services to remove unwanted email at a truly impressive catch rate of well over 99%. What really keeps those responsible for email security up at night however, spans far beyond spam.

The amount of data transferred via email is staggering. Many are surprised to hear that email traffic even outpaces web traffic in overall bandwidth consumption. What matters more than bandwidth consumption however, is the type of data sent around. Now that the business world has moved drastically away from paper, the confidential documents you once kept in a physical file cabinet are now living in an easily transferrable format on employee laptops. Without proper training, these files can be sent externally without any awareness of a policy violation. A simple typo in the recipient field can take your financial report from the office of the CEO to the office of your ex-coworker who now works for a competitor.

Protecting sensitive information from leaking to the public is essential to not only your business’s competitive edge, but also its financial health. In the UK, for example, the Information Commissioners Office has been issuing monetary penalties to companies that violate the Data Protection Act, including cases where sensitive personal data was mistakenly leaked. Similar laws across the globe are being implemented, and for good reason. There is simply too much data in every employee’s possession to not enforce protection. By taking proactive steps to set Data Loss Prevention policies within your Email Security, you can stay in legal compliance and not worry about accidental leakage of sensitive information from your organization via email.

Those in industries such as healthcare or legal services know that the information they transfer is almost always sensitive, and needs extra layers of protection. The ability to encrypt email throughout its entire path, from anywhere, whether you remember to or not, can be a lawsuit prevention tool in itself. In the event that any correspondence needs to be pulled for an unexpected eDiscovery request or audit, having your email archived in the cloud can save your business money and the headache of searching through physical storage for historical messages.

What if your email service simply fails? Cloud-based email security solutions can offer you lossless email continuity in the event of an outage so you absolutely never lose your ability check and send email. No business can afford to have their main communication channel compromised. Take a step back and consider your comprehensive email security needs with not just the IT department, but your entire organization’s stability in mind.

By Tim Roddy

Gift of Malware: Who’s to Blame?

I was talking to a healthcare organization recently that was in utter disappointment over their new CAT scan machine. When deployed, the machine was already infected with malware, and the bug spread to other systems in the organization. Pre-installed malware is never something you expect to deal with in a new machine, but it can and does happen – probably more than you think.

As more and more evidence points to the fact that every major U.S. organization has been the target of organized cyber crime, it begs the question: Who is involved in the manufacturing process, delivery and installation of these machines?  With so many parties involved – from the sub-components, to the building of specialized devices, software providers, integrators, and resellers – any one of them could have, even inadvertently, introduced the gift of malware.  We all try our best, but without a single point of contact, how do you really know that what you are about to plug into your network is healthy?

The obvious recommendation is to verify, scan for viruses, and validate the firmware, bios and software of any new system prior to giving it full rights to the environment. This step should always be done as a precaution to ensure that both intentional and unintentional deliveries of infected components are thwarted.  If you ever encounter malware, push hard on all parties involved in the manufacturing, delivery and installation of these systems, letting them know what your expectations are. At minimum, they are responsible for clean components, as well as their vendors’ actions.

In the end, it’s not just about protecting your environment. It’s about pushing for lasting change in how all parties involved perceive their roll in protection and security. For our part, McAfee is working with all industries and manufacturers on how advanced security technologies like Integrity Control and Deep Defender can provide trusted execution, helping to solve the issue of device and component security.

By Kim Singletary

3 Ways Mobile Devices Are Changing The eCommerce Landscape

Mobile devices and payment applications are quickly transforming the relationship between consumers and retailers. Building upon the multi-billion-dollar eCommerce industry, mobile commerce is expected to grow significantly in coming years.

But while mobile commerce technology has been available for over 10 years, most companies (online retailers especially) have only leveraged mobile as a complement to their online and paper catalogues. As more and more consumers look to their smart phones and tablets for all their purchases, retailers will need to fully embrace the changes these devices bring to the eCommerce landscape.

1. Mobile Shoppers are Powerful Shoppers

Mobile technology has given consumers the power to browse and purchase anytime, anywhere. While the advent of online commerce ushered in the era of shopping from the comfort of your home or office, the proliferation of mobile devices has brought a new toolbox to connected consumers.

Shoppers can now use mobile devices for onsite product comparisons at retail stores, letting them check reviews and prices before making a final decision. The convenience of mobile commerce has also translated to a market for direct mobile payment systems like NFC (near field communications), mobile wallets, and mobile apps. While the mobile payment landscape is still fairly new, mobile payment transactions are expected to exceed $170 billion by 2015.

2. Optimized Sites Are An Expectation, Not An Add-On

Despite driving a huge amount of revenue and traffic, only a small percentage of retailers have websites optimized for mobile shoppers. This is a critical blind spot, because even though your company may not have an official mobile strategy, consumers will still be browsing your website on mobile devices – and they will judge it accordingly.

Consumers expect intuitive, hassle-free browsing, and if your company doesn’t deliver, shoppers will move on to a retailer that can. Mobile sites are becoming a business necessity for eCommerce merchants, a trend that has led some eTailers to even bypass traditional website design in favor of mobile optimization.

3. Mobile Thieves Will Follow The Money

It is undeniable that mobile is having a huge impact on eCommerce, but the mobile landscape is still highly fragmented – opening the door to numerous security concerns. According to a recent MasterCard study, 53% of US adults surveyed said they were concerned about the security of their mobile transactions.

As more and more money is spent via mobile devices, the risk of data breaches and identity theft increases significantly. What’s worse is that most third party applications and mobile add-ons have not been thoroughly checked for security holes, which hackers can and do exploit to steal personal data. Another issue that arises is the high probability of a device being lost or stolen; unsecured mobile payment options could be very dangerous in the wrong hands.

Merchants should use PCI DSS compliance and website scanning services like the McAfee SECURE™ trustmark on their mobile sites, just as they use them on their traditional websites, to help protect their customer information.

The true impact of mobile devices on the eCommerce landscape is yet to be seen, but as the industry continues to grow, online retailers must pay attention. Organizations will need to adapt their business model to better serve customers, and a secure, optimized mobile site is key.

By Nancy Levin

Security? I call people for that – I need to focus on the business!

You have a million things on your plate and security is likely not at the top of the list.  Of course it’s important, but you can’t be an expert in everything and you need to focus on what matters most – growing the business.  That’s hard enough to do in this economy, but in an environment that is also rife with increasing security threats and compliance requirements is enough to make a business owner howl with frustration.  How much security is enough security to keep your business and your customers safe?  And how do you manage that security when you’re really much more interested in growing the business? 

 The fact is that cybercriminals are now focusing their attention on small and mid-sized businesses (SMBs) because they are typically easier targets than large, multinational corporations.  They know you don’t have time to deal with security, so they are betting you didn’t get that far down on your “to do” list.  Plus they are hoping you weren’t smart enough to call an expert consultant or partner to handle it for you.  SMBs become an easy target with valuable data because many of you deliver services and products to larger companies and governments, so it’s likely you have some of their data as well.

With the rapid growth of viruses, phishing scams, and high-profile data breaches you must take proactive steps to protect your business in order to stay ahead of the bad guys.  How much security you need depends on the size and nature of your business.  And how you manage it depends on whether you prefer to lease or buy, managing it on-premises with your own IT staff or outsourcing it to a service provider with IT expertise. 

Cloud-based security offerings are perfect for growing businesses.  By effectively “leasing” your security solutions from a service provider, you won’t ever pay for more than what you need, can scale your security needs as your business expands and seasonally contracts, can access world-class security in a cost-effective way, and can focus your internal resources where you want them – on driving new projects that grow your business.

From a hacker perspective, there are only two kinds of businesses – those that have been breached and those that are about to be.  If you’ve been breached or a victim of fraud, chances are you have rethought your assumptions about what security solutions to buy, and how to implement, maintain and manage them.  If you haven’t been a victim yet, now is your chance to be proactive and prevent it.

Your existing security requirement may be to sustain and/or enhance protection against malware, spyware, spam, and a myriad of other intrusions and vulnerabilities. Your business requirements however are focused on efficiency, performance, and seamless protection, with less time, effort and investment on your part.  You can get the best of both worlds with a cloud-based solution that can grow with your business and provide the security you need without the management headaches that often accompany a major IT project.  And if you want to try out some options, check out the 30-day free trials of McAfee’s Suites (from SaaS to on-premises suites covering email, Web, desktops, devices, and mobility) to protect your most valuable asset – your data.

By Martin Ward

Mobile Wallets—How I Make Mobile Payments Securely

Some say there will be a day when the wallet you carry in your pocket or purse will become obsolete. The plan is to eliminate all our credit cards, store cards, and IDs and use our mobile phones as our primary means of commerce and identification. The technology behind mobile wallet or mobile POS (point of sale) basically turns your smartphone into a smart debit or credit card. Soon you will be able to pay for almost anything via your mobile device.

When mobile wallets and mPOS become more common, thieves will certainly look for ways to empty them. For instance, it’s possible for attackers to use technologies that allow them to “eavesdrop” on your payments or steal and transmit your credentials by extending the range of the wireless signal. Your data may also be manipulated or corrupted by an attacker.

So how do I conduct safe mobile payments?

•     Pay attention to your credit card statements to check that you are paying for what you actually purchased.
•     Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read to app’s privacy policy on what data of yours it is accessing and sharing.
•     Don’t do any mobile transactions over unsecured Wi-Fi connection. It’s much more secure to use your mobile data network.
•     Keep your mobile software current. This includes the latest updates for your operating system, mobile browser and mobile security software like McAfee Mobile Security.

Using your phone to pay for things simply by tapping it or swiping it at a store’s checkout terminal may sound like a convenience of the future, but it’s already here and you need to be prepared for this.


By Robert Siciliano

Technology, Talent, Techniques: 3 Steps in Addressing Insider Threats

This week I found myself in Memphis, Tennessee. Home of great music and BBQ – as you can see from the photo below. But this trip was not all pork shoulder and blues bands. I was speaking at the United States Army Medical Command (MEDCOM) Information Assurance and HIPAA Summit. My talk was on data security and insider threats, the title of my presentation:  Evil Employees Hacking their Bosses.

Healthcare providers are a treasure trove of PII, up to and including credit card numbers, addresses, and social security numbers.  This information exists as structured and unstructured data at rest, in motion, and in use, which yields a scenario that is difficult to manage even without security in mind. Making information easily available to those that need it when they need it, while also ensuring those with nefarious intent or careless insiders are mitigated, is a challenging task. While specific technologies such as DLP, DAM, Context-aware SIEM, encryption, and identity management solutions do help, there is more to it.

Addressing insider threats requires a combination of technology, talent, and techniques. I’ve mentioned some of the technology above. In addition to this tech, any successful strategy must also integrate other security controls such as firewalls and IPS as secondary feeds, and most importantly, the solutions need to be connected so that data enriches network, network enriches endpoints, and so on. Only in this way can the yellow flags that make up suspicious insider activity be detected.

Still, technology isn’t the panacea. Beyond the tech, there is a need for talent and techniques. By talent I mean that an insider threat mitigation program must include more than just IT. Executive leadership, involvement from legal, HR, and other relevant groups is necessary. Programs driven entirely from IT generally fail. For techniques, processes must be well defined. Anonymous whistleblower solutions need to be in place. Low-tech methods such as whistleblower programs have proved to be beneficial year after year, and a definition of what is a terminable offense must be clear. And perhaps most importantly, the process of investigation and oversight, augmented by supporting IT details such as “who accessed what, when, and how, how much, from where, for how long, who else, what else” must be in place to allow more effective and efficient incident analysis and response.

When it comes to insider threat mitigation, nothing beats talent and techniques, but talent and techniques should be augmented by technology that can glean contextual information regarding users’ interactions with data.

By Brian Contos

Are Tablets Just As Vulnerable As Mobile Phones?

With unit sales of smartphones and tablets eclipsing those of desktop and notebook PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

McAfee Labs™ points out today’s tablets are more powerful than notebooks were just a few years ago. Although their lack of real keyboards makes them unsuitable for many tasks (editing texts, programming, and design), they are very suitable for browsing the Web, which today is a primary source of malware.

You do need to view tablet computers separately from mobile phones. Tablets mainly differ in the size of the screen, but they share the same software, operating systems, and processors so their security concerns are nearly identical. About the only difference is that some tablets can use USB devices, which increases the attack surface of such devices.

And because like our mobile phone, tablets tend to be portable and one of our most personal computing devices, you need to take steps to protect it. Many of the best practices you use on your computer can be transferred to your tablet.

To help ensure that your tablet is protected, you should:

•     Always password protect your device and set it to auto-lock after a certain period of time to increase your mobile security
•     Never leave your tablet unattended in a public place
•     Don’t click on links on emails and text messages from people you don’t know
•     Even if you know the company or person, use a browser to search for a link or use the company’s official app to navigate to the site
•     Always double-check the web address of a site when doing a search on your mobile phone.
•     If you use online banking and shopping sites, always log out and don’t select the “remember me” function
•     Before downloading a third-party app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information
•     Use comprehensive mobile security software like McAfee Mobile Security which include antivirus, anti-theft, web protection, privacy protection and call and text filtering. If you have multiple notebooks, netbooks, smartphone and tablets, McAfee All Access provides security for all your devices and helps keep all your stuff safe whenever and wherever you connect.

By Robert Siciliano

Child online? Keep your computer, Smartphone, PSP child-friendly.

That little brat whose sole pleasure used to be dragging toys as he/she followed you around the house has suddenly discovered an amazing world! The world of unlimited opportunities, games, learning, socializing and discovery-the world of magic, the world of Internet!

The internet-age kids are entering the cyber world at progressively younger ages. The level of internet proficiency that their parents might have achieved in their 20s is child’s play to kids by the time they reach their teens. Their fingers fly over the keyboards, they are expert at searching online for games and friends and they can prepare amazing projects with no help from adults at all! According to a survey commissioned by McAfee, 42% of the kids aged between 13-17 years spend 1-2 hours online in a day and what’s more startling is the fact that 64% of 9-12 yr olds are members of social networking sites. My blog on ‘Excerpts From A Panel Discussion: Are Indian Kids Safe Online?’, throws more light on this McAfee commissioned survey.

The Internet is a great learning place and the modern, competitive lifestyle demands that kids are conversant with the latest gadgets and technologies. But as parents we have some duty. First and foremost, we got to ensure that the kids are safe online and secondly that they know how to tackle problems, if any, that they face in the virtual world.

Keeping kids safe online is not a simple task-no way. It involves a three-pronged approach involving parental supervision, cyber safety training and use of advanced security software. This means (and understand this clearly) that just following one of the steps mentioned above is not enough.

Let’s deal with security software today:

•     Install the latest security software, and not just any anti-virus. Free anti-virus that you can download offers only basic protection to the PC
•     Ensure that parental controls are turned on. It’s really very simple and ensures web filtering
•     ALL Internet-enabled gadgets MUST have security software. For instance the McAfee Site Advisor helps in differentiating the authentic sites from the malicious ones

So how do you go about securing all your gadgets? You can install suitable security software on them individually, or, use a product like McAfee AllAccess that secures ALL your Internet-enabled products. This product is simply magical. It covers all your gadgets, even the Mac, and so saves you from the trouble of remembering to buy and install separate products for separate gadgets every time. The product offers all the features of advanced security software. Specifically, it also enables you to block sites, conduct safe searches and filter out unsuitable videos and songs from iTunes to prevent kids getting exposed to these accidentally. Doesn’t that take care of a big problem and takes a load off your mind? It does for me.

Installation is very easy. Once you purchase the product (it can be done online too), log in with the e-mail id you used to create your account and follow the prompts. Done! After that, you can set separate monitoring parameters for individual kids, based on their age and maturity level. They will have to access the net by logging in under their own names.

Your gadgets are now safe to be used by your kids. But remember, you must also talk to them about responsible surfing and net etiquette as well as monitor them when they go online.

Happy surfing folks!

By: Anindita Mishra

Using Big Data for Security Intelligence – Recognize Slithering in Cyberspace (Part 2)

In my previous post in this series, I looked at security considerations when enabling Big Data for your business. In collecting, accessing and providing parallel analytics across multiple data sets, you may be inadvertently opening the door to malware or a ‘snake in the grass’. It’s possible that the data you are correlating is something quite attractive to both cybercriminals and old-fashioned criminals, because it could be another way to gather intelligence for their cause or criminal crusade.

McAfee relentlessly provides Global Threat Intelligence (GTI) that our customers leverage to keep up-to-date and automatically block suspicious behavior and connections. This constant service is accomplished by using Big Data to uncover those who may be slithering in cyberspace and up to no good. Even before McAfee obtains a malware file, McAfee Labs has most likely already rated the reputation of its associated files or connections as suspicious. What really makes GTI successful are the highly specialized security professionals working around the clock and around the world, sifting through enormous volumes of data.

On average, the sampling of GTI data includes:

•     75 Billion Malware Reputation Queries/Month
•     20 Billion Email Reputation Queries/Month
•     2 Billion IP Population Queries/Month
•     300 Million IPS Attacks/Month
•     100 Million IP Port Reputation Queries/Month

With over 100 million queries a month, there’s a good chance that we will start to identify questionable behavior and connections. In my next entry, I’ll look at how IT can start to manage and create their own security intelligence with similar techniques – leveraging GTI to gain unique visibility into their own IT infrastructure and business threats.

By Kim Singletary

Why Integrity Matters: A Silicon to Software Model to Accelerate Cloud Computing

The advantages of cloud computing – new levels of cost efficiency, rapid deployment and self-service are much talked about. Yet, while cloud computing remains a top executive priority, security factors are inhibiting broadscale adoption. Very recent Intel Peer Research on cloud computing “What’s Holding Back the Cloud” revealed that 56% of IT professionals are concerned about the inability of public cloud providers to measure security, and 61% indicate lack of visibility as a key concern for private cloud adoption.

What would it take to change that?  In that same research, 50% of IT professionals indicate that their confidence in public cloud would be  enhanced if they could set and enforce security policies across clouds, and 78% would be reassured through the ability to measure levels of security in real time.

This calls for a tectonic shift in the way that enterprises and service providers alike think about security, because old tools and practices are not suitable or efficient for the new cloud architectures. Virtualization, which underpins cloud and drives efficiency gains through shared hardware, removes the previous boundaries that provided strong physical isolation between workloads. Multiple lines of businesses or organizations can  share the same hardware, and virtual machines can be increasingly decoupled from server hardware for greater flexibility. But through this process, IT increasingly loses physical control and the ability to monitor workloads and data.

Intel and McAfee are partnering on a vision that delivers visibility and control from the hardware level through the security stack and across the client-to cloud communication chain. In this model, integrity measures provide real-time assurances of security, e.g.,  system is free of vulnerabilities and has not been tampered with. The integrity assessments are at multiple enforcement points to establish confidence in private and public cloud infrastructure and ultimately, a hybrid model which most organizations seek to adopt.  Cloud service providers and enterprises alike would benefit from this model, which proposes consistent  standards and interoperability as well as third party digital certificates and  strong collaboration with the industry ecosystem.

Even today, organizations  can leverage capabilities such as McAfee Cloud Secure to certify  that the sites that host or manage their data are free of vulnerabilities.  Using Intel Trusted Execution Technology (Intel TXT),  enterprises can verify that the server hardware is of a known good security state and can enforce a connection or resource allocation based on that state. Technologies such as McAfee  Application Control and Change Control buttressed with cloud-based Global Threat Intelligence deliver proactive security monitoring at the operating system, application and file level without the performance hit of conventional security technologies.  McAfee ePolicy Orchestrator  provides the backbone for consistent policy management bridging policy between an enterprise data center and clouds. And, with ePO’s open APIs, innovative integrators can take the Intel and McAfee building blocks  to build a custom end-to-end integrity model.

Over time, Intel and McAfee will explore capabilities to use silicon enhancements for stronger  integrity assessments and for enforcing controls based on the protection profiles of server hosts, virtual machines and endpoints, for which McAfee Deep Defender is a strong proof point.

This integrity model should help accelerate stronger cloud-specific security standards as well as third party certification programs that the industry is already moving towards.

For more information on this topic, be sure to read the full “What’s Holding Back the Cloud” report, and follow us on Twitter at @McAfeeBusiness for the latest on how McAfee and Intel are looking to enhance end-to-end cloud security.

By Greg Brown

Mobile and Phishing – Why It’s More Dangerous

Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.

For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords.  It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.

For instance, because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.

Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real. Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.

If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.

To protect yourself from a mobile phishing scam, you should:

•     Don’t click on any links from people or companies you don’t know
•     Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate .
•     Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.
•     Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app.
•     Use a comprehensive mobile security product such as McAfee® Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.

The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages or otherwise responding to such ruses.

By Robert Siciliano

What Are The Risks Of Mobile Spam?

Spammers send unwanted emails or texts that are both annoying and frightening. Most spam messages are useless advertisements selling stuff you don’t need or want.

In 1995, 8,069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands. By 2010, 54 million unique pieces of malware were detected and more than 90% of all email was spam.

SMS spam (or spam via texting) is so prevalent today because those sending it are often scammers using robocall techniques that sequentially dial numbers in any area code and extension. An online search for “mass sms software” turns up plenty of free and low-fee programs that facilitate mass texting.

Also, when you enter your mobile number on a website you might end up clicking a terms of service agreement where you allow the company to send you text advertisements. And entering your information on a mobile app is no different. If you are not careful, you could unknowingly be opening yourself up to spam from the app and any third parties they work with.

While spam is mostly annoying, it can also pose some risks to you. You could even be tricked into paying for products and services that turn out to be illegitimate or nonexistent. Spam can also be used to distribute Trojans, spyware, and exploit code that can infect your mobile device or steal your information.

To protect yourself from SMS spam, you should:

•      Unsubscribe to unwanted text messages – Try to reduce the amount of marketing lists that have your mobile number, If you haven’t signed up to receive text messages from an organization and don’t recognize the sender, don’t open the text or unsubscribe from the list, since this lets the spammer know that your phone is active. The best thing to do is just delete the message.
•     Protect your mobile phone number – Don’t give your mobile number to companies or people you don’t know. And, if you do need to give out your mobile number, make sure you should understand the company’s privacy policy to see if your information is being shared with any third parties.
•     Use great caution when opening attachments - Never open unsolicited business emails, or attachments that you’re not expecting—even from people you know.
•     Watch out for phishing scams. Don’t click on links in text messages. Instead, open your mobile browser and visit the site directly.
•     Do not reply to spam. Never send your credit card information, Social Security number, and other private information via email or instant message.
•     Watch your permissions – Make sure you know what information your apps have access to as you may be allowing them to send you text messages by just downloading the app. Read the reviews and privacy policy for the app.

Taking the time to practice some simple steps will help protect you against the risks of spam.


By Robert Siciliano

Love a Little Online Shopping? How’s Your Privacy Awareness?

I am a sucker for online shopping and my current obsession is with books. When you have Fishpond, Book Depository and Borders offering free delivery in addition to highly reduced prices, well – it’s a marriage made in heaven!

Now, every time I find a new shopping site, I have to register my details. And as I was entering my name into another site last night, it made me think about how many sites have my personal details.

This week is Privacy Awareness Week and what a great opportunity to ‘take-stock’ of how you are managing your privacy, particularly online.

When it comes to privacy, I think most of us feel we have it sorted. We ignore friend requests from strangers on Facebook and we have an array of clever passwords. So, why bother worrying much more about privacy. It’s all good, right?

Unfortunately – it isn’t quite that simple. Managing your privacy, particularly online, requires a little more work to make sure you are safe and protected from possible identity theft.

Here are a few quick tips that will help get your privacy sorted.

•     Make sure your passwords have at least 10 characters and use a combination of letters, numbers and symbols. Change them regularly and try not to use the same one across all your devices.
•     PLEASE refrain from visiting banking or credit card sites when using an unsecured wireless connection.
•     Beware of professional looking pop ups that may appear on your screen telling you to download software. These downloads may contain malware (aka nasty software) which could give you a virus or worst case, send your private information back to a cybercriminal!
•     I know everyone loves to ‘Check In’ on various social media applications but remember it can be risky. Not only may you be alerting the world to the fact your house is vacant but you are providing your location to any unwanted followers. Go retrospective! Consider doing the location based post after you’ve left that location.
•     Invest in a comprehensive security package that provides safe searching technology to steer you away from fake websites that try and collect your information.

If you have a spare moment, why not check out the Identity Theft tool (ID Theft) on the Privacy Awareness website and test yourself about how aware you are regarding the risk of ID theft. But make sure you study the tips above first – it might help you improve your score!

Till next time,

Alex

By Cybermum Australia

Security Considerations in Enabling Big Data – Snake in the Grass (Part 1)

Big Data holds a lot of promise – from the potential to change business models to the ability to rapidly refine services and goods that traditionally took years of industry speculation. But the utilization of Big Data isn’t just about mining data within your organization. It’s also about tying it to larger data stores and services. It’s about enhancing data at the point of transaction, through social media interactions, and through multiple other sources.  From a security perspective, I believe more connections must be allowed to flow into the organization. Field devices must feed in near real time to centralized data repositories, and analysts need access to it all.

The US government has also taken notice of Big Data’s big potential. The Obama Administration recently unveiled a Big Data Research and Development Initiative, which will see at least six government agencies making a large investment with the goal of “greatly improving the tools and techniques needed to access, organize and glean discoveries from huge volumes of digital data”. It takes experience to leverage this kind of analysis. For example, it’s the kind of activity that enables retailers like Target to determine the likelihood that any one shopper might be pregnant, simply by analyzing the purchasing trends of individuals through predictive analytics. Data has always been used to help hone in on business prospects and opportunities, but now this same phenomena is stretching beyond sales and marketing. Many other industries are looking at how they too can leverage larger and larger data sets.

Both the financial and large retail markets have experience in the data dilemma, but most have focused on their own data collected over time.  The Red Flags rule prompted earlier detection of identity fraud for financial institutions, while retailers continue to capture sensitive customer information by luring them with special offers and loyalty programs. Last years’ Epsilon email breach, which disclosed the email addresses and affiliated relationships with the marketing programs of several retailers and banking institutions, caused real concerns about targeted spear-phishing attacks that use this sensitive information. It’s not only businesses looking to profit from this analytic data, but also cybercriminals.

As more and more industries utilize their own data, they’re also expanding out, leveraging other sources to gain richer business insight. Whether the objective is to drive dynamic business decision, get in touch with customers, or predict situations to mitigate risk, there are bad guys out there that may want unauthorized access. Even though you may just be starting the process of gleaning information from big data, or as I like to think of it, ‘finding the needle in the haystack’, please consider the security and privacy issues. Businesses and organizations need to put the right security controls and monitoring in place to make Big Data successful – and not a liability.

For more information on the benefits and risks associated with Big Data, stay tuned here in the blog for Part 2 of this series, and be sure to follow us on Twitter at @McAfeeBusiness.

By Kim Singletary

When Business Leaders Own Their Information

The subject of this post came to me in a rather convoluted manner.

As I began to work more with organizations who are trying to achieve broad analytical proficiency, I started to notice something that at first appeared both unusual and unsettling.

One or more business leaders in the organization would begin to lay strong claims to "owning" their information. 

They were prepared to invest their cycles and resources towards acquiring more and improving the value of what they already had available.  They could be persuaded to share -- depending on circumstances.

While these leaders were moderately polite to others in the organization who were doing the same, they didn't want to be dependent on other groups (including, to a certain extent IT) as they went forward with their information ownership goals.

As I started to see more of this -- including in my own company -- I had to stop and think: is this a good thing, or a bad thing?

And I've come to the conclusion: it's a very good thing indeed.  It's precisely the right behavior, and should be encouraged.

Welcome To Your New Role, Business Leader!

If you've ever taken over a moderately-sized organization, you spend you first few months assessing your situation. 

If you're smart, you'll do an initial round with external stakeholders -- people who interact with (and often depend on) what your organization does.  You do this first, because you don't want to be tainted by internal perspectives from within.

Your second round is usually with your people: who are they, what are they good at, where are their problem areas, etc.  All good organizations are built on good people, so you'll quickly want to get a handle on that one.

Your third round is with the finance people: where does the money come from, and where does it go?  Without budget and resources, it'll be very hard indeed to get anything done.

And you'll want to see boatloads of data: measurement after measurement about what your group is doing, how effective it is, areas for improvement, etc.  The more data, the better.

People.  Money.  Information.

It's the three raw ingredients every business leader needs to be effective.

These same people know they have to spend a lot of time and effort to get the best people, and invest in them so their employees perform the best.  They also have spend a lot of time to understand the balance sheet and money flows, and places where even more efficiencies can be wrung out -- or new sources of potential funding.

Viewed this way, is it any surprise that strong leaders are starting to make big investments in "their" information bases?  More data, better data, improved insights from existing data, and so on? 

At EMC, we encourage our leaders to "own" their customer relationships, "own" the composition and improvement of their workforces, "own" their budgets and P+Ls and so on.

Why wouldn't we encourage them to "own" their information?

Going Farther With The Analogy

At my company, you've got great resources to help you with parts of this, but it depends on the relative importance of your function.  If you're sort of an entry-level or mid-level manager, you've got a finance and HR team member that's their to help you occasionally, mostly consumed through standard service interfaces.  They're easy to find, and easy to consume.

As you move up, you start to get more one-on-one support from people who are more senior.  If you're starting to enter the executive ranks, you might even get a small dedicated finance and/or HR team to help you.

You're expected to own the development and management of your people.  Here's your resources to help you do that.

You're expected to own the management of your finances.  Here's your resources to help you do that as well.

If you're expected to own the acquisition, improvement and leverage of your information base -- what kind of resources do you need for that?

Enter The Proverbial Business Analyst

If we go looking, we'll often find various business analysts helping out the business leader with this role.  When I meet these people, they've often get a sense of the importance of what they do for the organizations they serve, but it isn't before long that they tell you their job isn't easy.

Information sources are hard to get to.
Computing resources are hard to get to.
Specific tools to make the job easier are hard to get to.

The HR people usually don't have that problem: they've got the data and tools they need.  The finance people usually don't have that problem: they've got the data and tools they
need.  The same can generally be said for the traditional "line" functions: production, distribution, support, etc.

Why do I meet so many business analysts that are chronically "underserved" in their growingly important roles? 

Why are things the way they are?

Where Are We Coming From?

If we go back a few decades, it was IS (information services) and not IT (information technology). 

Computers were big, expensive, complicated and (relatively) difficult to use.  You needed trained specialists who understood data formats, query languages and indexing methods. 

It made sense to put many of these people in the same organization that ran the computers, and these same people usually reported to finance, since that was the first significant application of computing in most organizations. 

So we certainly can consider historical precedent as a relevant factor.

But, in today's modern world, just about everyone has to be proficient at using information: not just IT folks, and not just for financial reporting.

Then there's the security and risk factor. 

One of the traditional roles that falls to IT is protecting valuable corporate information, and keeping people from hurting themselves or others with that same information.  They take this role very seriously, as they should.  You can see them visibly shudder when I start talking about making information easier to find and easier to consume.  And, yes, I'm sure there are plenty of anecdotes to fuel this point of view.

But, in today's modern world, we all have to learn how to use information responsibly just like we deal with money responsibly, and deal with people responsibly, and so on.  It's part of the modern skill portfolio in the corporate world.

There's also a serious concern on data quality and data integration.  Many IT professionals know what's in those data sources -- and just how dirty/corrupt/inaccurate/deteriorated that data might be.  They don't consider it fit for business consumption, and want to spend the time/effort/money/resources to improve the situation dramatically prior to handing it over to a business user.  Certainly an understandable viewpoint.

But, in today's modern world, we're all getting pretty comfortable with using what data we've got access to, regardless of quality, source, incompleteness, etc.  It's the world we live in.

What Happens When The Perspective Shifts?

So, perhaps we're coming from one world where (for the most part) IT "owns" corporate information, and quickly moving towards a world where multiple business leaders have strong incentive to "own" the information that's relevant to their world.

Rather than tell me what data I can and can't have, I'd like to be able to figure out what's potentially available -- and what I have to do to get it.

Rather than sanitize, cleanse and standardize corporate data, give it to me in the form it was captured, along with a manifesto that tells me what I need to know.

Rather than assume I'll be using information in a wrong or damaging way, why not educate me and my people on how to avoid problems and challenges?

Rather than make me define and commit to what I'm going to need in 3,6 or 12 months and wait -- why not have services I can easily consume as my needs change and evolve?

I'll want to choose my tools.  I'll want to manage my own views of data.  And I'll need help from time to time.

As a business leader, I'm just trying to get me and my people very proficient with the data I care about.  Just like I'm trying to get proficient with improving my workforce, improving my use of money, and so on? 

Why are you making it so hard? 
Why aren't you helping me?

I work with a great HR organization here at EMC.  They empower me and my co-workers to be really good at managing and developing people.  It's our responsibility, not theirs.

I also work with a great finance organization as well.  They empower my and my co-workers to be really good at managing budgets and money.  It's our responsibility, not theirs.

I'm very much looking forward to the efforts our IT team is making making to help make me proficient with information.  I can see that the goal is to empower me and my co-workers to be really good at extracting value from information, and hopefully not making too many mistakes. 

Ultimately, it's our responsibility, and not theirs.

Observation #1

I had a great call with a customer yesterday around their desire to offer analytics-as-a-service to the rest of their business partners.  Some of his business users are already extremely proficient, but many more are coming on quickly. 

We ended up talking maybe 5% around technology, and about 95% around how to organize for success: what people, what functions, where they should be located (IT or business), what they should do themselves, what they might want to give to a partner or vendor or consultant, and so on.

I don't think that was what he was expecting, but he said it was much more interesting and relevant rather than talking about ETL load speeds :)

Observation #2

Sunday night, I'm jumping on a plane to go spend two days with a very large and very progressive health care provider. 

On the first day, they're going to have us and a small group of other vendor/partners in the room -- some of them our competitors -- and they're going to go wayyyy deep into their business, their organization, their challenges, and so on.  8 hours of it. 

Frankly, I think it's going to be pretty cool indeed.

Based on the pre-brief, I'm predicting it's going to boil down to information, organization and money.  The technology is already there: are they organized to use it effectively to change what they do and leap into the next decade?  I'm wondering if my suspicions will be validated.

The second day, we -- as a vendor -- get about two hours to feed back on what we heard, and offer some suggestions and thoughts.  Sure, we'll be looking for a few areas where we can specifically help them, but we certainly won't be able to solve all their problems for them -- nor should we ever try. 

And I'm certainly not going to the typical CTO thing and gush on around the amazing potential of newer technology.  I think they get that.  We all do, thanks.

The hard part will be empowering functional businesses to get very good at exploiting information.

And -- as I sit here -- I bet I'm going to have lots of those conversations in the next few years.


By Chuck Hollis

In Praise Of The Business Process Owner

Take a closer look at any successful organization, and you can quickly spot a half-dozen or more key business processes that really matter. 

Sales and marketing.  Customer satisfaction and quality.  New products and offers.  Global logistics. 

The specific process names might vary, but the patterns never do. 

And if you're a progressive IT leader looking for new opportunities to introduce change into the landscape, I'm going to argue that the people leading these initiatives are your new best friends.

Why?

As we contemplate IT transformation in all its forms -- cloud, big data, trust, mobility, etc. -- the new business process owner is turning out to be the key actor in driving meaningful and substantive change. 

While many IT groups are arguably heroes for what they've accomplished, when I go digging deeper, I often discover that their stories wouldn't exist unless a key leader (usually a business process owner) is willing to sponsor -- and drive --  meaningful change in how IT is used.

For those of us who are passionate about IT transformation, our ability to identify and rally around these new business process owners is proving to be an essential skill indeed.

Functional Leaders Vs. Cross-Functional Business Process Owners

It might be easy to fall into what I've started to call the "organizational leadership trap".  You look at the org chart, and you see the familiar heads of state: head of sales, head of marketing, head of engineering, head of customer services, head of finance, manufacturing, HR et. al.

While each of these functional leaders are clearly important -- and most likely have many self-contained business processes that they'd like to get better at -- that's not where the real corporate prize lies.

No, I've found that the really meaningful business processes -- and the ones most likely to initiate substantial change -- are the ones that involve process integration across two or more functional silos. 

And they can be everywhere when you go looking for them.

Sales, for example, must rely on manufacturing, marketing, customer service and finance.  Product engineering depends on sales, marketing and customer service.  Customer service and quality depends on all other disciplines, and so on.  No organization is an island, when it comes to new business processes that really move the needle.

When the organization takes this view, a familiar pattern emerges.  Executive leadership states the case as to why cross-functional business process X is now much more important than it used to be. 

A senior leader is appointed to own the process reengineering on behalf of the entire organization.  A cross-functional team is then assembled with empowered stakeholders from all involved disciplines. 

And, if conditions are right, forward progress is made on things that really matter.

Look inside any well-managed, dynamic organization and you'll likely find several of these cross-functional business process reengineering teams at different lifecycle stages -- some just forming, some well along, others who are declaring victory (or sometimes defeat) and moving on. 

Much like a gravity well will draw in any nearby matter, these process teams are "change wells" -- they can draw in new ideas and new ways of thinking about things.  And for progressive IT leaders looking to accelerate change in their own organizations, they're turning out to be an extremely important class of internal customer.

What's The IT Connection?

At a conceptual level, it's not that difficult to appreciate: new, important cross-functional business processes will inevitably require information to be used in new ways: captured, processed and consumed. 

There's usually not much legacy in place that has to be migrated forward. 

Very often, there's a well-established business case as to why the new investment is required -- conveniently constructed and advocated by the cross-functional business process team.

And, of course, there's usually a strong motivation by all involved to strongly consider new ways of doing things vs. simply perpetuating established tradition.

Think new applications, new tools, new delivery methods, new consumption platforms -- with a strong bias towards speed and agility.  Put differently, well-developed cross-functional business initiatives are turning out to be excellent anchor tenants for newer forms of IT service delivery.

Examples Are Everywhere ... If You Know Where To Look

Want to change the way you design and develop new products?  You're probably talking new forms of collaboration as well as self-service IT environments for key knowledge workers.

Want to change the way you reach and engage your customers?  There's probably mobility and social involved, not to mention new platforms that produce content and measure how they're being consumed.

Want to take quality and customer satisfaction to a whole new level?  It's hard for me to imagine anyone getting good at that without a pronounced investment in making analytical data easier to experiment with.

Note that these are popular examples of cross-functional business processes that stakeholders get very excited about.  Note that these process leaders are frequently being groomed for additional executive responsibilities.  Also please note that each of these (as well as other examples) frequently involve a healthy dose of new IT thinking and capabilities. 

The Organizational Change Management View

So many IT leaders I meet these days are deadly serious on re-tooling their organizations to look more like competitive service providers, and less like traditional IT shops. 

But there's only so much they can do on the supply side before they must partner closely with individual business stakeholders who are demanding better answers to business problems.

Six months ago, I didn't have a good framework around exactly *who* you might want to target on the business side -- but now I have one. 

When I go looking using this filter, I can often find multiple examples of aggressive business leaders who are very passionate about doing things in new ways, especially in those organizations that are thriving in particularly competitive environments (like EMC!).

Change agents can help each other in powerful ways. 

Especially when the partnership spans the all-too-familiar IT-business divide.

By Chuck Hollis

Social Networking and the Security Inflection Point

“A Strategic Inflection Point is that which causes you to make a fundamental change in business strategy. Nothing less is sufficient.”

 This quote came from Andy Grove, Intel Co-founder and former CEO.  And, while he said this at an annual meeting in 1998, his philopsophy is timeless.  In my opinion, social networking is at the crux of this inflection point.  Enterprises recognize that they must begin to embrace social networking – with its extraordinary potential– but doing so has its own set of challenges.

 The Gen-Ys entering the workforce have been raised in an instant communication digital age. For them, social media is how they communicate now and how they expect to communicate in the future as business professionals. Corporations that have strict security policies tell me that their ability to hire fresh talent is difficult because they are competing with companies that have a more “open” social media policy. 

 On the flip side, many corporations are leveraging full-blown social media strategies to reach out to their customers. On my own personal Facebook account, I’ve “friended” a number of artists, as well as local and global companies I admire, and it’s evident that it’s one of the most cost effective means of communicating directly with a captive audience. So, doesn’t it seem ironic that the same companies that are using this medium to market their products are the same ones that are locking down their employees’ access to it?

 But let’s be fair.  The businesses that are limiting access to sites like Facebook, Twitter, and Linkedin are simply worried that too much information sharing will result in lost productivity, data leaks, and sometimes a diluted culture. But, even more concerning to IT security people is that the sites most visited by employees are malware magnets that have been exploited by hackers — stealing identities, distributing viruses, and sending spam.  And, the security risks are only getting worse. 

 So where’s the balance?  How do we inject fundamental change into a social fabric that has such strong fibers? I believe the solution is to allow corporations to embrace social media, while providing them with technology that allows them to monitor, or limit, its use. These technologies can also be leveraged to ensure that corporate sensitive information does not inadvertently (or purposefully) leak onto these open platforms.  The McAfee Cloud Security Platform is an option that integrates modules capable of protecting against the worst social networking has to offer, and may be the only way to make today’s security strategic inflection point a positive one.

 McAfee launched this platform last year to protect data to and from the cloud through the major traffic channels: Web, Email and Authentication/Identity – including social media platforms. We’ve continued to innovate and enhance the products included in this platform to secure businesses from growing online threats.  I encourage you to learn more about how the McAfee Cloud Security Platform can help you and your business be protected while allowing social networking to thrive.

By Pat Calhoun

Free Mobile Apps = Drained Battery

Go though your smarphone right now. Look at each app and seriously consider whether you need it. If not, delete it. Then, determine which of the free apps are worth upgrading to the paid versions, since free apps that contain advertising that puts an additional drain on your battery.

Using a special energy-profiling tool, researchers from Microsoft and Purdue University found that when a mobile is run over a 3G connection, Android and Windows Mobile apps operating third-party ad services dedicate up to 75% of their power requirements to ads rather than game play.

Applications often communicate with their sources, transferring data back and forth between your mobile phone and the app’s home server. This information could be about you, gleaned from your mobile use, or it could be new advertising. The most effective way to deal with this is to either delete the app, or in some cases you are given an option to prevent it from running in the background.

But don’t stop there. There are numerous other battery drains affecting your smartphone. To preserve battery life:

•     Set your phone to lock automatically after being idle for one minute
•     Disable Wi-Fi and Bluetooth when they are not in use
•     Disable all unnecessary notifications
•     Disable any unused location services

It’s also a good idea to get yourself set up with extra chargers for your car, travel bag, and various rooms of your home. I like getting a mix of extra long and very short cables for different applications. They can often be found inexpensively on eBay.

By Robert Siciliano